Sign in to follow this  
justjoy

Help Please

Recommended Posts

Hi.justjoy

 

Hmm this thing will not show it's self. Run this tool here.

 

Download Silent Runners and extract it to a new folder on your Desktop.

Run the Silent Runners.vbs file.

You will receive a prompt: "Do you want to skip supplementary searches?" - click "NO."

If your antivirus has a script blocker, you will get a warning asking if you want to allow Silent Runners.vbs to run.

This script is not malicious so please allow it.

A text file will appear in the folder - it's not done, let it run. (It won't appear to be doing anything!)

Once the "All Done!" prompt flashes up, open the text file, and copy & paste it in your next reply.

 

======================

 

We should also try this here.

 

NOTE: You have to upload them not post them.

 

Download avz4.zip from here

 

1. Unzip it to your desktop to a folder named avz4

2. Double click on AVZ.exe to run it.

3. Run an update by clicking the Auto Update button on the Right of the Log window:

4. Click Start to begin the update

 

Note: If you recieve an error message, chose a different source, then click Start again

 

1. Start AVZ.

2. Choose from the menu "File" => "Standard scripts " and mark the "Healing/Quarantine and Advanced System Investigation" check box.

3. Click on the “Execute selected scripts”.

4. Automatic scanning, healing and system check will be executed.

5. A logfile (avz_sysinfo.htm) will be created and saved in the LOG folder in the AVZ directory as virusinfo_syscure.zip.

6. It is necessary to reboot your machine, because AVZ might disturb some program operations (like antiviruses and firewall) during the system scan.

7. All applications will work properly after the system restart.

 

 

When restarted

 

1. Start AVZ.

2. Choose from the menu "File" => "Standard scripts " and mark the “Advanced System Investigation" check box.

3. Click on the "Execute selected scripts".

4. A system check will be automatically performed, and the created logfile (avz_sysinfo.htm) will be saved in the LOG folder in the AVZ directory as virusinfo_syscheck.zip.

 

 

Attach both zip files to your next post

 

 

Gogo ;)

Share this post


Link to post
Share on other sites

Here is the first one working on the other one

Joy

 

 

 

"Silent Runners.vbs", revision 55, http://www.silentrunners.org/

Operating System: Windows XP SP2

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

"ctfmon.exe" = "C:\windows\system32\ctfmon.exe" [MS]

"WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS]

"AOL Fast Start" = ""C:\Program Files\AOL 9.0b\AOL.EXE" -b" ["AOL, LLC."]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"NVMixerTray" = ""C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"" ["NVIDIA Corporation"]

"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit" [MS]

"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]

"spywarefighterguard" = "C:\Program Files\SPYWAREfighter\spftray.exe" ["SPAMfighter"]

"HP Software Update" = "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Development Company, L.P."]

"hpqSRMon" = "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" ["Hewlett-Packard"]

"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]

 

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\

>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"

\StubPath = "C:\windows\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

{6548BF73-58FF-71D5-F97D-17C71E323709}\(Default) = (no title provided)

-> {HKLM...CLSID} = "IntelligentAdvisor"

\InProcServer32\(Default) = "C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll" [empty string]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM...CLSID} = "SSVHelper Class"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\(Default) = "scriptproxy"

-> {HKLM...CLSID} = "scriptproxy"

\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll" ["McAfee, Inc."]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

-> {HKLM...CLSID} = "HyperTerminal Icon Ext"

\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {HKLM...CLSID} = "DesktopContext Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {HKLM...CLSID} = "Desktop Explorer"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {HKLM...CLSID} = (no title provided)

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {HKLM...CLSID} = "nView Desktop Context Menu"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {HKLM...CLSID} = "NVIDIA CPL Extension"

\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"]

"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {HKLM...CLSID} = "Outlook File Icon Extension"

\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

-> {HKLM...CLSID} = "WPDShServiceObj Class"

\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

 

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"

-> {HKLM...CLSID} = "PDF Shell Extension"

\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

 

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"

-> {HKLM...CLSID} = "McVSRightclickScanner Class"

\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll" ["McAfee, Inc."]

SPYWAREfighter\(Default) = "{44CB577A-837C-4C36-9C8D-80A1639B9333}"

-> {HKLM...CLSID} = "SpywarefighterExt Class"

\InProcServer32\(Default) = "C:\Program Files\SPYWAREfighter\spfext.dll" ["Spamfighter"]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

 

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

 

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

MCVSRIGHTCLICKSCANNER\(Default) = "{162EFDC5-2957-465D-887B-590AF4A7E84D}"

-> {HKLM...CLSID} = "McVSRightclickScanner Class"

\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\VIRUSS~1\mcodsax.dll" ["McAfee, Inc."]

SPYWAREfighter\(Default) = "{44CB577A-837C-4C36-9C8D-80A1639B9333}"

-> {HKLM...CLSID} = "SpywarefighterExt Class"

\InProcServer32\(Default) = "C:\Program Files\SPYWAREfighter\spfext.dll" ["Spamfighter"]

WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"

-> {HKLM...CLSID} = "WinZip"

\InProcServer32\(Default) = "C:\Program Files\WinZip\wzshlstb.dll" ["WinZip Computing LP"]

 

 

Active Desktop and Wallpaper:

-----------------------------

 

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

"Wallpaper" = "C:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

"Wallpaper" = "C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

 

 

Startup items in "user" & "All Users" startup folders:

------------------------------------------------------

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]

 

 

Enabled Scheduled Tasks:

------------------------

 

"McDefragTask" -> launches: "c:\PROGRA~1\mcafee\mqc\QcConsol.exe "C:\WINDOWS\system32\defrag.exe" C: -f" ["McAfee, Inc."]

"McQcTask" -> launches: "c:\PROGRA~1\mcafee\mqc\QcConsol.exe 14 0" ["McAfee, Inc."]

"RegCure Program Check" -> launches: "C:\Program Files\RegCure\RegCure.exe ShowReminders" [null data]

"RegCure" -> launches: "C:\Program Files\RegCure\RegCure.exe -t" [null data]

"SpywareBot Scheduled Scan" -> launches: "C:\Program Files\SpywareBot\SpywareBot.exe scheduled" [file not found]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Explorer Bars

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)

-> {HKLM...CLSID} = "Real.com"

\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

 

Extensions (Tools menu items, main toolbar menu buttons)

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

"MenuText" = "Sun Java Console"

"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"

-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]

-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"

\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

 

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\

"ButtonText" = "Real.com"

 

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

"MenuText" = "@xpsp3res.dll,-20001"

"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

 

{FB5F1910-F110-11D2-BB9E-00C04F795683}\

"ButtonText" = "Messenger"

"MenuText" = "Windows Messenger"

"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]

AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["AOL LLC"]

McAfee HackerWatch Service, McAfee HackerWatch Service, ""C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"" ["McAfee, Inc."]

McAfee Network Agent, McNASvc, ""c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"" ["McAfee, Inc."]

McAfee Personal Firewall Service, MpfService, ""C:\Program Files\McAfee\MPF\MPFSrv.exe"" ["McAfee, Inc."]

McAfee Privacy Service, MPS9, "C:\PROGRA~1\McAfee\MPS\mps.exe" ["McAfee, Inc."]

McAfee Protection Manager, mcpromgr, "C:\PROGRA~1\McAfee\MSC\mcpromgr.exe" ["McAfee, Inc."]

McAfee Proxy Service, McProxy, "c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" ["McAfee, Inc."]

McAfee Real-time Scanner, McShield, "C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" ["McAfee, Inc."]

McAfee Redirector Service, McRedirector, "c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe" ["McAfee, Inc."]

McAfee Scanner, McODS, "C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe" ["McAfee, Inc."]

McAfee Services, mcmscsvc, "C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" ["McAfee, Inc."]

McAfee SystemGuards, McSysmon, "C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" ["McAfee, Inc."]

NVIDIA Display Driver Service, NVSvc, "C:\windows\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" ["HP"]

SPYWAREfighterRP, SPYWAREfighterRP, ""C:\Program Files\SPYWAREfighter\spfprc.exe"" ["SpamFighter APS"]

Windows Media Player Network Sharing Service, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\WMPNetwk.exe"" [MS]

 

 

Print Monitors:

---------------

 

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

PCL hpz3l463\Driver = "hpz3l463.dll" ["Hewlett-Packard Company"]

PCL hpz3l4pi\Driver = "hpz3l4pi.dll" ["Hewlett-Packard Company"]

 

 

---------- (launch time: 2007-12-24 11:35:21)

<<!>>: Suspicious data at a malware launch point.

 

+ This report excludes default entries except where indicated.

+ To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

+ The search for DESKTOP.INI DLL launch points on all local fixed drives

took 53 seconds.

---------- (total run time: 110 seconds)

Share this post


Link to post
Share on other sites

Hi.justjoy

 

I'm trying to stay at the forums, as long as I have my wireless. So if it seems like I'm not looking at your logs, I am it's that I have no idea when I may drop my connection again. Now you uploaded the wrong files, go to a folder named avz4 on your desktop. In this folder there should be a folder called Log in this folder you should find two zip files, called.

 

virusinfo_syscure.zip

 

virusinfo_syscheck.zip

 

These are the files, I need uploaded to me. Again it may seem like I have forgot you it not so I'm having a ton of problems.

 

Gogo :(

Share this post


Link to post
Share on other sites

I hope you had a great Christmas....and really hope you have fixed your problems.

Here are the two files from AVZ4

Thanks,

Joy

Edited by LS CalamityJane
Attachments removed unknown passworded zip files

Share this post


Link to post
Share on other sites

Hi.justjoy

 

Nope sorry to say.I'm still having a ton of problems here it's killing me. Oh by the way the zips you uploaded have a password? you need to send me, this pass by PM. I've been trying to get my brother to let me, use his PC, um not sure this is going to happen anytime soon.

 

Gogo :angry:

Share this post


Link to post
Share on other sites

So sorry to hear that. I'm not sure about the password...I never put on on it but I thinkk this is the files you need. Thank you so much

Joy

 

syscheck

 

<?xml version="1.0" encoding="windows-1251" ?>

- <!-- AVZ XML Report

-->

- <AVZ>

- <PROCESS>

<ITEM PID="1812" File="c:\program files\common files\aol\acs\aolacsd.exe" CheckResult="-1" Descr="AOL Connectivity Service" LegalCopyright="Copyright © 2001-2006 AOL LLC" CmdLine="@quot;C:\Program Files\Common Files\AOL\ACS\[email protected];" Size="46640" Attr="RsAh" CreateDate="10/23/2006 7:50:35 AM" ChageDate="10/23/2006 7:50:35 AM" MD5="85180CF88C5EBAD73B452A43A004CA51" />

<ITEM PID="3140" File="c:\program files\common files\aol\1175982866\ee\aolsoftware.exe" CheckResult="-1" Descr="AOL" LegalCopyright="Copyright © 2007 AOL LLC" CmdLine="@quot;C:\Program Files\Common Files\AOL\1175982866\ee\[email protected]; /h servicehost.defaultGrp" Size="42032" Attr="rsAh" CreateDate="4/12/2007 4:23:31 PM" ChageDate="4/12/2007 4:23:31 PM" MD5="8C1081F3F99A78597A7CAAA85A3C1FFE" />

<ITEM PID="944" File="c:\windows\explorer.exe" CheckResult="0" Descr="Windows Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\Explorer.EXE" Size="1033216" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/13/2007 5:23:07 AM" MD5="97BD6515465659FF8F3B7BE375B2EA87" />

<ITEM PID="2648" File="c:\program files\hp\digital imaging\bin\hpqsrmon.exe" CheckResult="-1" Descr="HpqSRmon" LegalCopyright="© Hewlett-Packard. All rights reserved." CmdLine="@quot;C:\Program Files\HP\Digital Imaging\bin\[email protected];" Size="80896" Attr="rsAh" CreateDate="8/22/2007 4:31:16 PM" ChageDate="8/22/2007 4:31:16 PM" MD5="941A08CBDEEDF16B6C986B6BA7C9A5D0" />

<ITEM PID="1952" File="c:\program files\common files\mcafee\hackerwatch\hwapi.exe" CheckResult="-1" Descr="McAfee HackerWatch Service" LegalCopyright="© McAfee, Inc. All rights reserved." CmdLine="@quot;C:\Program Files\Common Files\McAfee\HackerWatch\[email protected];" Size="540776" Attr="rsAh" CreateDate="12/7/2007 2:14:26 AM" ChageDate="2/13/2007 12:09:12 PM" MD5="38BCCF016B694A745E1CDBC0B080A59C" />

<ITEM PID="1476" File="c:\progra~1\mcafee.com\agent\mcagent.exe" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding" Size="566872" Attr="rsAh" CreateDate="12/7/2007 2:13:56 AM" ChageDate="1/5/2007 4:21:16 PM" MD5="4C4F3DE9CF6E0F8B7A4AE639FF981BFF" />

<ITEM PID="2028" File="c:\progra~1\mcafee\msc\mcmscsvc.exe" CheckResult="-1" Descr="MISP User Manager" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" Size="361560" Attr="rsAh" CreateDate="12/7/2007 2:13:51 AM" ChageDate="1/5/2007 4:22:12 PM" MD5="BB8A45E65BE310996A201F8A75646A8D" />

<ITEM PID="124" File="c:\progra~1\common~1\mcafee\mna\mcnasvc.exe" CheckResult="-1" Descr="McAfee Network Agent" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="@quot;c:\PROGRA~1\COMMON~1\mcafee\mna\[email protected];" Size="2213416" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:10 AM" MD5="39621D46D16AF1FCF6063BCED5CA60FC" />

<ITEM PID="188" File="c:\progra~1\mcafee\viruss~1\mcods.exe" CheckResult="-1" Descr="McAfee VirusScan - On Demand Scan" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe" Size="362064" Attr="rsAh" CreateDate="12/7/2007 2:15:09 AM" ChageDate="1/16/2007 6:03:36 PM" MD5="" />

<ITEM PID="204" File="c:\progra~1\mcafee\msc\mcpromgr.exe" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\MSC\mcpromgr.exe" Size="493144" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:40 PM" MD5="14313FF5203DF7CB53E8D2F18F59D4D2" />

<ITEM PID="228" File="c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe" CheckResult="-1" Descr="McAfee Proxy Service Module" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" Size="353368" Attr="rsAh" CreateDate="12/7/2007 2:15:51 AM" ChageDate="4/12/2007 9:33:42 AM" MD5="7BC413411A8A0E58ECB6868FFC2180D9" />

<ITEM PID="408" File="c:\progra~1\mcafee\viruss~1\mcshield.exe" CheckResult="-1" Descr="On-Access Scanner service" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." CmdLine="C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" Size="144960" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:56:42 AM" MD5="6611420C3CC970126C86ADCDC376AE39" />

<ITEM PID="492" File="c:\progra~1\mcafee\viruss~1\mcsysmon.exe" CheckResult="-1" Descr="McAfee SystemGuards Service" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" Size="643664" Attr="rsAh" CreateDate="12/7/2007 2:14:39 AM" ChageDate="1/25/2007 4:01:58 PM" MD5="9770A8706BBA3C4CBEA998D2A6BF2D08" />

<ITEM PID="620" File="c:\program files\mcafee\mpf\mpfsrv.exe" CheckResult="-1" Descr="McAfee Personal Firewall Service" LegalCopyright="Copyright © 2005 McAfee, Inc. All Rights Reserved." CmdLine="@quot;C:\Program Files\McAfee\MPF\[email protected];" Size="841256" Attr="rsAh" CreateDate="12/7/2007 2:15:27 AM" ChageDate="6/19/2007 8:55:24 AM" MD5="1CAD000C45ED402F9C61F90CF8D208C2" />

<ITEM PID="2312" File="c:\progra~1\mcafee\mps\mps.exe" CheckResult="-1" Descr="McAfee Privacy Service 9.0" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\MPS\mps.exe" Size="906792" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:08:06 PM" MD5="" />

<ITEM PID="3500" File="c:\program files\mcafee\mps\mpsevh.exe" CheckResult="-1" Descr="McAfee Privacy Service 9.0 Event Handler" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="@quot;C:\Program Files\McAfee\MPS\[email protected]; -Embedding" Size="304680" Attr="rsAh" CreateDate="12/7/2007 2:16:01 AM" ChageDate="4/18/2007 2:08:10 PM" MD5="6510D5303CC0D1CF1908B8BD21063420" />

