Hi, thank you for the quick reply.
HIJACKLOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:37:49 PM, on 8/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Internet Explorer\niwoni22011.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgPSWX.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customi ... com/ext/se
arch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -
C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update
Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [niwoni] C:\Program Files\Internet Explorer\niwoni22011.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
-quiet
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} -
C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program
Files\Yahoo!\Common\Yinsthelper2007261.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v ... te.cab?110
8629057328
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} -
http://a19.g.akamai.net/7/19/7125/1452/ ... brkpie.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) -
https://media.pineconeresearch.com/Acti ... ontrol.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program
Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program
Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program
Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. -
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
--
End of file - 9024 bytes
WINPFIND3 LOG:
WinPFind3 logfile created on: 8/28/2007 7:41:06 PM
WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Lorna\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
502.07 Mb Total Physical Memory | 188.66 Mb Available Physical Memory | 37.58% Memory free
1.20 Gb Paging File | 0.94 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.62 Gb Total Space | 20.98 Gb Free Space | 29.30% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Computer Name: LORNADAVID
Current User Name: Lorna
Logged in as Administrator.
Current Boot Mode: Normal
[Processes - Non-Microsoft Only]
cavrid.exe -> %ProgramFiles%\Yahoo!\Antivirus\CAVRid.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 185456 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
cavtray.exe -> %ProgramFiles%\Yahoo!\Antivirus\CAVTray.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 230512 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
dkservice.exe -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 8.0.478.0 | Size = 327792 bytes | Modified Date = 1/6/2004 11:47:06 AM | Attr = ]
dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 1:06:00 AM | Attr = R ]
dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 11:09:36 AM | Attr = ]
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 57344 bytes | Modified Date = 10/12/2004 3:54:30 PM | Attr = ]
ezprint.exe -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 8/1/2005 5:05:04 AM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 2:46:34 PM | Attr = ]
igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 2:50:30 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 501312 bytes | Modified Date = 6/1/2007 4:51:22 PM | Attr = ]
isafe.exe -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 259184 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 257088 bytes | Modified Date = 6/1/2007 4:51:26 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 11/19/2003 4:48:14 PM | Attr = ]
lxcgcoms.exe -> %System32%\lxcgcoms.exe -> [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 7/25/2005 12:25:18 PM | Attr = ]
lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 7/20/2005 11:07:22 PM | Attr = ]
lxcgpswx.exe -> %System32%\SPOOL\DRIVERS\W32X86\3\lxcgpswx.exe -> [Ver = 1.2.26.35 | Size = 176128 bytes | Modified Date = 7/29/2005 11:38:38 AM | Attr = ]
mmtask.exe -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 9/14/2004 7:50:48 AM | Attr = ]
niwoni22011.exe -> %ProgramFiles%\Internet Explorer\niwoni22011.exe -> [Ver = | Size = 163840 bytes | Modified Date = 8/7/2007 1:30:02 PM | Attr = ]
qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 7/16/2006 1:21:48 PM | Attr = ]