<ITEM PID="312" File="c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe" CheckResult="-1" Descr="McAfee Redirector Service Module" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe" Size="256096" Attr="rsAh" CreateDate="12/7/2007 2:14:23 AM" ChageDate="3/8/2007 3:42:42 PM" MD5="DAF486036F2F6EE9DBA390D3CF2E5C29" />

<ITEM PID="3320" File="c:\program files\aol 9.0b\shellmon.exe" CheckResult="-1" Descr="waolmon" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" CmdLine="@quot;C:\Program Files\AOL 9.0b\[email protected];" Size="54832" Attr="rsAh" CreateDate="4/18/2007 1:49:05 AM" ChageDate="4/18/2007 1:49:05 AM" MD5="1E859A926D7896F51BB5E1E3055D4C8F" />

<ITEM PID="2936" File="c:\program files\spywarefighter\spfprc.exe" CheckResult="-1" Descr="SpywareFighter" LegalCopyright="SpamFighter APS. All rights reserved." CmdLine="@quot;C:\Program Files\SPYWAREfighter\[email protected];" Size="410520" Attr="rsAh" CreateDate="6/8/2007 11:52:14 AM" ChageDate="6/8/2007 11:52:14 AM" MD5="DD634A9825135DDD919683A7DC04360B" />

<ITEM PID="2632" File="c:\program files\spywarefighter\spftray.exe" CheckResult="-1" Descr="Spywarefighter Tray" LegalCopyright="" CmdLine="@quot;C:\Program Files\SPYWAREfighter\[email protected];" Size="115608" Attr="rsAh" CreateDate="6/8/2007 11:52:18 AM" ChageDate="6/8/2007 11:52:18 AM" MD5="B98D723FBDF2508C8959258BD42F46E9" />

<ITEM PID="1680" File="c:\windows\system32\spoolsv.exe" CheckResult="0" Descr="Spooler SubSystem App" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\spoolsv.exe" Size="57856" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/10/2005 6:53:32 PM" MD5="DA81EC57ACD4CDC3D4C51CF3D409AF9F" />

<ITEM PID="1436" File="c:\program files\aol 9.0b\waol.exe" CheckResult="-1" Descr="AOL Software" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" CmdLine="-Brestart" Size="39472" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="DCF06AFB01E890FE4D89FA09D64524ED" />

</PROCESS>

- <DLL>

<ITEM File="C:\Program Files\Common Files\AOL\ACS\AOLacsd.dll" CheckResult="-1" Descr="AOL Connectivity Service" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="1263152" Attr="RsAh" CreateDate="4/13/2007 12:29:27 PM" ChageDate="4/13/2007 12:29:27 PM" MD5="B1081E9380ACEEF7B9C5F928261EC569" />

<ITEM File="C:\Program Files\Common Files\AOL\ACS\xpat.dll" CheckResult="-1" Descr="AOL Connectivity Service XML Parser" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="124464" Attr="RsAh" CreateDate="4/13/2007 12:29:50 PM" ChageDate="4/13/2007 12:29:50 PM" MD5="C64B23D10FAFE5BFABD89C53EBDB270E" />

<ITEM File="C:\Program Files\Common Files\AOL\ACS\ACSMDiag.dll" CheckResult="-1" Descr="AOL Connectivity Service Diagnostics" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="87600" Attr="RsAh" CreateDate="4/13/2007 12:29:25 PM" ChageDate="4/13/2007 12:29:25 PM" MD5="6181BD3B38F360B53D76C0802FE842C3" />

<ITEM File="C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll" CheckResult="-1" Descr="AOL Diagnostics" LegalCopyright="Copyright © 1998-2006 - SupportSoft Software, Inc. All Rights Reserved." UsedBy="1812,3140,1436" Hidden="-1" Size="106496" Attr="rsAh" CreateDate="8/11/2006 4:38:55 PM" ChageDate="3/8/2007 8:39:52 PM" MD5="15B9CC21717F3CD0F660AF315521E3C0" />

<ITEM File="C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll" CheckResult="-1" Descr="AOL Connectivity Service Common Code" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812,1436" Hidden="-1" Size="206384" Attr="RsAh" CreateDate="4/13/2007 12:29:36 PM" ChageDate="4/13/2007 12:29:36 PM" MD5="E3C1E0E02EBF63BAF138EC42CE39BA7C" />

<ITEM File="C:\Program Files\Common Files\AOL\ACS\ACSSwu.dll" CheckResult="-1" Descr="AOL Connectivity Service Software Update" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="235056" Attr="RsAh" CreateDate="4/13/2007 12:29:16 PM" ChageDate="4/13/2007 12:29:16 PM" MD5="24B23C8E8C69A158B09B3C4690B5750B" />

<ITEM File="C:\Program Files\Common Files\AOL\1175982866\ee\AOLSvcMgr.dll" CheckResult="-1" Descr="AOLSvcMgr" LegalCopyright="Copyright © 2007 AOL LLC" UsedBy="3140,1436" Hidden="-1" Size="595456" Attr="rsAh" CreateDate="9/25/2006 7:51:46 PM" ChageDate="4/12/2007 4:22:49 PM" MD5="AC55822CD0156228032052BD9A945D61" />

<ITEM File="C:\Program Files\Common Files\AOL\1175982866\ee\xprt6.dll" CheckResult="-1" Descr="XPRT Runtime Library" LegalCopyright="Copyright 1998-2006 AOL LLC" UsedBy="3140,1436" Hidden="-1" Size="241664" Attr="rsAh" CreateDate="8/4/2006 12:03:52 PM" ChageDate="8/4/2006 12:03:52 PM" MD5="B6EB80232F24EC02CE75B23A66ED88C2" />

<ITEM File="c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\OS.dll" CheckResult="-1" Descr="os EE Service" LegalCopyright="Copyright © 2006 AOL LLC" UsedBy="3140" Hidden="-1" Size="180736" Attr="rsAh" CreateDate="9/21/2006 10:19:02 AM" ChageDate="9/21/2006 10:19:02 AM" MD5="483302397A9A1334FB9D44DD16638898" />

<ITEM File="C:\Program Files\Common Files\AOL\1175982866\ee\xprt5.dll" CheckResult="-1" Descr="XPRT Runtime Library" LegalCopyright="Copyright 1998-2007 AOL LLC" UsedBy="3140" Hidden="-1" Size="249856" Attr="rsAh" CreateDate="3/12/2007 2:12:31 PM" ChageDate="3/12/2007 2:12:31 PM" MD5="01D280B0DFB2A0580F72AAD3BD2EF15D" />

<ITEM File="c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\AOLIdleMon.dll" CheckResult="-1" Descr="AolIdleMon EE Service" LegalCopyright="Copyright © 2006 AOL LLC" UsedBy="3140" Hidden="-1" Size="5632" Attr="rsAh" CreateDate="9/21/2006 10:18:49 AM" ChageDate="9/21/2006 10:18:49 AM" MD5="1337EF044854F38B9DFD085E56EBC3A2" />

<ITEM File="c:\program files\common files\aol\1175982866\ee\services\notification\ver6_2_6_1\Notify.dll" CheckResult="-1" Descr="Notification Service" LegalCopyright="Copyright © 2006 America Online, Inc." UsedBy="3140" Hidden="-1" Size="145920" Attr="rsAh" CreateDate="8/1/2006 4:26:55 PM" ChageDate="8/1/2006 4:26:55 PM" MD5="DA8CFF2E849BB7C09BF4A6E170615E35" />

<ITEM File="c:\program files\common files\aol\1175982866\ee\services\localStorage\ver7_1_6_1\clsSvc.dll" CheckResult="-1" Descr="clssvc EE Service" LegalCopyright="Copyright © 2007 AOL LLC" UsedBy="3140" Hidden="-1" Size="334848" Attr="rsAh" CreateDate="4/24/2007 6:40:14 PM" ChageDate="4/24/2007 6:40:14 PM" MD5="8AA0F6018B3B52DBE74CE77A9A7E85AA" />

<ITEM File="c:\program files\common files\aol\1175982866\ee\services\metrics\ver3_6_16_1\cmls.dll" CheckResult="-1" Descr="Client Metrics Service" LegalCopyright="Copyright © 2006 AOL LLC" UsedBy="3140" Hidden="-1" Size="262144" Attr="rsAh" CreateDate="9/11/2006 10:38:51 AM" ChageDate="9/11/2006 10:38:51 AM" MD5="7204F76E069854A2785796A0911AFB27" />

<ITEM File="c:\program files\common files\aol\1175982866\ee\services\aolsystrayservice\ver3_0_16_1\AOLSysTrayService.dll" CheckResult="-1" Descr="aolsystrayservice EE Service" LegalCopyright="Copyright © 2006 AOL LLC. All rights reserved." UsedBy="3140" Hidden="-1" Size="180224" Attr="rsAh" CreateDate="10/13/2006 9:31:46 AM" ChageDate="10/13/2006 9:31:46 AM" MD5="2856C172401B665FB7451B4B4CC5D657" />

<ITEM File="c:\program files\common files\aol\1175982866\ee\services\suiteFramework\ver4_1_6_1\suiteFramework.dll" CheckResult="-1" Descr="SuiteFramework Service" LegalCopyright="Copyright © 2006 AOL LLC." UsedBy="3140" Hidden="-1" Size="292864" Attr="rsAh" CreateDate="10/18/2006 4:06:14 PM" ChageDate="10/18/2006 4:06:14 PM" MD5="4A9476E8EF7051BCF06D33A746339E9C" />

<ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll" CheckResult="-1" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="944,1436" Hidden="-1" Size="67136" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:44 AM" MD5="AAB55DDA71DA25DDED70FEA55B61CC19" />

<ITEM File="C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCP80.dll" CheckResult="-1" Descr="Microsoft® C++ Runtime Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2648" Hidden="-1" Size="548864" Attr="rsAh" CreateDate="8/22/2007 4:34:26 PM" ChageDate="8/22/2007 4:34:26 PM" MD5="392FADBA4883243C97A56075FA86882D" />

<ITEM File="C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCR80.dll" CheckResult="-1" Descr="Microsoft® C Runtime Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2648" Hidden="-1" Size="626688" Attr="rsAh" CreateDate="8/22/2007 4:34:26 PM" ChageDate="8/22/2007 4:34:26 PM" MD5="F39FAF4C1A7C832946DFF4313FFA4572" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll" CheckResult="-1" Descr="McAfee Core Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1952,1476,2028,124,204,408,492,620,2312,3500,312" Hidden="-1" Size="84064" Attr="rsAh" CreateDate="12/7/2007 2:13:39 AM" ChageDate="1/5/2007 2:50:04 PM" MD5="" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll" CheckResult="-1" Descr="McAfee HackerWatch Proxy Stub" LegalCopyright="© McAfee, Inc. All rights reserved." UsedBy="1952,492,620,312" Hidden="-1" Size="54376" Attr="rsAh" CreateDate="12/7/2007 2:14:26 AM" ChageDate="2/13/2007 12:09:14 PM" MD5="314CBFBC64F78F8EB8CFB7B50C387A0B" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\McRes.dll" CheckResult="-1" Descr="McAfee Non-Localized Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="80984" Attr="rsAh" CreateDate="12/7/2007 2:13:45 AM" ChageDate="1/5/2007 4:21:48 PM" MD5="D970BE54162487D495B36EF5006ED3B9" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\McLocRes.dll" CheckResult="-1" Descr="McAfee Localized Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="58920" Attr="rsAh" CreateDate="12/7/2007 2:13:45 AM" ChageDate="4/16/2007 11:28:18 AM" MD5="BC986FD58A63384BC3897A71CB1E9ED9" />

<ITEM File="C:\Program Files\McAfee\MSC\oem\578\Mccobres.dll" CheckResult="-1" Descr="McAfee Co-Branded Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="558400" Attr="rsah" CreateDate="12/7/2007 2:14:13 AM" ChageDate="8/17/2007 2:31:14 PM" MD5="57143713AD6E5C1C135739925B2088CC" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\Mccobres.dll" CheckResult="-1" Descr="McAfee Co-Branded Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="558632" Attr="rsAh" CreateDate="12/7/2007 2:13:44 AM" ChageDate="4/16/2007 11:29:18 AM" MD5="24CB52C210224430E3DAAB8ED1918AD0" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll" CheckResult="-1" Descr="McAfee Subscription manager module" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,124,204,492" Hidden="-1" Size="480856" Attr="rsAh" CreateDate="3/7/2007 4:01:10 PM" ChageDate="3/7/2007 4:01:10 PM" MD5="860424B66E83F6ECA9E6A0663F788095" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll" CheckResult="-1" Descr="MISP Registration Component" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,124" Hidden="-1" Size="290392" Attr="rsAh" CreateDate="1/5/2007 4:21:46 PM" ChageDate="1/5/2007 4:21:46 PM" MD5="F4393AB71EFA25568A1E07C2AB3B7CF7" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcmispps.dll" CheckResult="-1" Descr="McAfee MISP Proxy Stub DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,408,492,620,3500" Hidden="-1" Size="66648" Attr="rsAh" CreateDate="12/7/2007 2:13:42 AM" ChageDate="1/5/2007 4:21:30 PM" MD5="A95DC5F7A4D0FC94E0DAA86A2C82AAC2" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mccfgpv.dll" CheckResult="-1" Descr="MISP Default Configuration Provider" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476" Hidden="-1" Size="397912" Attr="rsAh" CreateDate="12/7/2007 2:13:48 AM" ChageDate="1/5/2007 4:21:22 PM" MD5="1CA04CB62607C6C7ADC50E6ED7CBC1D2" />

<ITEM File="c:\PROGRA~1\mcafee.com\agent\mcagntps.dll" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476" Hidden="-1" Size="67160" Attr="rsAh" CreateDate="12/7/2007 2:13:56 AM" ChageDate="1/5/2007 4:21:18 PM" MD5="B99DB2A48AEBFD9B8E49DDCB7991C2DA" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcuicfg.dll" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476" Hidden="-1" Size="116312" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:58 PM" MD5="DFB3C949D6C2A7E67AA18063D31A0CD9" />

<ITEM File="C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll" CheckResult="-1" Descr="Sqlite3 Database Module" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="2028" Hidden="-1" Size="374384" Attr="rsAh" CreateDate="12/7/2007 2:13:41 AM" ChageDate="1/8/2007 1:46:28 PM" MD5="F01A387CF3051431A5BA0FB25118BC92" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcdbmgr.dll" CheckResult="-1" Descr="McAfee Log Database Manager" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="2028" Hidden="-1" Size="253528" Attr="rsAh" CreateDate="12/7/2007 2:13:51 AM" ChageDate="1/5/2007 4:21:24 PM" MD5="8446C6000BD0B981BC4B6BBF09A1DD6B" />