tfswctrl.exe -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 8/13/2004 12:05:00 AM | Attr = ]
vetmsg.exe -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 201840 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
wincinemamgr.exe -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = 1.8.2 | Size = 212992 bytes | Modified Date = 6/4/2004 8:54:00 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 6/23/2007 3:15:54 PM | Attr = ]
ycommon.exe -> %ProgramFiles%\Yahoo!\browser\ycommon.exe -> Yahoo!, Inc. [Ver = 2006, 3, 2, 1 | Size = 200704 bytes | Modified Date = 3/3/2006 1:18:10 PM | Attr = ]
ymsgr_tray.exe -> %ProgramFiles%\Yahoo!\Messenger\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103928 bytes | Modified Date = 3/1/2007 6:11:28 PM | Attr = ]
yop.exe -> %ProgramFiles%\Yahoo!\YOP\yop.exe -> Yahoo! Inc. [Ver = 2006, 7, 20, 1 | Size = 407032 bytes | Modified Date = 7/21/2006 10:43:10 AM | Attr = ]
[Win32 Services - Non-Microsoft Only]
(CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 259184 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
(Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Executive Software\Diskeeper\DkService.exe -> Executive Software International, Inc. [Ver = 8.0.478.0 | Size = 327792 bytes | Modified Date = 1/6/2004 11:47:06 AM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\DMADMIN.EXE -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 3:47:46 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 501312 bytes | Modified Date = 6/1/2007 4:51:22 PM | Attr = ]
(lxcg_device) lxcg_device [Win32_Own | On_Demand | Running] -> %System32%\lxcgcoms.exe -> [Ver = 1.154.19.0 | Size = 491520 bytes | Modified Date = 7/25/2005 12:25:18 PM | Attr = ]
(NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.6.3.0 | Size = 143360 bytes | Modified Date = 12/17/2003 12:59:48 PM | Attr = ]
(VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 201840 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
(YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %System32%\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 4:07:38 PM | Attr = ]
[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found
(aeaudio) aeaudio [Kernel | On_Demand | Running] -> %System32%\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 12:15:00 PM | Attr = ]
(AliIde) AliIde [Kernel | Boot | Running] -> %System32%\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 12:51:56 PM | Attr = ]
(amdagp) AMD AGP Bus Filter Driver [Kernel | Boot | Running] -> %System32%\DRIVERS\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 10:07:44 PM | Attr = ]
(asc) asc [Kernel | Boot | Running] -> %System32%\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 12:52:00 PM | Attr = ]
(asc3550) asc3550 [Kernel | Boot | Running] -> %System32%\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 12:51:58 PM | Attr = ]
(Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found
(bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> -> File not found
(Changer) Changer [Kernel | System | Stopped] -> -> File not found
(CmdIde) CmdIde [Kernel | Boot | Running] -> %System32%\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 12:51:54 PM | Attr = ]
(dac2w2k) dac2w2k [Kernel | Boot | Running] -> %System32%\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 12:52:16 PM | Attr = ]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMBOOT.SYS -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMIO.SYS -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %System32%\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> %System32%\DRIVERS\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.94a | Size = 87136 bytes | Modified Date = 8/4/2004 2:21:00 AM | Attr = ]
(drvnddm) drvnddm [File_System | Auto | Running] -> %System32%\DRIVERS\drvnddm.sys -> Sonic Solutions [Ver = 2.56.46a | Size = 40544 bytes | Modified Date = 8/13/2004 1:56:00 AM | Attr = ]
(DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> Gteko Ltd. [Ver = 2, 0, 0, 30 | Size = 4736 bytes | Modified Date = 10/5/2006 4:07:28 PM | Attr = ]
(dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %System32%\DRIVERS\dsunidrv.sys -> Gteko Ltd. [Ver = 1, 0, 0, 12 | Size = 5376 bytes | Modified Date = 2/25/2007 12:10:48 PM | Attr = S]
(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\e100b325.sys -> Intel Corporation [Ver = 8.0.21.0 built by: WinDDK | Size = 162816 bytes | Modified Date = 6/13/2005 12:58:04 PM | Attr = ]
(GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %System32%\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr = ]
(HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 212224 bytes | Modified Date = 11/17/2003 2:59:20 PM | Attr = ]
(HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.06.00 | Size = 1042432 bytes | Modified Date = 11/17/2003 2:56:26 PM | Attr = ]
(ialm) ialm [Kernel | On_Demand | Running] -> %System32%\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4410 | Size = 1302812 bytes | Modified Date = 10/14/2005 3:15:18 PM | Attr = ]
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> %System32%\DRIVERS\mdc8021x.sys -> Meetinghouse Data Communications [Ver = 2.3.1.9 | Size = 15781 bytes | Modified Date = 4/13/2004 7:20:08 PM | Attr = R ]
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %System32%\DRIVERS\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 12:48:08 PM | Attr = ]
(mraid35x) mraid35x [Kernel | Boot | Running] -> %System32%\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 12:52:12 PM | Attr = ]
(nv) nv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\NV4_MINI.SYS -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 9:29:56 PM | Attr = ]
(omci) OMCI WDM Device Driver [Kernel | System | Running] -> %System32%\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 12:45:06 PM | Attr = ]
(PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %System32%\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %System32%\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.16a | Size = 20576 bytes | Modified Date = 8/2/2004 1:03:00 AM | Attr = ]
(ql1080) ql1080 [Kernel | Boot | Running] -> %System32%\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 12:52:20 PM | Attr = ]
(ql12160) ql12160 [Kernel | Boot | Running] -> %System32%\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 12:52:20 PM | Attr = ]
(ql1280) ql1280 [Kernel | Boot | Running] -> %System32%\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 12:52:18 PM | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %System32%\DRIVERS\SECDRV.SYS -> [Ver = | Size = 27440 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found
(sisagp) SIS AGP Bus Filter [Kernel | Boot | Running] -> %System32%\DRIVERS\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 10:07:44 PM | Attr = ]
(smwdm) smwdm [Kernel | On_Demand | Running] -> %System32%\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.4060 | Size = 612352 bytes | Modified Date = 4/9/2004 11:41:30 AM | Attr = ]
(Sparrow) Sparrow [Kernel | Boot | Running] -> %System32%\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 1:07:44 PM | Attr = ]
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> %System32%\DRIVERS\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 7/14/2004 10:29:04 AM | Attr = ]
(ssrtln) ssrtln [File_System | System | Running] -> %System32%\DRIVERS\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 7/14/2004 10:28:50 AM | Attr = ]
(symc810) symc810 [Kernel | Boot | Running] -> %System32%\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 1:07:34 PM | Attr = ]
(symc8xx) symc8xx [Kernel | Boot | Running] -> %System32%\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 1:07:36 PM | Attr = ]
(sym_hi) sym_hi [Kernel | Boot | Running] -> %System32%\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 1:07:40 PM | Attr = ]
(sym_u3) sym_u3 [Kernel | Boot | Running] -> %System32%\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 1:07:42 PM | Attr = ]