<ITEM File="C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll" CheckResult="-1" Descr="McAfee Utility DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="110704" Attr="rsAh" CreateDate="12/7/2007 2:13:41 AM" ChageDate="1/8/2007 1:46:18 PM" MD5="63A184C25C12D6922B4A00D286CF3DE9" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll" CheckResult="-1" Descr="McAfee NMC Server" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124" Hidden="-1" Size="894504" Attr="rsAh" CreateDate="12/7/2007 2:14:09 AM" ChageDate="3/6/2007 6:26:52 PM" MD5="3FC22BA888356B0ACDB7E1D6FC0F002C" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcshllps.dll" CheckResult="-1" Descr="McAfee McShell Proxy Stub DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="87640" Attr="rsAh" CreateDate="12/7/2007 2:13:43 AM" ChageDate="1/5/2007 4:21:52 PM" MD5="B811AAC93D5BD5DCA6CCB0251ED59586" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL" CheckResult="-1" Descr="McAfee Network Agent Proxy/Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="83496" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:12 AM" MD5="975F9F1EAFB8566A51D696E61D7845EA" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcnmcsps.dll" CheckResult="-1" Descr="McAfee NMC Server Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="67112" Attr="rsAh" CreateDate="12/7/2007 2:14:09 AM" ChageDate="3/6/2007 6:26:50 PM" MD5="935873C869BE551ABE18C4C1C5A12520" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcmismgr.dll" CheckResult="-1" Descr="McAfee Misc Manager" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124" Hidden="-1" Size="394840" Attr="rsAh" CreateDate="12/7/2007 2:13:46 AM" ChageDate="1/5/2007 4:21:34 PM" MD5="CC6A41FF46C4EFC8F2EBD433FA47F91F" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll" CheckResult="-1" Descr="McAfee Unified Join" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124" Hidden="-1" Size="333352" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:14 AM" MD5="4129F3D399370271074463D15AAB4565" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\McNmcRes.dll" CheckResult="-1" Descr="McAfee NMC Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="333352" Attr="rsAh" CreateDate="12/7/2007 2:14:11 AM" ChageDate="3/6/2007 6:26:48 PM" MD5="1E55194336D7639EBEB95E75AEDDB218" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll" CheckResult="-1" Descr="McAfee NMC Localized Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="14376" Attr="rsAh" CreateDate="12/7/2007 2:14:11 AM" ChageDate="3/6/2007 6:33:36 PM" MD5="2D297D63417EF342BE55E99F6F935CE2" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll" CheckResult="-1" Descr="McAfee NMC Co-Branded Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="13352" Attr="rsAh" CreateDate="12/7/2007 2:14:12 AM" ChageDate="3/6/2007 6:33:56 PM" MD5="F9733A366B95C5387A6EFB6DE1354A61" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcprotpv.dll" CheckResult="-1" Descr="MISP Default Protection Provider" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="204" Hidden="-1" Size="317016" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:42 PM" MD5="CE0150BC423490294E40697B0F47E3AD" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcnmcprv.dll" CheckResult="-1" Descr="McAfee NMC Provider" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="204" Hidden="-1" Size="349736" Attr="rsAh" CreateDate="12/7/2007 2:14:09 AM" ChageDate="3/6/2007 6:26:46 PM" MD5="DE16DB48B1B925C8B75B386576EDB606" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\McProHlp.dll" CheckResult="-1" Descr="Mc Security Index" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="204" Hidden="-1" Size="231000" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:40 PM" MD5="FE763F9B4DF58577DA50409BF837F3E3" />

<ITEM File="c:\PROGRA~1\mcafee\mps\mpsppm.dll" CheckResult="-1" Descr="MPS Proxy Plugin Module" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="228" Hidden="-1" Size="207912" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:07:46 PM" MD5="12F30D8D6D2300F7F42B9B9B752FFBA2" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll" CheckResult="-1" Descr="McAfee Event Broker" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="228,408,492,620,2312,312" Hidden="-1" Size="267856" Attr="rsAh" CreateDate="12/7/2007 2:13:39 AM" ChageDate="1/5/2007 2:50:04 PM" MD5="5F2A40A32C06BD4AD4450121ADB95AD7" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll" CheckResult="-1" Descr="McAfee Redirector Service Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="228,312" Hidden="-1" Size="76896" Attr="rsAh" CreateDate="12/7/2007 2:14:23 AM" ChageDate="3/8/2007 3:42:36 PM" MD5="F2C5BB8DC685D31C1895BD74BE2F5FA3" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll" CheckResult="-1" Descr="Provides self-protection functionality" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="25152" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:56:40 AM" MD5="A5BFECDD6127A276A9B24A1007C34800" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll" CheckResult="-1" Descr="Common Shell - [email protected]; interface to the engine" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="132672" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:30 AM" MD5="E7E7C5E2253A741EF7269C5F21D73BB4" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll" CheckResult="-1" Descr="Common Shell2 - [email protected]; interface to the 5000 series engine" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="226880" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:30 AM" MD5="13515CB8D6602D3433537104D6055A52" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll" CheckResult="-1" Descr="Resources for McShield" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="24664" Attr="rsAh" CreateDate="12/7/2007 2:14:36 AM" ChageDate="6/25/2007 10:55:10 AM" MD5="3A384EBBAEE0151233C02FCE02A7CEE1" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll" CheckResult="-1" Descr="File Filter Library" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="41024" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:56:58 AM" MD5="181D9F8B63960DA647B4B9A9B3EEB985" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll" CheckResult="-1" Descr="McAfee VirusScan Announcer" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="321104" Attr="rsAh" CreateDate="12/7/2007 2:14:38 AM" ChageDate="1/16/2007 2:06:14 PM" MD5="5BE90201048153C3975C7C4339199514" />

<ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll" CheckResult="-1" Descr="McAfee VirusScan Proxy Stub dll" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408,492" Hidden="-1" Size="169552" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:06:10 PM" MD5="" />

<ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll" CheckResult="-1" Descr="McAfee VirusScan Announcer Proxy Stub dll" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="24656" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:06:16 PM" MD5="792480860CB2ABF6AB643CBE0CE4BBBD" />

<ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll" CheckResult="-1" Descr="McAfee Configuration Object Tool" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408,492" Hidden="-1" Size="296528" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="4/18/2007 8:26:08 AM" MD5="F496CA7746E0CE9266900B1632B4E29E" />

<ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll" CheckResult="-1" Descr="McAfee VirusScan Quarantine Interface" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="185936" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:05:42 PM" MD5="2217F3EBE3A041C423DC9DB840A0DB80" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll" CheckResult="-1" Descr="McAfee Quarantine Library" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="194128" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:06:08 PM" MD5="7B34ACE0CFCC7346E31E300CB4C00ED5" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll" CheckResult="-1" Descr="McAfee VirusScan Log Helper" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408,492" Hidden="-1" Size="276048" Attr="rsAh" CreateDate="12/7/2007 2:15:12 AM" ChageDate="1/16/2007 6:03:50 PM" MD5="C3E3DD3D79807127A52C5625CE10BC76" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\scriptsv.dll" CheckResult="-1" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="17984" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:46 AM" MD5="2369DAE0A438B9BEC65871420D53CF86" />

<ITEM File="C:\Program Files\McAfee\VirusScan\mcscan32.dll" CheckResult="-1" Descr="AV Scanning Engine" LegalCopyright="Copyright © 2007 McAfee, Inc." UsedBy="408" Hidden="-1" Size="2724006" Attr="RsAh" CreateDate="12/7/2007 2:14:49 AM" ChageDate="7/9/2007 5:20:00 AM" MD5="7D89C620128AC1B1D2BEADAE59C5EDF2" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll" CheckResult="-1" Descr="Buffer Overflow Protection Service" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="58944" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:10 AM" MD5="4711D113468155AC27983BE349408618" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll" CheckResult="-1" Descr="Host Intrusion Detection Link Driver Communication" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408,492" Hidden="-1" Size="19008" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:12 AM" MD5="1FC2D830CFA073C55AF2C08CCA8F25B7" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll" CheckResult="-1" Descr="Anti Virus File System Filter Driver API" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="58944" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:04 AM" MD5="EFBC8534AC8BE9F03AF580AE354B998C" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll" CheckResult="-1" Descr="System Monitor Filter Driver API" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="492" Hidden="-1" Size="17472" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:26 AM" MD5="2BF1F42442060609DD7E2A8FEFD68141" />

<ITEM File="c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll" CheckResult="-1" Descr="McAfee Personal Firewall Plus" LegalCopyright="Copyright © 2005 McAfee, Inc. All Rights Reserved." UsedBy="620" Hidden="-1" Size="972328" Attr="rsAh" CreateDate="12/7/2007 2:15:35 AM" ChageDate="3/9/2007 4:21:10 PM" MD5="30191EB8EE14AF39ABDC438F33916182" />

<ITEM File="C:\windows\system32\Dunzip32.dll" CheckResult="-1" Descr="DynaZIP-32 Multi-Threading UnZIP DLL" LegalCopyright="Copyright © 1995 - 2004 by Inner Media, Inc. All Rights Reserved." UsedBy="2312" Hidden="-1" Size="143360" Attr="rsAh" CreateDate="12/7/2007 2:15:57 AM" ChageDate="3/3/2006 11:07:02 AM" MD5="C293127E169B0F2F02BB2CBED1057471" />

<ITEM File="c:\PROGRA~1\mcafee\mps\mpsps.dll" CheckResult="-1" Descr="McAfee Privacy Service 9.0 Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="2312,3500" Hidden="-1" Size="58408" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:08:12 PM" MD5="E43DA3F7CF8BB44A360F2A66026E542B" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\McAltLib.dll" CheckResult="-1" Descr="MISP Alert Library" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="3500" Hidden="-1" Size="288344" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:22:06 PM" MD5="B8D3D1737DC48D9B08B408F53F2B5E8E" />

<ITEM File="c:\PROGRA~1\mcafee\mps\mpsmisp.dll" CheckResult="-1" Descr="McAfee Privacy Service 9.0" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="3500" Hidden="-1" Size="415784" Attr="rsAh" CreateDate="12/7/2007 2:16:01 AM" ChageDate="4/18/2007 2:07:42 PM" MD5="F165CF0FABCBE256F5885AE4BC1C6BB5" />

<ITEM File="C:\Program Files\SPYWAREfighter\engine.dll" CheckResult="-1" Descr="scan engine" LegalCopyright="Copyright © 2005 Anti-Malware Development a.s." UsedBy="2936" Hidden="-1" Size="471960" Attr="rsAh" CreateDate="6/8/2007 11:52:24 AM" ChageDate="6/8/2007 11:52:24 AM" MD5="8D14075841481A2D59F3227EE5E72417" />

<ITEM File="C:\Program Files\SPYWAREfighter\spfrm.dll" CheckResult="-1" Descr="SpyWareFighter RS" LegalCopyright="SpamFighter Aps. All rights reserved." UsedBy="2936,2632" Hidden="-1" Size="230296" Attr="rsAh" CreateDate="6/8/2007 11:52:40 AM" ChageDate="6/8/2007 11:52:40 AM" MD5="B534F5F1AADB2BE2E46FCC2E774A1E87" />

<ITEM File="C:\Program Files\SPYWAREfighter\SPYWAREfighterBO.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="2936,2632" Hidden="-1" Size="119704" Attr="rsAh" CreateDate="6/8/2007 11:52:42 AM" ChageDate="6/8/2007 11:52:42 AM" MD5="BE486297D5DEE1F3C7ADBAFEF9D28AE1" />

<ITEM File="C:\windows\system32\hpz3l4pi.dll" CheckResult="-1" Descr="LanguageMonitor" LegalCopyright="Copyright © 1999" UsedBy="1680" Hidden="-1" Size="48128" Attr="rsAh" CreateDate="4/7/2007 6:55:22 PM" ChageDate="6/3/2006 8:29:16 PM" MD5="37EAAE02EBF3B89F4F7BD1D40761F80B" />

<ITEM File="C:\windows\System32\spool\PRTPROCS\W32X86\hpzpp4pi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © Hewlett-Packard Corp. 1997-2002" UsedBy="1680" Hidden="-1" Size="76288" Attr="rsAh" CreateDate="4/7/2007 6:55:23 PM" ChageDate="6/3/2006 8:29:06 PM" MD5="9B8DDEEDB31EDD8042D3B337B47D0409" />

<ITEM File="C:\Program Files\AOL 9.0b\waol.dll" CheckResult="-1" Descr="AOL Software" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="364544" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="7A039521B550697ECEC12F3A8688672A" />

<ITEM File="C:\Program Files\AOL 9.0b\supersub.dll" CheckResult="-1" Descr="SuperSub" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="454656" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="5DCE7F8D6AB93F4FC798EB9EB133F10D" />

<ITEM File="C:\Program Files\AOL 9.0b\xprt5.dll" CheckResult="-1" Descr="XPRT Runtime Library" LegalCopyright="Copyright 1998-2007 AOL LLC" UsedBy="1436" Hidden="-1" Size="249856" Attr="rsAh" CreateDate="4/18/2007 1:49:08 AM" ChageDate="4/18/2007 1:49:08 AM" MD5="BF9D64E0ECD591BC1B38BD335156B66F" />

<ITEM File="C:\Program Files\AOL 9.0b\coolcore46.dll" CheckResult="-1" Descr="COOL Core Component Library" LegalCopyright="Copyright 1998-2007 AOL LLC" UsedBy="1436" Hidden="-1" Size="749568" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="2522A70E4818281C27C9BD1952C376A1" />

<ITEM File="C:\Program Files\AOL 9.0b\comm.dll" CheckResult="-1" Descr="Comm" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="245760" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="AABE0FDB863D088AD3A3751C8D40E2C6" />

<ITEM File="C:\Program Files\AOL 9.0b\manager.dll" CheckResult="-1" Descr="Display Manager" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="901120" Attr="rsAh" CreateDate="4/18/2007 1:49:02 AM" ChageDate="9/14/2007 11:50:58 AM" MD5="A2BC762A42DC8A4BCE27CE3EA5ACF97B" />

<ITEM File="C:\Program Files\AOL 9.0b\SYNCCORE.dll" CheckResult="-1" Descr="SYNCCORE.DLL" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="22528" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="56501D3BE21525DB985700CD0FDE0414" />

<ITEM File="C:\Program Files\AOL 9.0b\ProxyMgr.dll" CheckResult="-1" Descr="ProxyMgr DLL" LegalCopyright="Copyright ¬ 1999 - 2003" UsedBy="1436" Hidden="-1" Size="114688" Attr="rsAh" CreateDate="4/18/2007 1:49:05 AM" ChageDate="4/18/2007 1:49:05 AM" MD5="465B58B8EE6BABDDEA6EB082B3E62ACC" />

<ITEM File="C:\Program Files\AOL 9.0b\APPDATA.dll" CheckResult="-1" Descr="AppData" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="11264" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="FD7B588D956F07BF3EAF22D84C061296" />

<ITEM File="C:\Program Files\AOL 9.0b\acfBase.DLL" CheckResult="-1" Descr="acf Module" LegalCopyright="Copyright 2001" UsedBy="1436" Hidden="-1" Size="41472" Attr="rsAh" CreateDate="4/18/2007 1:48:59 AM" ChageDate="4/18/2007 1:48:59 AM" MD5="959141849AFD2F062DDA9BD64C3CBD54" />

<ITEM File="C:\Program Files\AOL 9.0b\resource.dll" CheckResult="-1" Descr="RESOURCE Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="2703360" Attr="rsAh" CreateDate="4/18/2007 1:49:05 AM" ChageDate="4/18/2007 1:49:05 AM" MD5="6F20433C6889F1909A930474D6CB9515" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\imfdecode.rct" CheckResult="-1" Descr="Imfdecode Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="421888" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="5A67C2F49A59FFAE8FEA0F719C7B9F99" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\coretool.rct" CheckResult="-1" Descr="Coretool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="401408" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="713A0F8C867BEEB435EFEF0FA9C7E49E" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\mip.tol" CheckResult="-1" Descr="MIP Manager" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="315392" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="A9D4A63B1EA63D557DD6FAFD1BD0FFF9" />

<ITEM File="C:\Program Files\AOL 9.0b\ABOOK.dll" CheckResult="-1" Descr="ABook Library" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="380928" Attr="rsAh" CreateDate="4/18/2007 1:48:59 AM" ChageDate="4/18/2007 1:48:59 AM" MD5="FAD65A905B609722AC0704313C0849D7" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\rich.rct" CheckResult="-1" Descr="Rich Text Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="434176" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="9E0C34DA3F3265F846ABA1DBCFA0EE98" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\actvx.rct" CheckResult="-1" Descr="ActiveX" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="167936" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\sec.cct" CheckResult="-1" Descr="Security Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="163840" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="600FBBE776FDA52A57F550057E23163F" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\chat.tol" CheckResult="-1" Descr="Chat Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="364544" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="3B35DEE5F1A44CAE9F0097005435EA0A" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\htmlview.tol" CheckResult="-1" Descr="Managed By Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="352256" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\www.tol" CheckResult="-1" Descr="WWW" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="249856" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="D54B93C40FD04039D66230BE054A4D45" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\lvi.tol" CheckResult="-1" Descr="LVI Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="77824" Attr="rsAh" CreateDate="10/2/2007 7:53:03 AM" ChageDate="4/18/2007 1:49:08 AM" MD5="81C9940357741049320B8EC79EC13AA3" />

<ITEM File="C:\Program Files\AOL 9.0b\COOLAPI.dll" CheckResult="-1" Descr="Cool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="196608" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="E754F58B4D61202C823DF0D61B5691A0" />

<ITEM File="C:\Program Files\AOL 9.0b\idleproc.dll" CheckResult="-1" Descr="IDLEPROC DLL" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="6144" Attr="rsAh" CreateDate="4/18/2007 1:49:01 AM" ChageDate="4/18/2007 1:49:01 AM" MD5="180D0E0733DB9BB7EBC3C0675A055E32" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\talk.tol" CheckResult="-1" Descr="Talk Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="27648" Attr="rsAh" CreateDate="10/2/2007 7:53:02 AM" ChageDate="4/18/2007 1:49:08 AM" MD5="F6ACE72ED4960BB0DE3E81DA2EC1C2A6" />

<ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll" CheckResult="-1" Descr="Viewpoint Media Player for Internet Explorer" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="254022" Attr="rsAh" CreateDate="2/15/2007 9:50:19 AM" ChageDate="2/15/2007 9:50:18 AM" MD5="" />

<ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305000D.dll" CheckResult="-1" Descr="Viewpoint Media Player Component Manager" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="213062" Attr="rsAh" CreateDate="2/15/2007 9:50:19 AM" ChageDate="2/15/2007 9:50:19 AM" MD5="CB92EBF6A404E9CFCE1C226BB0D86AFF" />

<ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll" CheckResult="-1" Descr="Viewpoint Media Player Scene Component" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="1282120" Attr="rsAh" CreateDate="7/7/2005 5:26:32 PM" ChageDate="6/15/2007 11:27:15 AM" MD5="18AE6C06D816E187DBF73C88A6358FF5" />

<ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll" CheckResult="-1" Descr="Viewpoint Media Player AOLUserShell" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="413746" Attr="rsAh" CreateDate="7/7/2005 5:26:33 PM" ChageDate="2/20/2004 2:57:31 PM" MD5="930D959F612AA545DEF48CA94616E5D8" />

<ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll" CheckResult="-1" Descr="Viewpoint Media Player Rasterizer Component" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="528430" Attr="rsAh" CreateDate="7/7/2005 5:26:32 PM" ChageDate="2/20/2004 3:02:25 PM" MD5="3BADDC0379DC2E57F654E900F403D5AE" />

<ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll" CheckResult="-1" Descr="Viewpoint Media Player SWFView Component" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="659501" Attr="rsAh" CreateDate="7/7/2005 5:26:32 PM" ChageDate="2/20/2004 3:08:01 PM" MD5="20085B5B8BC179425ED29DCE0C5DD6DD" />

<ITEM File="C:\windows\system32\jgpl400.dll" CheckResult="-1" Descr="JG ART Player DLL" LegalCopyright="©1996 AOL/Johnson-Grace Company" UsedBy="1436" Hidden="-1" Size="27648" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="BBB92EFC61A2D867EB21CE24FC1BB5CA" />

<ITEM File="C:\windows\system32\jgdw400.dll" CheckResult="-1" Descr="JG ART DLL" LegalCopyright="Copyright © 1997 America Online, Inc." UsedBy="1436" Hidden="-1" Size="163840" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="07F5D42EA81FC1A8A2F59D5104714546" />

</DLL>

- <KERNELOBJ>

<ITEM File="C:\windows\System32\Drivers\dump_atapi.sys" CheckResult="-1" Base="F45AB000" MemSize="018000" Descr="" LegalCopyright="" />

<ITEM File="C:\windows\System32\Drivers\dump_WMILIB.SYS" CheckResult="-1" Base="F7B2C000" MemSize="002000" Descr="" LegalCopyright="" />

<ITEM File="C:\windows\system32\drivers\mfebopk.sys" CheckResult="-1" Base="F78EC000" MemSize="007000" Descr="Buffer Overflow Protection Driver" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="34184" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:10 AM" MD5="3E9886C65CC655044BABB6869B69E8A3" />

<ITEM File="C:\windows\system32\drivers\mfehidk.sys" CheckResult="-1" Base="B9D0C000" MemSize="029000" Descr="Host Intrusion Detection Link Driver" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="171240" Attr="rsAh" CreateDate="12/7/2007 2:14:31 AM" ChageDate="6/25/2007 10:57:20 AM" MD5="8FF78B6959BC106834F583B9ABE33E33" />

<ITEM File="C:\windows\system32\drivers\mfesmfk.sys" CheckResult="-1" Base="F78DC000" MemSize="008000" Descr="System Monitor Filter Driver" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="37480" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:28 AM" MD5="465E114B2D2DD7C79951F4A8E9FD9CD2" />

<ITEM File="C:\windows\System32\Drivers\Mpfp.sys" CheckResult="-1" Base="F47DB000" MemSize="023000" Descr="McAfee Personal Firewall Plus Driver" LegalCopyright="Copyright © 2005 McAfee, Inc. All rights reserved." Size="109608" Attr="rsAh" CreateDate="12/7/2007 2:14:21 AM" ChageDate="3/2/2007 2:16:52 PM" MD5="B53A1134237A49A10352D5DD54BB2A54" />

<ITEM File="C:\Program Files\SPYWAREfighter\spyfighter.sys" CheckResult="-1" Base="F78C4000" MemSize="005000" Descr="" LegalCopyright="" Size="8600" Attr="rsAh" CreateDate="6/8/2007 11:52:46 AM" ChageDate="6/8/2007 11:52:46 AM" MD5="07263F66EEF61331D9FBC0EEA316FF86" />

</KERNELOBJ>

- <Service>

<ITEM File="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" Name="AOL ACS" CheckResult="-1" Type="272" State="4" Size="46640" Attr="RsAh" CreateDate="10/23/2006 7:50:35 AM" ChageDate="10/23/2006 7:50:35 AM" MD5="85180CF88C5EBAD73B452A43A004CA51" />

<ITEM File="C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" Name="McAfee HackerWatch Service" CheckResult="-1" Type="16" State="4" Size="540776" Attr="rsAh" CreateDate="12/7/2007 2:14:26 AM" ChageDate="2/13/2007 12:09:12 PM" MD5="38BCCF016B694A745E1CDBC0B080A59C" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" Name="mcmscsvc" CheckResult="-1" Type="16" State="4" Size="361560" Attr="rsAh" CreateDate="12/7/2007 2:13:51 AM" ChageDate="1/5/2007 4:22:12 PM" MD5="BB8A45E65BE310996A201F8A75646A8D" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" Name="McNASvc" CheckResult="-1" Type="16" State="4" Size="2213416" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:10 AM" MD5="39621D46D16AF1FCF6063BCED5CA60FC" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe" Name="McODS" CheckResult="-1" Type="16" State="4" Size="362064" Attr="rsAh" CreateDate="12/7/2007 2:15:09 AM" ChageDate="1/16/2007 6:03:36 PM" MD5="" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\mcpromgr.exe" Name="mcpromgr" CheckResult="-1" Type="16" State="4" Size="493144" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:40 PM" MD5="14313FF5203DF7CB53E8D2F18F59D4D2" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" Name="McProxy" CheckResult="-1" Type="16" State="4" Size="353368" Attr="rsAh" CreateDate="12/7/2007 2:15:51 AM" ChageDate="4/12/2007 9:33:42 AM" MD5="7BC413411A8A0E58ECB6868FFC2180D9" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe" Name="McRedirector" CheckResult="-1" Type="16" State="4" Size="256096" Attr="rsAh" CreateDate="12/7/2007 2:14:23 AM" ChageDate="3/8/2007 3:42:42 PM" MD5="DAF486036F2F6EE9DBA390D3CF2E5C29" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" Name="McShield" CheckResult="-1" Type="16" State="4" Size="144960" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:56:42 AM" MD5="6611420C3CC970126C86ADCDC376AE39" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" Name="McSysmon" CheckResult="-1" Type="16" State="4" Size="643664" Attr="rsAh" CreateDate="12/7/2007 2:14:39 AM" ChageDate="1/25/2007 4:01:58 PM" MD5="9770A8706BBA3C4CBEA998D2A6BF2D08" />

<ITEM File="C:\Program Files\McAfee\MPF\MPFSrv.exe" Name="MpfService" CheckResult="-1" Type="16" State="4" Size="841256" Attr="rsAh" CreateDate="12/7/2007 2:15:27 AM" ChageDate="6/19/2007 8:55:24 AM" MD5="1CAD000C45ED402F9C61F90CF8D208C2" />

<ITEM File="C:\PROGRA~1\McAfee\MPS\mps.exe" Name="MPS9" CheckResult="-1" Type="16" State="4" Size="906792" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:08:06 PM" MD5="" />

<ITEM File="C:\Program Files\SPYWAREfighter\spfprc.exe" Name="SPYWAREfighterRP" CheckResult="-1" Type="272" State="4" Size="410520" Attr="rsAh" CreateDate="6/8/2007 11:52:14 AM" ChageDate="6/8/2007 11:52:14 AM" MD5="DD634A9825135DDD919683A7DC04360B" />

<ITEM File="C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" Name="Adobe LM Service" CheckResult="-1" Type="16" State="1" Size="72704" Attr="rsAh" CreateDate="8/17/2005 8:18:22 PM" ChageDate="8/17/2005 8:18:22 PM" MD5="8B46D5A1D3EF08232C04D0EAFB871FB2" />

<ITEM File="C:\WINDOWS\system32\ati2sgag.exe" Name="ATI Smart" CheckResult="-1" Type="272" State="1" Size="516096" Attr="rsah" CreateDate="6/15/2005 10:44:41 AM" ChageDate="3/22/2005 11:05:00 PM" MD5="E08F67A80BF2FA7DF80F99F1E771EF3E" />

<ITEM File="C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe" Name="Emproxy" CheckResult="-1" Type="16" State="1" Size="341328" Attr="rsAh" CreateDate="12/7/2007 2:14:28 AM" ChageDate="10/5/2007 5:33:26 PM" MD5="A75FF052CC5682A197DD5CD4E89C218A" />

<ITEM File="iPod Service.sys" Name="iPod Service" CheckResult="-1" Type="16" State="1" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe" Name="mcmispupdmgr" CheckResult="-1" Type="272" State="1" Size="689752" Attr="rsAh" CreateDate="12/7/2007 2:13:48 AM" ChageDate="1/5/2007 4:22:18 PM" MD5="993582EC1CF765206CF9D4D5CA22589F" />

</Service>

- <Drivers>

<ITEM File="C:\windows\system32\drivers\mfebopk.sys" Name="mfebopk" CheckResult="-1" Type="1" State="4" Size="34184" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:10 AM" MD5="3E9886C65CC655044BABB6869B69E8A3" />

<ITEM File="C:\windows\system32\drivers\mfehidk.sys" Name="mfehidk" CheckResult="-1" Type="1" State="4" Size="171240" Attr="rsAh" CreateDate="12/7/2007 2:14:31 AM" ChageDate="6/25/2007 10:57:20 AM" MD5="8FF78B6959BC106834F583B9ABE33E33" />

<ITEM File="C:\windows\system32\drivers\mfesmfk.sys" Name="mfesmfk" CheckResult="-1" Type="1" State="4" Size="37480" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:28 AM" MD5="465E114B2D2DD7C79951F4A8E9FD9CD2" />

<ITEM File="C:\windows\system32\Drivers\Mpfp.sys" Name="MPFP" CheckResult="-1" Type="1" State="4" Size="109608" Attr="rsAh" CreateDate="12/7/2007 2:14:21 AM" ChageDate="3/2/2007 2:16:52 PM" MD5="B53A1134237A49A10352D5DD54BB2A54" />

<ITEM File="C:\Program Files\SPYWAREfighter\spyfighter.sys" Name="SpyFighter" CheckResult="-1" Type="1" State="4" Size="8600" Attr="rsAh" CreateDate="6/8/2007 11:52:46 AM" ChageDate="6/8/2007 11:52:46 AM" MD5="07263F66EEF61331D9FBC0EEA316FF86" />

<ITEM File="Abiosdsk.sys" Name="Abiosdsk" CheckResult="-1" Type="1" State="1" />

<ITEM File="abp480n5.sys" Name="abp480n5" CheckResult="-1" Type="1" State="1" />

<ITEM File="adpu160m.sys" Name="adpu160m" CheckResult="-1" Type="1" State="1" />

<ITEM File="Aha154x.sys" Name="Aha154x" CheckResult="-1" Type="1" State="1" />

<ITEM File="aic78u2.sys" Name="aic78u2" CheckResult="-1" Type="1" State="1" />

<ITEM File="aic78xx.sys" Name="aic78xx" CheckResult="-1" Type="1" State="1" />

<ITEM File="AliIde.sys" Name="AliIde" CheckResult="-1" Type="1" State="1" />

<ITEM File="amsint.sys" Name="amsint" CheckResult="-1" Type="1" State="1" />

<ITEM File="asc.sys" Name="asc" CheckResult="-1" Type="1" State="1" />

<ITEM File="asc3350p.sys" Name="asc3350p" CheckResult="-1" Type="1" State="1" />

<ITEM File="asc3550.sys" Name="asc3550" CheckResult="-1" Type="1" State="1" />

<ITEM File="Atdisk.sys" Name="Atdisk" CheckResult="-1" Type="1" State="1" />

<ITEM File="C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys" Name="catchme" CheckResult="-1" Type="1" State="1" />

<ITEM File="cd20xrnt.sys" Name="cd20xrnt" CheckResult="-1" Type="1" State="1" />

<ITEM File="Changer.sys" Name="Changer" CheckResult="-1" Type="1" State="1" />

<ITEM File="CmdIde.sys" Name="CmdIde" CheckResult="-1" Type="1" State="1" />

<ITEM File="Cpqarray.sys" Name="Cpqarray" CheckResult="-1" Type="1" State="1" />

<ITEM File="dac960nt.sys" Name="dac960nt" CheckResult="-1" Type="1" State="1" />

<ITEM File="dpti2o.sys" Name="dpti2o" CheckResult="-1" Type="1" State="1" />

<ITEM File="D:\Fxdrv.sys" Name="FXDRV" CheckResult="-1" Type="1" State="1" />

<ITEM File="hpn.sys" Name="hpn" CheckResult="-1" Type="1" State="1" />

<ITEM File="i2omgmt.sys" Name="i2omgmt" CheckResult="-1" Type="1" State="1" />

<ITEM File="i2omp.sys" Name="i2omp" CheckResult="-1" Type="1" State="1" />

<ITEM File="ini910u.sys" Name="ini910u" CheckResult="-1" Type="1" State="1" />

<ITEM File="IntelIde.sys" Name="IntelIde" CheckResult="-1" Type="1" State="1" />

<ITEM File="lbrtfdc.sys" Name="lbrtfdc" CheckResult="-1" Type="1" State="1" />

<ITEM File="C:\windows\system32\drivers\mferkdk.sys" Name="mferkdk" CheckResult="-1" Type="1" State="1" Size="32008" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:24 AM" MD5="4472CC5A38FB106751CB81883AE714D3" />

<ITEM File="mraid35x.sys" Name="mraid35x" CheckResult="-1" Type="1" State="1" />

<ITEM File="PCIDump.sys" Name="PCIDump" CheckResult="-1" Type="1" State="1" />

<ITEM File="PDCOMP.sys" Name="PDCOMP" CheckResult="-1" Type="1" State="1" />

<ITEM File="PDFRAME.sys" Name="PDFRAME" CheckResult="-1" Type="1" State="1" />

<ITEM File="PDRELI.sys" Name="PDRELI" CheckResult="-1" Type="1" State="1" />

<ITEM File="PDRFRAME.sys" Name="PDRFRAME" CheckResult="-1" Type="1" State="1" />

<ITEM File="perc2.sys" Name="perc2" CheckResult="-1" Type="1" State="1" />

<ITEM File="perc2hib.sys" Name="perc2hib" CheckResult="-1" Type="1" State="1" />

<ITEM File="ql1080.sys" Name="ql1080" CheckResult="-1" Type="1" State="1" />

<ITEM File="Ql10wnt.sys" Name="Ql10wnt" CheckResult="-1" Type="1" State="1" />

<ITEM File="ql12160.sys" Name="ql12160" CheckResult="-1" Type="1" State="1" />

<ITEM File="ql1240.sys" Name="ql1240" CheckResult="-1" Type="1" State="1" />

<ITEM File="ql1280.sys" Name="ql1280" CheckResult="-1" Type="1" State="1" />

<ITEM File="Simbad.sys" Name="Simbad" CheckResult="-1" Type="1" State="1" />

<ITEM File="Sparrow.sys" Name="Sparrow" CheckResult="-1" Type="1" State="1" />

<ITEM File="sym_hi.sys" Name="sym_hi" CheckResult="-1" Type="1" State="1" />

<ITEM File="sym_u3.sys" Name="sym_u3" CheckResult="-1" Type="1" State="1" />

<ITEM File="symc810.sys" Name="symc810" CheckResult="-1" Type="1" State="1" />

<ITEM File="symc8xx.sys" Name="symc8xx" CheckResult="-1" Type="1" State="1" />

<ITEM File="TosIde.sys" Name="TosIde" CheckResult="-1" Type="1" State="1" />

<ITEM File="ultra.sys" Name="ultra" CheckResult="-1" Type="1" State="1" />

<ITEM File="ViaIde.sys" Name="ViaIde" CheckResult="-1" Type="1" State="1" />

<ITEM File="WDICA.sys" Name="WDICA" CheckResult="-1" Type="1" State="1" />

</Drivers>

- <AUTORUN>

<ITEM File="C:\Program Files\AOL 9.0b\AOL.EXE" CheckResult="-1" Enabled="1" Type="REG" Size="50736" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="8FC6A73DCBC27F310AB4CD9998AB8F17" X1="HKEY_CURRENT_USER" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="AOL Fast Start" />