(tfsnboio) tfsnboio [File_System | Auto | Running] -> %System32%\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25723 bytes | Modified Date = 8/13/2004 12:05:00 AM | Attr = ]
(tfsncofs) tfsncofs [File_System | Auto | Running] -> %System32%\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 8/13/2004 12:05:00 AM | Attr = ]
(tfsndrct) tfsndrct [File_System | Auto | Running] -> %System32%\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 8/13/2004 12:05:00 AM | Attr = ]
(tfsndres) tfsndres [File_System | Auto | Running] -> %System32%\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 8/13/2004 12:05:00 AM | Attr = ]
(tfsnifs) tfsnifs [File_System | Auto | Running] -> %System32%\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86202 bytes | Modified Date = 8/13/2004 12:05:00 AM | Attr = ]
(tfsnopio) tfsnopio [File_System | Auto | Running] -> %System32%\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 14715 bytes | Modified Date = 8/13/2004 12:05:00 AM | Attr = ]
(tfsnpool) tfsnpool [File_System | Auto | Running] -> %System32%\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 8/13/2004 12:05:00 AM | Attr = ]
(tfsnudf) tfsnudf [File_System | Auto | Running] -> %System32%\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 8/13/2004 12:05:00 AM | Attr = ]
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %System32%\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 8/13/2004 12:05:00 AM | Attr = ]
(ultra) ultra [Kernel | Boot | Running] -> %System32%\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 12:52:22 PM | Attr = ]
(VET-FILT) VET File System Filter [Kernel | System | Running] -> %System32%\drivers\Vet-Filt.1 -> Computer Associates International, Inc. [Ver = 11.0.7.4 | Size = 21031 bytes | Modified Date = 5/9/2007 12:33:52 AM | Attr = ]
(VET-REC) VET File System Recognizer [Kernel | System | Running] -> %System32%\drivers\Vet-Rec.1 -> Computer Associates International, Inc. [Ver = 11.0.7.4 | Size = 15478 bytes | Modified Date = 5/9/2007 12:33:52 AM | Attr = ]
(VETEBOOT) VET Boot Scan Engine [Kernel | On_Demand | Running] -> %System32%\drivers\VetEBoot.1 -> Computer Associates International, Inc. [Ver = 31.1.0.0 | Size = 108360 bytes | Modified Date = 7/23/2007 2:53:38 PM | Attr = ]
(VETEFILE) VET File Scan Engine [Kernel | System | Running] -> %System32%\drivers\VetEFile.1 -> Computer Associates International, Inc. [Ver = 31.1.0.0 | Size = 879832 bytes | Modified Date = 7/23/2007 2:53:38 PM | Attr = ]
(VETFDDNT) VET Floppy Boot Sector Monitor [Kernel | System | Running] -> %System32%\drivers\VetFDDNT.1 -> Computer Associates International, Inc. [Ver = 11.0.7.4 | Size = 15735 bytes | Modified Date = 5/9/2007 12:33:52 AM | Attr = ]
(VETMONNT) VET File Monitor [Kernel | System | Running] -> %System32%\drivers\VetMonNT.1 -> Computer Associates International, Inc. [Ver = 7.2.0.0 | Size = 26787 bytes | Modified Date = 5/9/2007 12:34:18 AM | Attr = ]
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> system32\DRIVERS\wanatw4.sys -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found
(winachsf) winachsf [Kernel | On_Demand | Running] -> %System32%\DRIVERS\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.06.00 built by: WinDDK | Size = 680704 bytes | Modified Date = 11/17/2003 2:58:02 PM | Attr = ]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
CaAvTray -> %ProgramFiles%\Yahoo!\Antivirus\CAVTray.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 230512 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
CAVRID -> %ProgramFiles%\Yahoo!\Antivirus\CAVRid.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 185456 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
dla -> %System32%\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 8/13/2004 12:05:00 AM | Attr = ]
DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 57344 bytes | Modified Date = 10/12/2004 3:54:30 PM | Attr = ]
EzPrint -> %ProgramFiles%\Lexmark 2300 Series\ezprint.exe -> Lexmark International Inc. [Ver = 1.0.12.0 | Size = 94208 bytes | Modified Date = 8/1/2005 5:05:04 AM | Attr = ]