<ITEM File="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="80896" Attr="rsAh" CreateDate="8/22/2007 4:31:16 PM" ChageDate="8/22/2007 4:31:16 PM" MD5="941A08CBDEEDF16B6C986B6BA7C9A5D0" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="hpqSRMon" />

<ITEM File="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" CheckResult="-1" Enabled="1" Type="REG" Size="131072" Attr="rsAh" CreateDate="6/15/2005 10:39:44 AM" ChageDate="10/7/2004 7:53:06 PM" MD5="9A41CD3BEF74884C2C9E1269B8A6A566" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="NVMixerTray" />

<ITEM File="C:\Program Files\SPYWAREfighter\spftray.exe" CheckResult="-1" Enabled="1" Type="REG" Size="115608" Attr="rsAh" CreateDate="6/8/2007 11:52:18 AM" ChageDate="6/8/2007 11:52:18 AM" MD5="B98D723FBDF2508C8959258BD42F46E9" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="spywarefighterguard" />

<ITEM File="appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}" X3="DLLName" />

<ITEM File="autocheck autochk *lsdelete" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager" X3="BootExecute" />

</AUTORUN>

- <BHO>

<ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" Descr="" LegalCopyright="" />

<ITEM File="C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{6548BF73-58FF-71D5-F97D-17C71E323709}" Descr="IntelligentAdvisor" LegalCopyright="©" Size="1019904" Attr="rsAh" CreateDate="12/11/2007 4:27:08 PM" ChageDate="12/11/2007 4:27:08 PM" MD5="EB37DA8025116FC1A2DDD2F93B700C5A" />

<ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="67136" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:44 AM" MD5="AAB55DDA71DA25DDED70FEA55B61CC19" />

<ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="CmdMapping" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="67136" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:44 AM" MD5="AAB55DDA71DA25DDED70FEA55B61CC19" />

<ITEM File="C:\Program Files\Messenger\MSMSGS.EXE" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{FB5F1910-F110-11d2-BB9E-00C04F795683}" Descr="Messenger" LegalCopyright="Copyright © Microsoft Corporation 1997-2003" Size="1498032" Attr="rsAh" CreateDate="4/14/2003 8:05:20 PM" ChageDate="4/14/2003 8:05:20 PM" MD5="F5C2F0308D0AA91457059EC7227A06F7" />

</BHO>

- <ExplorerExt>

<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Display Panning CPL Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{42071714-76d4-11d1-8b24-00a0c9068ff3}" Descr="" LegalCopyright="" />

<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Shell extensions for file compression" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{764BF0E1-F219-11ce-972D-00AA00A14F56}" Descr="" LegalCopyright="" />

<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Encryption Context Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" Descr="" LegalCopyright="" />

<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Taskbar and Start Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" />

<ITEM File="rundll32.exe C:\windows\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" CheckResult="-1" Enabled="1" ExtName="Autoplay for SlideShow" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" Descr="" LegalCopyright="" />

<ITEM File="" CheckResult="-1" Enabled="1" ExtName="User Accounts" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" />

<ITEM File="C:\WINDOWS\system32\mscoree.dll" CheckResult="-1" Enabled="1" ExtName="Fusion Cache" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{1D2680C9-0E2A-469d-B787-065558BC7D43}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="271360" Attr="rsAh" CreateDate="3/13/2007 8:54:08 PM" ChageDate="3/13/2007 8:54:08 PM" MD5="CE3FB88207EE4D3C8BD55EB869585144" />

</ExplorerExt>

- <PrintEXT>

<ITEM File="C:\windows\system32\hpz3l4pi.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="LanguageMonitor" LegalCopyright="Copyright © 1999" Size="48128" Attr="rsAh" CreateDate="4/7/2007 6:55:22 PM" ChageDate="6/3/2006 8:29:16 PM" MD5="37EAAE02EBF3B89F4F7BD1D40761F80B" />

</PrintEXT>

- <TaskScheduler>

<ITEM File="c:\PROGRA~1\mcafee\mqc\QcConsol.exe" CheckResult="-1" Enabled="4235908" Descr="QuickClean Console Application" LegalCopyright="Copyright © 2006 McAfee, Inc." Size="136744" Attr="rsAh" CreateDate="12/7/2007 2:13:59 AM" ChageDate="1/17/2007 6:02:10 PM" MD5="9D3D28FF398533B5DCDA638F0794AE8A" />

<ITEM File="c:\PROGRA~1\mcafee\mqc\QcConsol.exe" CheckResult="-1" Enabled="4235908" Descr="QuickClean Console Application" LegalCopyright="Copyright © 2006 McAfee, Inc." Size="136744" Attr="rsAh" CreateDate="12/7/2007 2:13:59 AM" ChageDate="1/17/2007 6:02:10 PM" MD5="9D3D28FF398533B5DCDA638F0794AE8A" />

<ITEM File="C:\Program Files\RegCure\RegCure.exe" CheckResult="-1" Enabled="4235908" Descr="RegCure Application" LegalCopyright="Copyright © 2006" Size="11511104" Attr="rsAh" CreateDate="8/2/2007 11:20:34 AM" ChageDate="8/2/2007 11:20:34 AM" MD5="1E70230570407FA2899D27AE31A8E407" />

<ITEM File="C:\Program Files\RegCure\RegCure.exe" CheckResult="-1" Enabled="4235908" Descr="RegCure Application" LegalCopyright="Copyright © 2006" Size="11511104" Attr="rsAh" CreateDate="8/2/2007 11:20:34 AM" ChageDate="8/2/2007 11:20:34 AM" MD5="1E70230570407FA2899D27AE31A8E407" />

<ITEM File="C:\Program Files\SpywareBot\SpywareBot.exe" CheckResult="-1" Enabled="4235908" Descr="" LegalCopyright="" />

</TaskScheduler>

- <DPF>

<ITEM File="C:\WINDOWS\Downloaded Program Files\fscax.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{0B79F48A-E8D6-11DB-9283-E25056D89593}" CodeBase="http://support.f-secure.com/ols/fscax.cab" Descr="fscax module" LegalCopyright="© 2005-2006 F-Secure Corporation. All rights reserved." Size="254360" Attr="rsAh" CreateDate="5/7/2007 4:39:24 PM" ChageDate="5/7/2007 4:39:24 PM" MD5="D5199825510E4C4F97DC93B7BC3B1A8A" />

</DPF>

<CPL />

<ActiveSetup />

- <HOSTS>

<ITEM Line="127.0.0.1 localhost" />

</HOSTS>

- <SuspFiles>

<ITEM File="C:\windows\system32\drivers\mfehidk.sys" VirType="4" Descr="Kernel-mode hook" />

<ITEM File="C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe" VirType="2" Descr="Suspicion for Backdoor.Win32.JustJoke.26.a ( 07EF7DDB 05203645 00241305 0018D5B8 466944)" />

</SuspFiles>

- <RK_KM>

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateFile" FIndx="37" HookPtr="8056D3CA" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateKey" FIndx="41" HookPtr="80618E86" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateProcess" FIndx="47" HookPtr="805C5F8E" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtDeleteKey" FIndx="63" HookPtr="80619316" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtDeleteValueKey" FIndx="65" HookPtr="806194E6" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtMapViewOfSection" FIndx="108" HookPtr="805A6206" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtOpenKey" FIndx="119" HookPtr="8061A21C" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtProtectVirtualMemory" FIndx="137" HookPtr="805AC78E" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtRenameKey" FIndx="192" HookPtr="806188AC" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtSetValueKey" FIndx="247" HookPtr="80617546" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtTerminateProcess" FIndx="257" HookPtr="805C776C" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtUnmapViewOfSection" FIndx="267" HookPtr="805A701C" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtYieldExecution" FIndx="278" HookPtr="8050189C" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="" FIndx="739" HookPtr="805C0320" HookType="3" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="" FIndx="752" HookPtr="805C0320" HookType="3" />

</RK_KM>

</AVZ>

 

syscure

<?xml version="1.0" encoding="windows-1251" ?>

- <!-- AVZ XML Report

-->

- <AVZ>

- <PROCESS>

<ITEM PID="1560" File="c:\program files\lavasoft\ad-aware 2007\aawservice.exe" CheckResult="0" Descr="Ad-Aware 2007 Service" LegalCopyright="Copyright © 2007" Hidden="-1" CmdLine="@quot;C:\Program Files\Lavasoft\Ad-Aware 2007\[email protected];" Size="587096" Attr="rsAh" CreateDate="10/29/2007 1:27:04 PM" ChageDate="10/29/2007 1:27:04 PM" MD5="25F8546FD40E40EC5A2A23AECAE4FDCA" />

<ITEM PID="2932" File="c:\windows\system32\alg.exe" CheckResult="0" Descr="Application Layer Gateway Service" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\System32\alg.exe" Size="44544" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="F1958FBF86D5C004CF19A5951A9514B7" />

<ITEM PID="1812" File="c:\program files\common files\aol\acs\aolacsd.exe" CheckResult="-1" Descr="AOL Connectivity Service" LegalCopyright="Copyright © 2001-2006 AOL LLC" CmdLine="@quot;C:\Program Files\Common Files\AOL\ACS\[email protected];" Size="46640" Attr="RsAh" CreateDate="10/23/2006 7:50:35 AM" ChageDate="10/23/2006 7:50:35 AM" MD5="85180CF88C5EBAD73B452A43A004CA51" />

<ITEM PID="3140" File="c:\program files\common files\aol\1175982866\ee\aolsoftware.exe" CheckResult="-1" Descr="AOL" LegalCopyright="Copyright © 2007 AOL LLC" CmdLine="@quot;C:\Program Files\Common Files\AOL\1175982866\ee\[email protected]; /h servicehost.defaultGrp" Size="42032" Attr="rsAh" CreateDate="4/12/2007 4:23:31 PM" ChageDate="4/12/2007 4:23:31 PM" MD5="8C1081F3F99A78597A7CAAA85A3C1FFE" />

<ITEM PID="2616" File="c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe" CheckResult="0" Descr="Adobe Photoshop Album Starter Edition 3.0 component" LegalCopyright="© 2005 Adobe Systems Incorporated" Hidden="-1" CmdLine="@quot;C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\[email protected];" Size="57344" Attr="rsAh" CreateDate="6/6/2005 11:46:24 PM" ChageDate="6/6/2005 11:46:24 PM" MD5="617FA5BE646B5E8D6670FD4710ACD2D3" />

<ITEM PID="2628" File="c:\documents and settings\user\desktop\avz4\avz.exe" CheckResult="0" Descr="???????????? ??????? AVZ" LegalCopyright="???????????? ??????? AVZ" Hidden="-1" CmdLine="@quot;C:\Documents and Settings\user\Desktop\avz4\[email protected];" Size="732672" Attr="rsAh" CreateDate="12/13/2007 3:28:04 PM" ChageDate="12/13/2007 3:28:04 PM" MD5="07944EE215B527D2CE446621D8E8E3CE" />

<ITEM PID="768" File="c:\windows\system32\csrss.exe" CheckResult="0" Descr="Client Server Runtime Process" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" Size="6144" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="F12B178B1678D778CFD3FF1FC38C71FB" />

<ITEM PID="2664" File="c:\windows\system32\ctfmon.exe" CheckResult="0" Descr="CTF Loader" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="@quot;C:\windows\system32\[email protected];" Size="15360" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="24232996A38C0B0CF151C2140AE29FC8" />

<ITEM PID="944" File="c:\windows\explorer.exe" CheckResult="-1" Descr="Windows Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." CmdLine="C:\windows\Explorer.EXE" Size="1033216" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/13/2007 5:23:07 AM" MD5="97BD6515465659FF8F3B7BE375B2EA87" />

<ITEM PID="2648" File="c:\program files\hp\digital imaging\bin\hpqsrmon.exe" CheckResult="-1" Descr="HpqSRmon" LegalCopyright="© Hewlett-Packard. All rights reserved." CmdLine="@quot;C:\Program Files\HP\Digital Imaging\bin\[email protected];" Size="80896" Attr="rsAh" CreateDate="8/22/2007 4:31:16 PM" ChageDate="8/22/2007 4:31:16 PM" MD5="941A08CBDEEDF16B6C986B6BA7C9A5D0" />

<ITEM PID="2640" File="c:\program files\hp\hp software update\hpwuschd2.exe" CheckResult="0" Descr="Hewlett-Packard Product Assistant" LegalCopyright="Copyright © Hewlett-Packard Development Company, L.P. 1995-2005" Hidden="-1" CmdLine="@quot;C:\Program Files\HP\HP Software Update\[email protected];" Size="49152" Attr="rsAh" CreateDate="2/19/2006 1:41:10 AM" ChageDate="2/19/2006 1:41:10 AM" MD5="926A397334FE426A6C7657096FE681DB" />

<ITEM PID="2848" File="c:\windows\system32\hpzipm12.exe" CheckResult="0" Descr="PML Driver" LegalCopyright="Copyright © 1998, 1999 Hewlett-Packard Company" Hidden="-1" CmdLine="C:\WINDOWS\system32\HPZipm12.exe" Size="69632" Attr="rsah" CreateDate="4/7/2007 6:54:07 PM" ChageDate="3/3/2006 8:03:10 PM" MD5="D31F88C5F19EEFA366A415D6BC5F2ABC" />

<ITEM PID="1952" File="c:\program files\common files\mcafee\hackerwatch\hwapi.exe" CheckResult="-1" Descr="McAfee HackerWatch Service" LegalCopyright="© McAfee, Inc. All rights reserved." CmdLine="@quot;C:\Program Files\Common Files\McAfee\HackerWatch\[email protected];" Size="540776" Attr="rsAh" CreateDate="12/7/2007 2:14:26 AM" ChageDate="2/13/2007 12:09:12 PM" MD5="38BCCF016B694A745E1CDBC0B080A59C" />

<ITEM PID="2656" File="c:\program files\java\jre1.6.0_03\bin\jusched.exe" CheckResult="0" Descr="Java Platform SE binary" LegalCopyright="Copyright © 2004" Hidden="-1" CmdLine="@quot;C:\Program Files\Java\jre1.6.0_03\bin\[email protected];" Size="132496" Attr="rsAh" CreateDate="12/22/2007 10:23:15 AM" ChageDate="9/25/2007 1:11:35 AM" MD5="D4F0F7437327DBAA264338BAAFB5E5AF" />

<ITEM PID="848" File="c:\windows\system32\lsass.exe" CheckResult="0" Descr="LSA Shell (Export Version)" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\lsass.exe" Size="13312" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="84885F9B82F4D55C6146EBF6065D75D2" />

<ITEM PID="1476" File="c:\progra~1\mcafee.com\agent\mcagent.exe" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding" Size="566872" Attr="rsAh" CreateDate="12/7/2007 2:13:56 AM" ChageDate="1/5/2007 4:21:16 PM" MD5="4C4F3DE9CF6E0F8B7A4AE639FF981BFF" />

<ITEM PID="2028" File="c:\progra~1\mcafee\msc\mcmscsvc.exe" CheckResult="-1" Descr="MISP User Manager" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" Size="361560" Attr="rsAh" CreateDate="12/7/2007 2:13:51 AM" ChageDate="1/5/2007 4:22:12 PM" MD5="BB8A45E65BE310996A201F8A75646A8D" />

<ITEM PID="124" File="c:\progra~1\common~1\mcafee\mna\mcnasvc.exe" CheckResult="-1" Descr="McAfee Network Agent" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="@quot;c:\PROGRA~1\COMMON~1\mcafee\mna\[email protected];" Size="2213416" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:10 AM" MD5="39621D46D16AF1FCF6063BCED5CA60FC" />

<ITEM PID="188" File="c:\progra~1\mcafee\viruss~1\mcods.exe" CheckResult="-1" Descr="McAfee VirusScan - On Demand Scan" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe" Size="362064" Attr="rsAh" CreateDate="12/7/2007 2:15:09 AM" ChageDate="1/16/2007 6:03:36 PM" MD5="" />

<ITEM PID="204" File="c:\progra~1\mcafee\msc\mcpromgr.exe" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\MSC\mcpromgr.exe" Size="493144" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:40 PM" MD5="14313FF5203DF7CB53E8D2F18F59D4D2" />

<ITEM PID="228" File="c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe" CheckResult="-1" Descr="McAfee Proxy Service Module" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" Size="353368" Attr="rsAh" CreateDate="12/7/2007 2:15:51 AM" ChageDate="4/12/2007 9:33:42 AM" MD5="7BC413411A8A0E58ECB6868FFC2180D9" />

<ITEM PID="408" File="c:\progra~1\mcafee\viruss~1\mcshield.exe" CheckResult="-1" Descr="On-Access Scanner service" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." CmdLine="C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" Size="144960" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:56:42 AM" MD5="6611420C3CC970126C86ADCDC376AE39" />

<ITEM PID="492" File="c:\progra~1\mcafee\viruss~1\mcsysmon.exe" CheckResult="-1" Descr="McAfee SystemGuards Service" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" Size="643664" Attr="rsAh" CreateDate="12/7/2007 2:14:39 AM" ChageDate="1/25/2007 4:01:58 PM" MD5="9770A8706BBA3C4CBEA998D2A6BF2D08" />

<ITEM PID="620" File="c:\program files\mcafee\mpf\mpfsrv.exe" CheckResult="-1" Descr="McAfee Personal Firewall Service" LegalCopyright="Copyright © 2005 McAfee, Inc. All Rights Reserved." CmdLine="@quot;C:\Program Files\McAfee\MPF\[email protected];" Size="841256" Attr="rsAh" CreateDate="12/7/2007 2:15:27 AM" ChageDate="6/19/2007 8:55:24 AM" MD5="1CAD000C45ED402F9C61F90CF8D208C2" />

<ITEM PID="2312" File="c:\progra~1\mcafee\mps\mps.exe" CheckResult="-1" Descr="McAfee Privacy Service 9.0" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="C:\PROGRA~1\McAfee\MPS\mps.exe" Size="906792" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:08:06 PM" MD5="" />

<ITEM PID="3500" File="c:\program files\mcafee\mps\mpsevh.exe" CheckResult="-1" Descr="McAfee Privacy Service 9.0 Event Handler" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="@quot;C:\Program Files\McAfee\MPS\[email protected]; -Embedding" Size="304680" Attr="rsAh" CreateDate="12/7/2007 2:16:01 AM" ChageDate="4/18/2007 2:08:10 PM" MD5="6510D5303CC0D1CF1908B8BD21063420" />

<ITEM PID="2736" File="c:\windows\system32\nvsvc32.exe" CheckResult="0" Descr="NVIDIA Driver Helper Service, Version 77.72" LegalCopyright="© NVIDIA Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\nvsvc32.exe" Size="127043" Attr="rsAh" CreateDate="10/11/2004 4:17:16 AM" ChageDate="6/15/2005 7:20:00 PM" MD5="F6FCA6047879DE7A2964757EB8B2101B" />

<ITEM PID="312" File="c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe" CheckResult="-1" Descr="McAfee Redirector Service Module" LegalCopyright="Copyright © 2006 McAfee, Inc." CmdLine="c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe" Size="256096" Attr="rsAh" CreateDate="12/7/2007 2:14:23 AM" ChageDate="3/8/2007 3:42:42 PM" MD5="DAF486036F2F6EE9DBA390D3CF2E5C29" />

<ITEM PID="836" File="c:\windows\system32\services.exe" CheckResult="0" Descr="Services and Controller app" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\services.exe" Size="108032" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="C6CE6EEC82F187615D1002BB3BB50ED4" />

<ITEM PID="3320" File="c:\program files\aol 9.0b\shellmon.exe" CheckResult="-1" Descr="waolmon" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" CmdLine="@quot;C:\Program Files\AOL 9.0b\[email protected];" Size="54832" Attr="rsAh" CreateDate="4/18/2007 1:49:05 AM" ChageDate="4/18/2007 1:49:05 AM" MD5="1E859A926D7896F51BB5E1E3055D4C8F" />

<ITEM PID="2936" File="c:\program files\spywarefighter\spfprc.exe" CheckResult="-1" Descr="SpywareFighter" LegalCopyright="SpamFighter APS. All rights reserved." CmdLine="@quot;C:\Program Files\SPYWAREfighter\[email protected];" Size="410520" Attr="rsAh" CreateDate="6/8/2007 11:52:14 AM" ChageDate="6/8/2007 11:52:14 AM" MD5="DD634A9825135DDD919683A7DC04360B" />

<ITEM PID="2632" File="c:\program files\spywarefighter\spftray.exe" CheckResult="-1" Descr="Spywarefighter Tray" LegalCopyright="" CmdLine="@quot;C:\Program Files\SPYWAREfighter\[email protected];" Size="115608" Attr="rsAh" CreateDate="6/8/2007 11:52:18 AM" ChageDate="6/8/2007 11:52:18 AM" MD5="B98D723FBDF2508C8959258BD42F46E9" />

<ITEM PID="1680" File="c:\windows\system32\spoolsv.exe" CheckResult="0" Descr="Spooler SubSystem App" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\spoolsv.exe" Size="57856" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/10/2005 6:53:32 PM" MD5="DA81EC57ACD4CDC3D4C51CF3D409AF9F" />

<ITEM PID="3000" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\svchost.exe -k imgsvc" Size="14336" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="8F078AE4ED187AAABC0A305146DE6716" />

<ITEM PID="1076" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\svchost -k rpcss" Size="14336" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="8F078AE4ED187AAABC0A305146DE6716" />

<ITEM PID="1112" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\System32\svchost.exe -k netsvcs" Size="14336" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="8F078AE4ED187AAABC0A305146DE6716" />

<ITEM PID="1912" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\System32\svchost.exe -k HTTPFilter" Size="14336" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="8F078AE4ED187AAABC0A305146DE6716" />

<ITEM PID="1160" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\svchost.exe -k NetworkService" Size="14336" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="8F078AE4ED187AAABC0A305146DE6716" />

<ITEM PID="1304" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\svchost.exe -k LocalService" Size="14336" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="8F078AE4ED187AAABC0A305146DE6716" />

<ITEM PID="1000" File="c:\windows\system32\svchost.exe" CheckResult="0" Descr="Generic Host Process for Win32 Services" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\windows\system32\svchost -k DcomLaunch" Size="14336" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="8F078AE4ED187AAABC0A305146DE6716" />

<ITEM PID="1436" File="c:\program files\aol 9.0b\waol.exe" CheckResult="-1" Descr="AOL Software" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" CmdLine="-Brestart" Size="39472" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="DCF06AFB01E890FE4D89FA09D64524ED" />

<ITEM PID="792" File="c:\windows\system32\winlogon.exe" CheckResult="0" Descr="Windows NT Logon Application" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="winlogon.exe" Size="502272" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/4/2004 7:00:00 AM" MD5="01C3346C241652F43AED8E2149881BFE" />

<ITEM PID="1036" File="c:\windows\system32\wbem\wmiprvse.exe" CheckResult="0" Descr="WMI" LegalCopyright="© Microsoft Corporation. All rights reserved." Hidden="-1" CmdLine="C:\WINDOWS\system32\wbem\wmiprvse.exe-Embedding" Size="218112" Attr="rsAh" CreateDate="6/14/2005 7:31:40 PM" ChageDate="8/4/2004 7:00:00 AM" MD5="075EA6C849AB0FE416A3D6DD65C3CF41" />

<ITEM PID="3444" File="c:\program files\windows media player\wmpnetwk.exe" CheckResult="-1" Descr="Windows Media Player Network Sharing Service" LegalCopyright="© Microsoft Corporation. All rights reserved." CmdLine="@quot;C:\Program Files\Windows Media Player\[email protected];" Size="913408" Attr="rsah" CreateDate="10/18/2006 7:05:24 PM" ChageDate="10/18/2006 7:05:24 PM" MD5="F74E3D9A7FA9556C3BBB14D4E5E63D3B" />

<ITEM PID="2676" File="c:\program files\windows media player\wmpnscfg.exe" CheckResult="-1" Descr="Windows Media Player Network Sharing Service Configuration Application" LegalCopyright="© Microsoft Corporation. All rights reserved." CmdLine="@quot;C:\Program Files\Windows Media Player\[email protected];" Size="204288" Attr="rsah" CreateDate="10/18/2006 7:05:26 PM" ChageDate="10/18/2006 7:05:26 PM" MD5="7EAED08CCCA4DDDE61A388C82598CFA9" />

</PROCESS>

- <DLL>

<ITEM File="C:\windows\system32\kernel32.dll" CheckResult="-1" Descr="Windows NT BASE API Client DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,2628,768,2664,944,2648,2640,2848,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,836,3320,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="984576" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="4/16/2007 10:52:53 AM" MD5="A01F9CA902A88F7CED06884174D6419D" />

<ITEM File="C:\windows\system32\RPCRT4.dll" CheckResult="-1" Descr="Remote Procedure Call Runtime" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,2628,768,2664,944,2648,2640,2848,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,836,3320,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="582656" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="7/9/2007 8:16:16 AM" MD5="EC9D7FD24172C1879E7673F654E55CEC" />

<ITEM File="C:\windows\system32\SHELL32.dll" CheckResult="-1" Descr="Windows Shell Common Dll" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,2628,2664,944,2648,2640,1952,2656,848,1476,2028,124,204,408,492,620,2312,3500,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444" Hidden="-1" Size="8460288" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/25/2007 10:34:01 PM" MD5="3BE4C2E84D99889685FE2B68E5FA2A9D" />

<ITEM File="C:\windows\system32\GDI32.dll" CheckResult="-1" Descr="GDI Client DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,2628,768,2664,944,2648,2640,2848,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,836,3320,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="282112" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/19/2007 8:31:19 AM" MD5="3A0D35E8FB2AB3273558ADAF92FC2F90" />

<ITEM File="C:\windows\system32\USER32.dll" CheckResult="-1" Descr="Windows XP USER API Client DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,2628,768,2664,944,2648,2640,2848,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,836,3320,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="577536" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="3/8/2007 10:36:28 AM" MD5="B409909F6E2E8A7067076ED748ABF1E7" />

<ITEM File="C:\windows\system32\SHLWAPI.dll" CheckResult="-1" Descr="Shell Light-weight Utility Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,2628,2664,944,2648,2640,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,3320,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="474112" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="3A7CAF09DECFD090C0C75828B1A7B401" />

<ITEM File="C:\windows\system32\WININET.dll" CheckResult="-1" Descr="Internet Extensions for Win32" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,1812,2616,2628,944,2656,1476,124,204,620,1112,1304,1436" Hidden="-1" Size="824832" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="30C1E0F34AD2972C72A01DB5C74AB065" />

<ITEM File="C:\windows\system32\iertutil.dll" CheckResult="-1" Descr="Run time utility for Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,1812,2616,2628,944,2656,1476,124,204,620,1112,1304,1436" Hidden="-1" Size="267776" Attr="rsAh" CreateDate="10/17/2006 11:57:20 AM" ChageDate="10/10/2007 6:55:55 PM" MD5="AF67AAB4ECC886EAAB6912A53FA717DB" />

<ITEM File="C:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll" CheckResult="-1" Descr="User Experience Controls Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,2628,2664,944,2648,2640,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,3320,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="1054208" Attr="rsAh" CreateDate="10/10/2006 6:12:36 PM" ChageDate="8/25/2006 10:45:55 AM" MD5="C4E80875C1CF1222FC5EFD0314AE5C01" />

<ITEM File="C:\windows\system32\comctl32.dll" CheckResult="-1" Descr="Common Controls Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1560,2932,1812,3140,2616,944,2648,2640,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,3320,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444" Hidden="-1" Size="617472" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/25/2006 10:45:58 AM" MD5="B0124CB21D28B1C9F678B566B6B57D92" />

<ITEM File="C:\windows\system32\OLEAUT32.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © Microsoft Corp. 1993-2001." UsedBy="2932,1812,3140,2616,2628,2664,944,2648,1952,2656,848,1476,2028,124,188,204,228,408,492,620,2312,3500,312,2936,2632,1680,3000,1076,1112,1912,1160,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="549376" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/17/2007 6:28:05 AM" MD5="CE66FAF0624B118DE9A714A3D5E0E9F6" />

<ITEM File="C:\Program Files\Common Files\AOL\ACS\AOLacsd.dll" CheckResult="-1" Descr="AOL Connectivity Service" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="1263152" Attr="RsAh" CreateDate="4/13/2007 12:29:27 PM" ChageDate="4/13/2007 12:29:27 PM" MD5="B1081E9380ACEEF7B9C5F928261EC569" />

<ITEM File="C:\Program Files\Common Files\AOL\ACS\xpat.dll" CheckResult="-1" Descr="AOL Connectivity Service XML Parser" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="124464" Attr="RsAh" CreateDate="4/13/2007 12:29:50 PM" ChageDate="4/13/2007 12:29:50 PM" MD5="C64B23D10FAFE5BFABD89C53EBDB270E" />

<ITEM File="C:\windows\system32\NETAPI32.dll" CheckResult="-1" Descr="Net Win32 API DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1812,3140,2628,944,2648,1952,848,1476,2028,124,188,204,228,408,492,620,2312,3500,2736,312,836,2936,1680,3000,1112,1304,1000,1436,792,1036,3444,2676" Hidden="-1" Size="332288" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/17/2006 7:28:27 AM" MD5="35A4C61B5A9AE04E73843FB21F9A1137" />

<ITEM File="C:\Program Files\Common Files\AOL\ACS\ACSMDiag.dll" CheckResult="-1" Descr="AOL Connectivity Service Diagnostics" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="87600" Attr="RsAh" CreateDate="4/13/2007 12:29:25 PM" ChageDate="4/13/2007 12:29:25 PM" MD5="6181BD3B38F360B53D76C0802FE842C3" />

<ITEM File="C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll" CheckResult="-1" Descr="AOL Diagnostics" LegalCopyright="Copyright © 1998-2006 - SupportSoft Software, Inc. All Rights Reserved." UsedBy="1812,3140,1436" Hidden="-1" Size="106496" Attr="rsAh" CreateDate="8/11/2006 4:38:55 PM" ChageDate="3/8/2007 8:39:52 PM" MD5="15B9CC21717F3CD0F660AF315521E3C0" />

<ITEM File="C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll" CheckResult="-1" Descr="AOL Connectivity Service Common Code" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812,1436" Hidden="-1" Size="206384" Attr="RsAh" CreateDate="4/13/2007 12:29:36 PM" ChageDate="4/13/2007 12:29:36 PM" MD5="E3C1E0E02EBF63BAF138EC42CE39BA7C" />

<ITEM File="C:\Program Files\Common Files\AOL\ACS\ACSSwu.dll" CheckResult="-1" Descr="AOL Connectivity Service Software Update" LegalCopyright="Copyright © 2001-2006 AOL LLC" UsedBy="1812" Hidden="-1" Size="235056" Attr="RsAh" CreateDate="4/13/2007 12:29:16 PM" ChageDate="4/13/2007 12:29:16 PM" MD5="24B23C8E8C69A158B09B3C4690B5750B" />

<ITEM File="C:\windows\system32\iphlpapi.dll" CheckResult="-1" Descr="IP Helper API" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1812,3140,2616,2628,944,848,2028,124,188,620,2736,2936,2632,1076,1112,1160,1304,1000,1436,792,3444" Hidden="-1" Size="94720" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/19/2006 7:59:41 AM" MD5="011EACF9153EF90E6CBCE2987ACAE411" />