FaxCenterServer -> %ProgramFiles%\Lexmark Fax Solutions\fm3032.exe -> [Ver = | Size = 299008 bytes | Modified Date = 7/12/2005 6:36:32 AM | Attr = ]
igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 77824 bytes | Modified Date = 10/14/2005 2:46:34 PM | Attr = ]
igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 114688 bytes | Modified Date = 10/14/2005 2:50:30 PM | Attr = ]
igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4410 | Size = 94208 bytes | Modified Date = 10/14/2005 2:49:46 PM | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 257088 bytes | Modified Date = 6/1/2007 4:51:26 PM | Attr = ]
LXCGCATS -> %System32%\SPOOL\DRIVERS\W32X86\3\lxcgtime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16] -> [Ver = 0.1.11.5 | Size = 73728 bytes | Modified Date = 7/20/2005 10:48:38 AM | Attr = ]
lxcgmon.exe -> %ProgramFiles%\Lexmark 2300 Series\lxcgmon.exe -> Lexmark International, Inc. [Ver = 2.6.62.20 | Size = 200704 bytes | Modified Date = 7/20/2005 11:07:22 PM | Attr = ]
mmtask -> %ProgramFiles%\Musicmatch\Musicmatch Jukebox\mmtask.exe -> Musicmatch Inc. [Ver = 9.0.0.1 | Size = 53248 bytes | Modified Date = 9/14/2004 7:50:48 AM | Attr = ]
niwoni -> %ProgramFiles%\Internet Explorer\niwoni22011.exe -> [Ver = | Size = 163840 bytes | Modified Date = 8/7/2007 1:30:02 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.1.6 | Size = 282624 bytes | Modified Date = 4/27/2007 9:41:54 AM | Attr = ]
REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 2/4/2002 11:32:10 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\j2re1.4.2_03\bin\jusched.exe -> [Ver = | Size = 32881 bytes | Modified Date = 11/19/2003 4:48:14 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 7/16/2006 1:21:48 PM | Attr = ]
UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe -> Sonic Solutions [Ver = 1.01.33b | Size = 110592 bytes | Modified Date = 1/7/2004 12:01:00 AM | Attr = ]
YOP -> %ProgramFiles%\Yahoo!\YOP\yop.exe -> Yahoo! Inc. [Ver = 2006, 7, 20, 1 | Size = 407032 bytes | Modified Date = 7/21/2006 10:43:10 AM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 11:09:36 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,244 | Size = 4670968 bytes | Modified Date = 3/1/2007 6:11:26 PM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 1:06:00 AM | Attr = R ]
%AllUsersStartup%\InterVideo WinCinema Manager.lnk -> %ProgramFiles%\InterVideo\Common\Bin\WinCinemaMgr.exe -> InterVideo Inc. [Ver = 1.8.2 | Size = 212992 bytes | Modified Date = 6/4/2004 8:54:00 AM | Attr = ]
< ICQ Agent [HKCU] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ ->
HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> ->
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4410 | Size = 135168 bytes | Modified Date = 10/14/2005 2:45:38 PM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL ->
http://yahoo.sbc.com/dsl ->
HKLM: Main\\Default_Search_URL ->
http://red.clientapps.yahoo.com/customi ... .yahoo.com ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Bar ->
http://red.clientapps.yahoo.com/customi ... earch.html ->
HKLM: Search Page ->
http://red.clientapps.yahoo.com/customi ... .yahoo.com ->
HKLM: Start Page ->
http://yahoo.sbc.com/dsl ->
HKLM: CustomizeSearch ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant ->
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Search Bar ->
http://search.msn.com/spbasic.htm ->
HKCU: Start Page ->
http://att.yahoo.com/ ->
HKCU: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 1:17:44 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 5/31/2005 1:04:00 AM | Attr = ]
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %System32%\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 8/13/2004 12:05:00 AM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 2/17/2005 1:51:04 PM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes0521.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2004, 5, 21, 2 | Size = 320656 bytes | Modified Date = 2/17/2005 1:51:04 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn1\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Data - Key not found [MenuText: Sun Java Console] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> Reg Data - Value does not exist [ButtonText: Messenger] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -> Reg Data - Value does not exist [ButtonText: Real.com] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> -> File not found