<ITEM File="C:\windows\system32\DNSAPI.dll" CheckResult="-1" Descr="DNS Client API DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1812,3140,2628,1952,848,124,204,492,2936,1680,1076,1112,1160,1036" Hidden="-1" Size="148480" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/26/2006 12:37:10 PM" MD5="16E68F1DB0E37C13A5FB5F9611A38EDC" />

<ITEM File="C:\Program Files\Common Files\AOL\1175982866\ee\AOLSvcMgr.dll" CheckResult="-1" Descr="AOLSvcMgr" LegalCopyright="Copyright © 2007 AOL LLC" UsedBy="3140,1436" Hidden="-1" Size="595456" Attr="rsAh" CreateDate="9/25/2006 7:51:46 PM" ChageDate="4/12/2007 4:22:49 PM" MD5="AC55822CD0156228032052BD9A945D61" />

<ITEM File="C:\Program Files\Common Files\AOL\1175982866\ee\xprt6.dll" CheckResult="-1" Descr="XPRT Runtime Library" LegalCopyright="Copyright 1998-2006 AOL LLC" UsedBy="3140,1436" Hidden="-1" Size="241664" Attr="rsAh" CreateDate="8/4/2006 12:03:52 PM" ChageDate="8/4/2006 12:03:52 PM" MD5="B6EB80232F24EC02CE75B23A66ED88C2" />

<ITEM File="C:\windows\system32\msi.dll" CheckResult="-1" Descr="Windows Installer" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3140,944,124,204,2312,3500,2936,2632,1112,1436,3444" Hidden="-1" Size="2854400" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="4/18/2007 11:12:23 AM" MD5="892F4BC54D486FEB4DF03E4E2ECB14E0" />

<ITEM File="c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\OS.dll" CheckResult="-1" Descr="os EE Service" LegalCopyright="Copyright © 2006 AOL LLC" UsedBy="3140" Hidden="-1" Size="180736" Attr="rsAh" CreateDate="9/21/2006 10:19:02 AM" ChageDate="9/21/2006 10:19:02 AM" MD5="483302397A9A1334FB9D44DD16638898" />

<ITEM File="C:\Program Files\Common Files\AOL\1175982866\ee\xprt5.dll" CheckResult="-1" Descr="XPRT Runtime Library" LegalCopyright="Copyright 1998-2007 AOL LLC" UsedBy="3140" Hidden="-1" Size="249856" Attr="rsAh" CreateDate="3/12/2007 2:12:31 PM" ChageDate="3/12/2007 2:12:31 PM" MD5="01D280B0DFB2A0580F72AAD3BD2EF15D" />

<ITEM File="c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\AOLIdleMon.dll" CheckResult="-1" Descr="AolIdleMon EE Service" LegalCopyright="Copyright © 2006 AOL LLC" UsedBy="3140" Hidden="-1" Size="5632" Attr="rsAh" CreateDate="9/21/2006 10:18:49 AM" ChageDate="9/21/2006 10:18:49 AM" MD5="1337EF044854F38B9DFD085E56EBC3A2" />

<ITEM File="c:\program files\common files\aol\1175982866\ee\services\notification\ver6_2_6_1\Notify.dll" CheckResult="-1" Descr="Notification Service" LegalCopyright="Copyright © 2006 America Online, Inc." UsedBy="3140" Hidden="-1" Size="145920" Attr="rsAh" CreateDate="8/1/2006 4:26:55 PM" ChageDate="8/1/2006 4:26:55 PM" MD5="DA8CFF2E849BB7C09BF4A6E170615E35" />

<ITEM File="c:\program files\common files\aol\1175982866\ee\services\localStorage\ver7_1_6_1\clsSvc.dll" CheckResult="-1" Descr="clssvc EE Service" LegalCopyright="Copyright © 2007 AOL LLC" UsedBy="3140" Hidden="-1" Size="334848" Attr="rsAh" CreateDate="4/24/2007 6:40:14 PM" ChageDate="4/24/2007 6:40:14 PM" MD5="8AA0F6018B3B52DBE74CE77A9A7E85AA" />

<ITEM File="c:\program files\common files\aol\1175982866\ee\services\metrics\ver3_6_16_1\cmls.dll" CheckResult="-1" Descr="Client Metrics Service" LegalCopyright="Copyright © 2006 AOL LLC" UsedBy="3140" Hidden="-1" Size="262144" Attr="rsAh" CreateDate="9/11/2006 10:38:51 AM" ChageDate="9/11/2006 10:38:51 AM" MD5="7204F76E069854A2785796A0911AFB27" />

<ITEM File="c:\program files\common files\aol\1175982866\ee\services\aolsystrayservice\ver3_0_16_1\AOLSysTrayService.dll" CheckResult="-1" Descr="aolsystrayservice EE Service" LegalCopyright="Copyright © 2006 AOL LLC. All rights reserved." UsedBy="3140" Hidden="-1" Size="180224" Attr="rsAh" CreateDate="10/13/2006 9:31:46 AM" ChageDate="10/13/2006 9:31:46 AM" MD5="2856C172401B665FB7451B4B4CC5D657" />

<ITEM File="c:\program files\common files\aol\1175982866\ee\services\suiteFramework\ver4_1_6_1\suiteFramework.dll" CheckResult="-1" Descr="SuiteFramework Service" LegalCopyright="Copyright © 2006 AOL LLC." UsedBy="3140" Hidden="-1" Size="292864" Attr="rsAh" CreateDate="10/18/2006 4:06:14 PM" ChageDate="10/18/2006 4:06:14 PM" MD5="4A9476E8EF7051BCF06D33A746339E9C" />

<ITEM File="C:\windows\system32\winsrv.dll" CheckResult="-1" Descr="Windows Server DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="768" Hidden="-1" Size="292864" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="3/17/2007 8:43:01 AM" MD5="3D21B3BE0C5768E76FD9780E9CF9E07C" />

<ITEM File="C:\windows\system32\sxs.dll" CheckResult="-1" Descr="Fusion 2.5" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="768,944,188,204,408,492,620,2312,3500,2936,2632,1112,1436,792,3444" Hidden="-1" Size="713216" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/19/2006 8:56:32 AM" MD5="0FF9FA27706FBE9048990C108C0D62F0" />

<ITEM File="C:\windows\system32\BROWSEUI.dll" CheckResult="-1" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="944" Hidden="-1" Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\SHDOCVW.dll" CheckResult="-1" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="944" Hidden="-1" Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\windows\system32\ieframe.dll" CheckResult="-1" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="944,1436" Hidden="-1" Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\windows\system32\urlmon.dll" CheckResult="-1" Descr="OLE32 Extensions for Win32" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="944,204,620,1436" Hidden="-1" Size="1159680" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="A0C7A44451208353A8B6B7F5FE5C0BB6" />

<ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="944" Hidden="-1" Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" />

<ITEM File="C:\WINDOWS\system32\WPDShServiceObj.dll" CheckResult="-1" Descr="Windows Portable Device Shell Service Object" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="944" Hidden="-1" Size="133632" Attr="rsah" CreateDate="10/18/2006 8:47:22 PM" ChageDate="10/18/2006 8:47:22 PM" MD5="045E228F71C31901084B64BE59093499" />

<ITEM File="C:\WINDOWS\system32\PortableDeviceTypes.dll" CheckResult="-1" Descr="Windows Portable Device (Parameter) Types Component" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="944" Hidden="-1" Size="166912" Attr="rsah" CreateDate="10/18/2006 8:47:18 PM" ChageDate="10/18/2006 8:47:18 PM" MD5="22358578CB321F3325496A3723029409" />

<ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll" CheckResult="-1" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="944,1436" Hidden="-1" Size="67136" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:44 AM" MD5="AAB55DDA71DA25DDED70FEA55B61CC19" />

<ITEM File="C:\windows\system32\JScript.dll" CheckResult="-1" Descr="Microsoft ® JScript" LegalCopyright="Copyright © Microsoft Corp. 1996-2006, All Rights Reserved" UsedBy="944,1436" Hidden="-1" Size="491520" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/17/2006 12:00:00 PM" MD5="194D61A029411CC83011181D6E818600" />

<ITEM File="C:\windows\system32\VBScript.dll" CheckResult="-1" Descr="Microsoft ® VBScript" LegalCopyright="Copyright © Microsoft Corp. 1996-2006, All Rights Reserved" UsedBy="944,1436" Hidden="-1" Size="413696" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="11/7/2006 9:03:36 PM" MD5="767D22C6E47A4D73AE0253B83BC7BE64" />

<ITEM File="C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCP80.dll" CheckResult="-1" Descr="Microsoft® C++ Runtime Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2648" Hidden="-1" Size="548864" Attr="rsAh" CreateDate="8/22/2007 4:34:26 PM" ChageDate="8/22/2007 4:34:26 PM" MD5="392FADBA4883243C97A56075FA86882D" />

<ITEM File="C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCR80.dll" CheckResult="-1" Descr="Microsoft® C Runtime Library" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2648" Hidden="-1" Size="626688" Attr="rsAh" CreateDate="8/22/2007 4:34:26 PM" ChageDate="8/22/2007 4:34:26 PM" MD5="F39FAF4C1A7C832946DFF4313FFA4572" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll" CheckResult="-1" Descr="McAfee Core Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1952,1476,2028,124,204,408,492,620,2312,3500,312" Hidden="-1" Size="84064" Attr="rsAh" CreateDate="12/7/2007 2:13:39 AM" ChageDate="1/5/2007 2:50:04 PM" MD5="" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll" CheckResult="-1" Descr="McAfee HackerWatch Proxy Stub" LegalCopyright="© McAfee, Inc. All rights reserved." UsedBy="1952,492,620,312" Hidden="-1" Size="54376" Attr="rsAh" CreateDate="12/7/2007 2:14:26 AM" ChageDate="2/13/2007 12:09:14 PM" MD5="314CBFBC64F78F8EB8CFB7B50C387A0B" />

<ITEM File="C:\windows\system32\LSASRV.dll" CheckResult="-1" Descr="LSA Server DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="848" Hidden="-1" Size="721920" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/17/2006 7:28:27 AM" MD5="9A9EC759DCE1368C5AE080261002D7D8" />

<ITEM File="C:\windows\system32\schannel.dll" CheckResult="-1" Descr="TLS / SSL Security Provider" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="848,1112" Hidden="-1" Size="144896" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="4/25/2007 9:21:15 AM" MD5="532EA80E9F5452928F8426653215BE29" />

<ITEM File="C:\windows\system32\wdigest.dll" CheckResult="-1" Descr="Microsoft Digest Access" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="848" Hidden="-1" Size="49152" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="3/23/2006 11:37:50 PM" MD5="C43D8F6FF8AC074CCD9B34B781E23E86" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\McRes.dll" CheckResult="-1" Descr="McAfee Non-Localized Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="80984" Attr="rsAh" CreateDate="12/7/2007 2:13:45 AM" ChageDate="1/5/2007 4:21:48 PM" MD5="D970BE54162487D495B36EF5006ED3B9" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\McLocRes.dll" CheckResult="-1" Descr="McAfee Localized Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="58920" Attr="rsAh" CreateDate="12/7/2007 2:13:45 AM" ChageDate="4/16/2007 11:28:18 AM" MD5="BC986FD58A63384BC3897A71CB1E9ED9" />

<ITEM File="C:\Program Files\McAfee\MSC\oem\578\Mccobres.dll" CheckResult="-1" Descr="McAfee Co-Branded Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="558400" Attr="rsah" CreateDate="12/7/2007 2:14:13 AM" ChageDate="8/17/2007 2:31:14 PM" MD5="57143713AD6E5C1C135739925B2088CC" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\Mccobres.dll" CheckResult="-1" Descr="McAfee Co-Branded Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,3500" Hidden="-1" Size="558632" Attr="rsAh" CreateDate="12/7/2007 2:13:44 AM" ChageDate="4/16/2007 11:29:18 AM" MD5="24CB52C210224430E3DAAB8ED1918AD0" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll" CheckResult="-1" Descr="McAfee Subscription manager module" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,124,204,408,492" Hidden="-1" Size="480856" Attr="rsAh" CreateDate="3/7/2007 4:01:10 PM" ChageDate="3/7/2007 4:01:10 PM" MD5="860424B66E83F6ECA9E6A0663F788095" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll" CheckResult="-1" Descr="MISP Registration Component" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,124" Hidden="-1" Size="290392" Attr="rsAh" CreateDate="1/5/2007 4:21:46 PM" ChageDate="1/5/2007 4:21:46 PM" MD5="F4393AB71EFA25568A1E07C2AB3B7CF7" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcmispps.dll" CheckResult="-1" Descr="McAfee MISP Proxy Stub DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476,2028,124,204,408,492,620,3500" Hidden="-1" Size="66648" Attr="rsAh" CreateDate="12/7/2007 2:13:42 AM" ChageDate="1/5/2007 4:21:30 PM" MD5="A95DC5F7A4D0FC94E0DAA86A2C82AAC2" />

<ITEM File="C:\windows\system32\msxml3.dll" CheckResult="-1" Descr="MSXML 3.0 SP9" LegalCopyright="Copyright © Microsoft Corporation. 1981-2007" UsedBy="1476,492,3500,1436" Hidden="-1" Size="1104896" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/26/2007 1:08:16 AM" MD5="0B13288E7D79DAE8D99DAC8F08A77372" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mccfgpv.dll" CheckResult="-1" Descr="MISP Default Configuration Provider" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476" Hidden="-1" Size="397912" Attr="rsAh" CreateDate="12/7/2007 2:13:48 AM" ChageDate="1/5/2007 4:21:22 PM" MD5="1CA04CB62607C6C7ADC50E6ED7CBC1D2" />

<ITEM File="c:\PROGRA~1\mcafee.com\agent\mcagntps.dll" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476" Hidden="-1" Size="67160" Attr="rsAh" CreateDate="12/7/2007 2:13:56 AM" ChageDate="1/5/2007 4:21:18 PM" MD5="B99DB2A48AEBFD9B8E49DDCB7991C2DA" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcuicfg.dll" CheckResult="-1" Descr="McAfee Integrated Security Platform" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="1476" Hidden="-1" Size="116312" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:58 PM" MD5="DFB3C949D6C2A7E67AA18063D31A0CD9" />

<ITEM File="C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll" CheckResult="-1" Descr="Sqlite3 Database Module" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="2028" Hidden="-1" Size="374384" Attr="rsAh" CreateDate="12/7/2007 2:13:41 AM" ChageDate="1/8/2007 1:46:28 PM" MD5="F01A387CF3051431A5BA0FB25118BC92" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcdbmgr.dll" CheckResult="-1" Descr="McAfee Log Database Manager" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="2028" Hidden="-1" Size="253528" Attr="rsAh" CreateDate="12/7/2007 2:13:51 AM" ChageDate="1/5/2007 4:21:24 PM" MD5="8446C6000BD0B981BC4B6BBF09A1DD6B" />