< Internet Explorer Plugins [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension\ ->
.pdf -> %ProgramFiles%\Internet Explorer\PLUGINS\nppdf32.dll [Adobe Acrobat] -> Adobe Systems Inc. [Ver = 6.0.0.2003051500 | Size = 133376 bytes | Modified Date = 5/14/2003 11:01:48 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
SV1 -> ->
YPC 3.2.0 -> Yahoo! Parental Controls ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1520E0EB-687D-4C34-8613-A8724053155C} -> (Intel(R) PRO/100 VE Network Connection) ->
< Winsock2 Catalogs [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ ->
Protocol_Catalog9\Catalog_Entries\000000000001 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000002 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000003 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
Protocol_Catalog9\Catalog_Entries\000000000019 -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> Microsoft Office Template and Media Control - CodeBase =
http://office.microsoft.com/templates/ieawsdc.cab ->
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase =
http://www.apple.com/qtactivex/qtplugin.cab ->
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} -> HouseCall Control - CodeBase =
http://housecall60.trendmicro.com/housecall/xscan60.cab ->
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -> Installation Support - CodeBase = C:\Program Files\Yahoo!\Common\Yinsthelper2007261.dll ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase =
http://v5.windowsupdate.microsoft.com/v ... 8629057328 ->
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} -> HouseCall Control - CodeBase =
http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.4.2_03 - CodeBase =
http://java.sun.com/products/plugin/aut ... s-i586.cab ->
{9522B3FB-7A2B-4646-8AF6-36E7F593073C} -> - CodeBase =
http://a19.g.akamai.net/7/19/7125/1452/ ... brkpie.cab ->
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} -> InetDownload Class - CodeBase =
https://media.pineconeresearch.com/Acti ... ontrol.cab ->
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} -> MsnMessengerSetupDownloadControl Class - CodeBase =
http://messenger.msn.com/download/MsnMe ... loader.cab ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.2_03 - CodeBase =
http://java.sun.com/products/plugin/aut ... s-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase =
http://download.macromedia.com/pub/shoc ... wflash.cab ->
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -> McFreeScan Class - CodeBase =
http://download.mcafee.com/molbin/iss-l ... cfscan.cab ->
[Registry - Additional Scans - Non-Microsoft Only]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ ->
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
[Files/Folders - Created Within 30 days]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 8/14/2007 8:06:45 PM | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Created Date = 8/28/2007 4:16:57 PM | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 8/14/2007 8:07:03 PM | Attr = H ]
$NtUninstallKB936782_WMP10$ -> %SystemRoot%\$NtUninstallKB936782_WMP10$ -> [Folder | Created Date = 8/14/2007 8:04:43 PM | Attr = H ]
$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Created Date = 8/14/2007 8:05:20 PM | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Created Date = 8/14/2007 8:05:34 PM | Attr = H ]
$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 8/14/2007 8:06:53 PM | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 8/14/2007 8:06:37 PM | Attr = H ]
McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Created Date = 8/28/2007 4:32:43 PM | Attr = ]
corfigs -> %System32%\corfigs -> [Folder | Created Date = 8/18/2007 8:45:14 AM | Attr = ]
dlls99 -> %System32%\dlls99 -> [Folder | Created Date = 8/18/2007 8:45:14 AM | Attr = ]
f02WtR -> %System32%\f02WtR -> [Folder | Created Date = 8/18/2007 8:45:05 AM | Attr = ]
ICM55 -> %System32%\ICM55 -> [Folder | Created Date = 8/18/2007 8:45:14 AM | Attr = ]
tmp66 -> %System32%\tmp66 -> [Folder | Created Date = 8/18/2007 8:45:14 AM | Attr = ]
ypclsp.dll -> %System32%\ypclsp.dll -> Yahoo! Inc. [Ver = 2004, 10, 25, 1 | Size = 131072 bytes | Created Date = 8/22/2007 12:11:13 PM | Attr = ]
YPcservice.exe -> %System32%\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Created Date = 8/22/2007 12:11:13 PM | Attr = ]
vetmonnt.sys -> %System32%\drivers\vetmonnt.sys -> Computer Associates International, Inc. [Ver = 7.2.0.0 | Size = 26787 bytes | Created Date = 8/22/2007 12:12:49 PM | Attr = ]
[Files/Folders - Modified Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/14/2007 9:06:34 PM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 526536704 bytes | Modified Date = 8/28/2007 7:15:48 PM | Attr = HS]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/28/2007 7:37:36 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/24/2007 12:03:20 PM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 8/19/2007 4:29:48 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/28/2007 7:17:28 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/28/2007 5:12:54 PM | Attr = H ]
$NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 8/14/2007 9:06:46 PM | Attr = H ]
$NtUninstallKB933360$ -> %SystemRoot%\$NtUninstallKB933360$ -> [Folder | Modified Date = 8/28/2007 5:17:00 PM | Attr = H ]
$NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 8/14/2007 9:07:04 PM | Attr = H ]
$NtUninstallKB936782_WMP10$ -> %SystemRoot%\$NtUninstallKB936782_WMP10$ -> [Folder | Modified Date = 8/14/2007 9:04:46 PM | Attr = H ]
$NtUninstallKB937143$ -> %SystemRoot%\$NtUninstallKB937143$ -> [Folder | Modified Date = 8/14/2007 9:05:24 PM | Attr = H ]
$NtUninstallKB938127$ -> %SystemRoot%\$NtUninstallKB938127$ -> [Folder | Modified Date = 8/14/2007 9:05:36 PM | Attr = H ]
$NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 8/14/2007 9:06:54 PM | Attr = H ]
$NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 8/14/2007 9:06:38 PM | Attr = H ]
AVShlExt.dll -> %SystemRoot%\AVShlExt.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 111728 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 8/28/2007 7:15:54 PM | Attr = S]
CAVTemp -> %SystemRoot%\CAVTemp -> [Folder | Modified Date = 8/27/2007 9:51:36 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/28/2007 5:32:48 PM | Attr = S]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 8/23/2007 11:47:40 AM | Attr = ]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/14/2007 9:07:10 PM | Attr = ]
INF -> %SystemRoot%\INF -> [Folder | Modified Date = 8/28/2007 5:32:44 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/14/2007 9:06:34 PM | Attr = HS]
McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Modified Date = 8/28/2007 5:32:44 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/28/2007 7:39:08 PM | Attr = ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 8/19/2007 4:14:12 PM | Attr = ]
SYSTEM32 -> %System32% -> [Folder | Modified Date = 8/28/2007 5:17:00 PM | Attr = ]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/28/2007 7:25:20 PM | Attr = ]
UnVet32.exe -> %SystemRoot%\UnVet32.exe -> Computer Associates International, Inc. [Ver = 1.0.0.1 | Size = 115824 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 289 bytes | Modified Date = 8/23/2007 12:18:08 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 8/27/2007 10:42:04 AM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/28/2007 7:16:04 PM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 8/28/2007 7:17:26 PM | Attr = ]
corfigs -> %System32%\corfigs -> [Folder | Modified Date = 8/18/2007 9:45:16 AM | Attr = ]
DLLCACHE -> %System32%\DLLCACHE -> [Folder | Modified Date = 8/23/2007 1:28:18 PM | Attr = RHS]
dlls99 -> %System32%\dlls99 -> [Folder | Modified Date = 8/18/2007 1:48:44 PM | Attr = ]
DRIVERS -> %System32%\DRIVERS -> [Folder | Modified Date = 8/23/2007 1:28:12 PM | Attr = ]
f02WtR -> %System32%\f02WtR -> [Folder | Modified Date = 8/18/2007 9:45:06 AM | Attr = ]
Gold_Lace.ini -> %System32%\Gold_Lace.ini -> [Ver = | Size = 225 bytes | Modified Date = 8/22/2007 7:48:06 PM | Attr = ]
Gold_Lace.par -> %System32%\Gold_Lace.par -> [Ver = | Size = 1228808 bytes | Modified Date = 8/22/2007 7:48:06 PM | Attr = ]
ICM55 -> %System32%\ICM55 -> [Folder | Modified Date = 8/18/2007 9:45:16 AM | Attr = ]
PERFC009.DAT -> %System32%\PERFC009.DAT -> [Ver = | Size = 53436 bytes | Modified Date = 8/23/2007 1:29:18 PM | Attr = ]
PERFH009.DAT -> %System32%\PERFH009.DAT -> [Ver = | Size = 381692 bytes | Modified Date = 8/23/2007 1:29:18 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 441626 bytes | Modified Date = 8/23/2007 1:29:18 PM | Attr = ]
ReinstallBackups -> %System32%\ReinstallBackups -> [Folder | Modified Date = 8/23/2007 1:28:12 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 8/24/2007 12:03:20 PM | Attr = ]
tmp66 -> %System32%\tmp66 -> [Folder | Modified Date = 8/18/2007 9:45:16 AM | Attr = ]
VetRedir.dll -> %System32%\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 8/22/2007 1:12:14 PM | Attr = ]
WPA.DBL -> %System32%\WPA.DBL -> [Ver = | Size = 2206 bytes | Modified Date = 8/28/2007 7:17:10 PM | Attr = ]
ETC -> %System32%\drivers\ETC -> [Folder | Modified Date = 8/19/2007 1:39:52 PM | Attr = ]
Vet-Filt.sys -> %System32%\drivers\Vet-Filt.sys -> Computer Associates International, Inc. [Ver = 11.0.7.4 | Size = 21031 bytes | Modified Date = 8/22/2007 1:12:12 PM | Attr = ]
Vet-Rec.sys -> %System32%\drivers\Vet-Rec.sys -> Computer Associates International, Inc. [Ver = 11.0.7.4 | Size = 15478 bytes | Modified Date = 8/22/2007 1:12:12 PM | Attr = ]
VetEBoot.sys -> %System32%\drivers\VetEBoot.sys -> Computer Associates International, Inc. [Ver = 31.1.0.0 | Size = 108360 bytes | Modified Date = 8/22/2007 1:12:46 PM | Attr = ]
VetEFile.sys -> %System32%\drivers\VetEFile.sys -> Computer Associates International, Inc. [Ver = 31.1.0.0 | Size = 879832 bytes | Modified Date = 8/22/2007 1:12:46 PM | Attr = ]
VetFDDNT.sys -> %System32%\drivers\VetFDDNT.sys -> Computer Associates International, Inc. [Ver = 11.0.7.4 | Size = 15735 bytes | Modified Date = 8/22/2007 1:12:12 PM | Attr = ]
vetmonnt.sys -> %System32%\drivers\vetmonnt.sys -> Computer Associates International, Inc. [Ver = 7.2.0.0 | Size = 26787 bytes | Modified Date = 8/22/2007 1:12:50 PM | Attr = ]
[File String Scan - Non-Microsoft Only]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\LPT$VPN.777 -> [Ver = | Size = 15628561 bytes | Modified Date = 8/12/2005 10:50:26 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\RMAgentOutput.dll -> [Ver = | Size = 25157 bytes | Modified Date = 5/3/2005 11:44:44 AM | Attr = ]
UPX! , UPX0 , -> %SystemRoot%\tsc.exe -> Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Modified Date = 5/17/2005 10:26:20 PM | Attr = ]
PECompact2 , qoologic , SAHAgent , -> %SystemRoot%\VPTNFILE.777 -> [Ver = | Size = 15628561 bytes | Modified Date = 8/12/2005 10:50:26 AM | Attr = ]
UPX! , aspack , -> %SystemRoot%\vsapi32.dll -> Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Modified Date = 5/17/2005 10:30:30 PM | Attr = ]
PEC2 , -> %System32%\DFRG.MSC -> [Ver = | Size = 41397 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
aspack , -> %System32%\Incinerator.dll -> iolo technologies, LLC [Ver = 5.5.1.0 | Size = 702464 bytes | Modified Date = 2/17/2005 3:35:48 PM | Attr = ]
winsync , -> %System32%\WBDBASE.DEU -> [Ver = | Size = 1309184 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
Thawte Consulting , -> %System32%\XceedFtp.dll -> Xceed Software Inc (450) 442-2626
support@xceedsoft.com http://www.xceedsoft.com [Ver = 1.0.42.0 | Size = 236576 bytes | Modified Date = 10/2/2003 4:36:22 PM | Attr = ]
< End of report >
Sincerely, Lorna
Thank you for the help.