<ITEM File="C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll" CheckResult="-1" Descr="McAfee Utility DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="110704" Attr="rsAh" CreateDate="12/7/2007 2:13:41 AM" ChageDate="1/8/2007 1:46:18 PM" MD5="63A184C25C12D6922B4A00D286CF3DE9" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll" CheckResult="-1" Descr="McAfee NMC Server" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124" Hidden="-1" Size="894504" Attr="rsAh" CreateDate="12/7/2007 2:14:09 AM" ChageDate="3/6/2007 6:26:52 PM" MD5="3FC22BA888356B0ACDB7E1D6FC0F002C" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcshllps.dll" CheckResult="-1" Descr="McAfee McShell Proxy Stub DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="87640" Attr="rsAh" CreateDate="12/7/2007 2:13:43 AM" ChageDate="1/5/2007 4:21:52 PM" MD5="B811AAC93D5BD5DCA6CCB0251ED59586" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL" CheckResult="-1" Descr="McAfee Network Agent Proxy/Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="83496" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:12 AM" MD5="975F9F1EAFB8566A51D696E61D7845EA" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcnmcsps.dll" CheckResult="-1" Descr="McAfee NMC Server Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="67112" Attr="rsAh" CreateDate="12/7/2007 2:14:09 AM" ChageDate="3/6/2007 6:26:50 PM" MD5="935873C869BE551ABE18C4C1C5A12520" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcmismgr.dll" CheckResult="-1" Descr="McAfee Misc Manager" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124" Hidden="-1" Size="394840" Attr="rsAh" CreateDate="12/7/2007 2:13:46 AM" ChageDate="1/5/2007 4:21:34 PM" MD5="CC6A41FF46C4EFC8F2EBD433FA47F91F" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll" CheckResult="-1" Descr="McAfee Unified Join" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124" Hidden="-1" Size="333352" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:14 AM" MD5="4129F3D399370271074463D15AAB4565" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\McNmcRes.dll" CheckResult="-1" Descr="McAfee NMC Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="333352" Attr="rsAh" CreateDate="12/7/2007 2:14:11 AM" ChageDate="3/6/2007 6:26:48 PM" MD5="1E55194336D7639EBEB95E75AEDDB218" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll" CheckResult="-1" Descr="McAfee NMC Localized Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="14376" Attr="rsAh" CreateDate="12/7/2007 2:14:11 AM" ChageDate="3/6/2007 6:33:36 PM" MD5="2D297D63417EF342BE55E99F6F935CE2" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll" CheckResult="-1" Descr="McAfee NMC Co-Branded Resource DLL" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="124,204" Hidden="-1" Size="13352" Attr="rsAh" CreateDate="12/7/2007 2:14:12 AM" ChageDate="3/6/2007 6:33:56 PM" MD5="F9733A366B95C5387A6EFB6DE1354A61" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcprotpv.dll" CheckResult="-1" Descr="MISP Default Protection Provider" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="204" Hidden="-1" Size="317016" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:42 PM" MD5="CE0150BC423490294E40697B0F47E3AD" />

<ITEM File="c:\PROGRA~1\mcafee\msc\mcnmcprv.dll" CheckResult="-1" Descr="McAfee NMC Provider" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="204" Hidden="-1" Size="349736" Attr="rsAh" CreateDate="12/7/2007 2:14:09 AM" ChageDate="3/6/2007 6:26:46 PM" MD5="DE16DB48B1B925C8B75B386576EDB606" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\McProHlp.dll" CheckResult="-1" Descr="Mc Security Index" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="204" Hidden="-1" Size="231000" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:40 PM" MD5="FE763F9B4DF58577DA50409BF837F3E3" />

<ITEM File="c:\PROGRA~1\mcafee\mps\mpsppm.dll" CheckResult="-1" Descr="MPS Proxy Plugin Module" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="228" Hidden="-1" Size="207912" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:07:46 PM" MD5="12F30D8D6D2300F7F42B9B9B752FFBA2" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll" CheckResult="-1" Descr="McAfee Event Broker" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="228,408,492,620,2312,312" Hidden="-1" Size="267856" Attr="rsAh" CreateDate="12/7/2007 2:13:39 AM" ChageDate="1/5/2007 2:50:04 PM" MD5="5F2A40A32C06BD4AD4450121ADB95AD7" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll" CheckResult="-1" Descr="McAfee Redirector Service Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="228,312" Hidden="-1" Size="76896" Attr="rsAh" CreateDate="12/7/2007 2:14:23 AM" ChageDate="3/8/2007 3:42:36 PM" MD5="F2C5BB8DC685D31C1895BD74BE2F5FA3" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll" CheckResult="-1" Descr="Provides self-protection functionality" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="25152" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:56:40 AM" MD5="A5BFECDD6127A276A9B24A1007C34800" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll" CheckResult="-1" Descr="Common Shell - [email protected]; interface to the engine" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="132672" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:30 AM" MD5="E7E7C5E2253A741EF7269C5F21D73BB4" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll" CheckResult="-1" Descr="Common Shell2 - [email protected]; interface to the 5000 series engine" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="226880" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:30 AM" MD5="13515CB8D6602D3433537104D6055A52" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll" CheckResult="-1" Descr="Resources for McShield" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="24664" Attr="rsAh" CreateDate="12/7/2007 2:14:36 AM" ChageDate="6/25/2007 10:55:10 AM" MD5="3A384EBBAEE0151233C02FCE02A7CEE1" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll" CheckResult="-1" Descr="File Filter Library" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="41024" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:56:58 AM" MD5="181D9F8B63960DA647B4B9A9B3EEB985" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll" CheckResult="-1" Descr="McAfee VirusScan Announcer" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="321104" Attr="rsAh" CreateDate="12/7/2007 2:14:38 AM" ChageDate="1/16/2007 2:06:14 PM" MD5="5BE90201048153C3975C7C4339199514" />

<ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll" CheckResult="-1" Descr="McAfee VirusScan Proxy Stub dll" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408,492" Hidden="-1" Size="169552" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:06:10 PM" MD5="" />

<ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll" CheckResult="-1" Descr="McAfee VirusScan Announcer Proxy Stub dll" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="24656" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:06:16 PM" MD5="792480860CB2ABF6AB643CBE0CE4BBBD" />

<ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll" CheckResult="-1" Descr="McAfee Configuration Object Tool" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408,492" Hidden="-1" Size="296528" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="4/18/2007 8:26:08 AM" MD5="F496CA7746E0CE9266900B1632B4E29E" />

<ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll" CheckResult="-1" Descr="McAfee VirusScan Quarantine Interface" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="185936" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:05:42 PM" MD5="2217F3EBE3A041C423DC9DB840A0DB80" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll" CheckResult="-1" Descr="McAfee Quarantine Library" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408" Hidden="-1" Size="194128" Attr="rsAh" CreateDate="12/7/2007 2:14:37 AM" ChageDate="1/16/2007 2:06:08 PM" MD5="7B34ACE0CFCC7346E31E300CB4C00ED5" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll" CheckResult="-1" Descr="McAfee VirusScan Log Helper" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="408,492" Hidden="-1" Size="276048" Attr="rsAh" CreateDate="12/7/2007 2:15:12 AM" ChageDate="1/16/2007 6:03:50 PM" MD5="C3E3DD3D79807127A52C5625CE10BC76" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\scriptsv.dll" CheckResult="-1" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="17984" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:46 AM" MD5="2369DAE0A438B9BEC65871420D53CF86" />

<ITEM File="C:\Program Files\McAfee\VirusScan\mcscan32.dll" CheckResult="-1" Descr="AV Scanning Engine" LegalCopyright="Copyright © 2007 McAfee, Inc." UsedBy="408" Hidden="-1" Size="2724006" Attr="RsAh" CreateDate="12/7/2007 2:14:49 AM" ChageDate="7/9/2007 5:20:00 AM" MD5="7D89C620128AC1B1D2BEADAE59C5EDF2" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll" CheckResult="-1" Descr="Buffer Overflow Protection Service" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="58944" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:10 AM" MD5="4711D113468155AC27983BE349408618" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll" CheckResult="-1" Descr="Host Intrusion Detection Link Driver Communication" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408,492" Hidden="-1" Size="19008" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:12 AM" MD5="1FC2D830CFA073C55AF2C08CCA8F25B7" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll" CheckResult="-1" Descr="Anti Virus File System Filter Driver API" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="408" Hidden="-1" Size="58944" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:04 AM" MD5="EFBC8534AC8BE9F03AF580AE354B998C" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll" CheckResult="-1" Descr="System Monitor Filter Driver API" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." UsedBy="492" Hidden="-1" Size="17472" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:26 AM" MD5="2BF1F42442060609DD7E2A8FEFD68141" />

<ITEM File="c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll" CheckResult="-1" Descr="McAfee Personal Firewall Plus" LegalCopyright="Copyright © 2005 McAfee, Inc. All Rights Reserved." UsedBy="620" Hidden="-1" Size="972328" Attr="rsAh" CreateDate="12/7/2007 2:15:35 AM" ChageDate="3/9/2007 4:21:10 PM" MD5="30191EB8EE14AF39ABDC438F33916182" />

<ITEM File="C:\windows\system32\Dunzip32.dll" CheckResult="-1" Descr="DynaZIP-32 Multi-Threading UnZIP DLL" LegalCopyright="Copyright © 1995 - 2004 by Inner Media, Inc. All Rights Reserved." UsedBy="2312" Hidden="-1" Size="143360" Attr="rsAh" CreateDate="12/7/2007 2:15:57 AM" ChageDate="3/3/2006 11:07:02 AM" MD5="C293127E169B0F2F02BB2CBED1057471" />

<ITEM File="c:\PROGRA~1\mcafee\mps\mpsps.dll" CheckResult="-1" Descr="McAfee Privacy Service 9.0 Proxy Stub" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="2312,3500" Hidden="-1" Size="58408" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:08:12 PM" MD5="E43DA3F7CF8BB44A360F2A66026E542B" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\McAltLib.dll" CheckResult="-1" Descr="MISP Alert Library" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="3500" Hidden="-1" Size="288344" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:22:06 PM" MD5="B8D3D1737DC48D9B08B408F53F2B5E8E" />

<ITEM File="c:\PROGRA~1\mcafee\mps\mpsmisp.dll" CheckResult="-1" Descr="McAfee Privacy Service 9.0" LegalCopyright="Copyright © 2006 McAfee, Inc." UsedBy="3500" Hidden="-1" Size="415784" Attr="rsAh" CreateDate="12/7/2007 2:16:01 AM" ChageDate="4/18/2007 2:07:42 PM" MD5="F165CF0FABCBE256F5885AE4BC1C6BB5" />

<ITEM File="C:\windows\AppPatch\AcAdProc.dll" CheckResult="-1" Descr="Windows Compatibility DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="836" Hidden="-1" Size="39424" Attr="rsah" CreateDate="4/8/2007 3:59:48 PM" ChageDate="10/4/2006 9:05:26 AM" MD5="744EA281298317E91C3BEA70BF3843D4" />

<ITEM File="C:\Program Files\SPYWAREfighter\engine.dll" CheckResult="-1" Descr="scan engine" LegalCopyright="Copyright © 2005 Anti-Malware Development a.s." UsedBy="2936" Hidden="-1" Size="471960" Attr="rsAh" CreateDate="6/8/2007 11:52:24 AM" ChageDate="6/8/2007 11:52:24 AM" MD5="8D14075841481A2D59F3227EE5E72417" />

<ITEM File="C:\Program Files\SPYWAREfighter\spfrm.dll" CheckResult="-1" Descr="SpyWareFighter RS" LegalCopyright="SpamFighter Aps. All rights reserved." UsedBy="2936,2632" Hidden="-1" Size="230296" Attr="rsAh" CreateDate="6/8/2007 11:52:40 AM" ChageDate="6/8/2007 11:52:40 AM" MD5="B534F5F1AADB2BE2E46FCC2E774A1E87" />

<ITEM File="C:\Program Files\SPYWAREfighter\SPYWAREfighterBO.dll" CheckResult="-1" Descr="" LegalCopyright="" UsedBy="2936,2632" Hidden="-1" Size="119704" Attr="rsAh" CreateDate="6/8/2007 11:52:42 AM" ChageDate="6/8/2007 11:52:42 AM" MD5="BE486297D5DEE1F3C7ADBAFEF9D28AE1" />

<ITEM File="C:\windows\system32\hpz3l463.dll" CheckResult="-1" Descr="LanguageMonitor" LegalCopyright="Copyright © 1999" UsedBy="1680" Hidden="-1" Size="38400" Attr="rsAh" CreateDate="4/7/2007 9:28:13 PM" ChageDate="3/22/2006 8:10:18 PM" MD5="D9CBE3BD7A91FB6731F343C003C3D52D" />

<ITEM File="C:\windows\system32\hpz3l4pi.dll" CheckResult="-1" Descr="LanguageMonitor" LegalCopyright="Copyright © 1999" UsedBy="1680" Hidden="-1" Size="48128" Attr="rsAh" CreateDate="4/7/2007 6:55:22 PM" ChageDate="6/3/2006 8:29:16 PM" MD5="37EAAE02EBF3B89F4F7BD1D40761F80B" />

<ITEM File="C:\windows\System32\spool\PRTPROCS\W32X86\hpzpp463.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © Hewlett-Packard Corp. 1997-2002" UsedBy="1680" Hidden="-1" Size="74240" Attr="rsAh" CreateDate="4/7/2007 9:28:16 PM" ChageDate="3/22/2006 8:08:20 PM" MD5="64EEC29F36B3046E6BF43C81FA598E03" />

<ITEM File="C:\windows\System32\spool\PRTPROCS\W32X86\hpzpp4pi.dll" CheckResult="-1" Descr="" LegalCopyright="Copyright © Hewlett-Packard Corp. 1997-2002" UsedBy="1680" Hidden="-1" Size="76288" Attr="rsAh" CreateDate="4/7/2007 6:55:23 PM" ChageDate="6/3/2006 8:29:06 PM" MD5="9B8DDEEDB31EDD8042D3B337B47D0409" />

<ITEM File="c:\windows\system32\wiaservc.dll" CheckResult="-1" Descr="Still Image Devices Service" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3000" Hidden="-1" Size="333824" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="12/19/2006 1:16:47 PM" MD5="B6763F8534AC547CF1AF98AFDFF2EDC8" />

<ITEM File="c:\windows\system32\shsvcs.dll" CheckResult="-1" Descr="Windows Shell Services Dll" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1112,792" Hidden="-1" Size="134656" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="12/19/2006 4:52:18 PM" MD5="6815DEF9B810AEFAC107EEAF72DA6F82" />

<ITEM File="c:\windows\system32\dhcpcsvc.dll" CheckResult="-1" Descr="DHCP Client Service" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1112" Hidden="-1" Size="111616" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/19/2006 7:59:41 AM" MD5="EF545E1A4B043DA4C84E230DD471C55F" />

<ITEM File="c:\windows\system32\ESENT.dll" CheckResult="-1" Descr="Server Database Storage Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1112" Hidden="-1" Size="1082368" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/20/2005 5:20:03 PM" MD5="50DE118DA580208B914B40DD47C90D52" />

<ITEM File="c:\windows\system32\wkssvc.dll" CheckResult="-1" Descr="Workstation Service DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1112" Hidden="-1" Size="132096" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/17/2006 7:28:27 AM" MD5="3CD291A2C4909088B3D1E98DED73D4B2" />

<ITEM File="C:\windows\system32\wuaueng.dll" CheckResult="-1" Descr="Windows Update Agent" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1112" Hidden="-1" Size="1712984" Attr="rsAh" CreateDate="6/14/2005 7:33:20 PM" ChageDate="7/30/2007 6:19:42 PM" MD5="3EEC20E41F5F331B94002970CEAEC92F" />

<ITEM File="C:\WINDOWS\system32\MTXCLU.DLL" CheckResult="-1" Descr="MS DTC amd MTS clustering support DLL" LegalCopyright="Copyright © Microsoft Corp. 1995-1998" UsedBy="1112" Hidden="-1" Size="66560" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="3/1/2006 2:42:42 PM" MD5="16A389D6DED58BA583694F825A1821A2" />

<ITEM File="C:\windows\System32\rasmans.dll" CheckResult="-1" Descr="Remote Access Connection Manager" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1112" Hidden="-1" Size="181248" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/14/2006 3:44:08 AM" MD5="D4BD2EEAB07FEF323F0A0CEECC954F51" />

<ITEM File="C:\WINDOWS\system32\wups2.dll" CheckResult="-1" Descr="Windows Update client proxy stub 2" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1112" Hidden="-1" Size="43352" Attr="rsAh" CreateDate="5/26/2005 6:16:30 AM" ChageDate="7/30/2007 6:19:12 PM" MD5="CEB1BD87FBCB5984BDF7DC0991A060B5" />

<ITEM File="c:\windows\system32\webclnt.dll" CheckResult="-1" Descr="Web DAV Service DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1304" Hidden="-1" Size="68096" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="1/3/2006 10:35:05 PM" MD5="265F534EF76832435AFBF771EC97176D" />

<ITEM File="c:\windows\system32\upnphost.dll" CheckResult="-1" Descr="UPnP Device Host" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1304" Hidden="-1" Size="185344" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="2/5/2007 3:17:02 PM" MD5="ACA5D98663D879C6BAAFCEA7E2F1B710" />

<ITEM File="C:\Program Files\AOL 9.0b\waol.dll" CheckResult="-1" Descr="AOL Software" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="364544" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="7A039521B550697ECEC12F3A8688672A" />

<ITEM File="C:\Program Files\AOL 9.0b\supersub.dll" CheckResult="-1" Descr="SuperSub" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="454656" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="5DCE7F8D6AB93F4FC798EB9EB133F10D" />

<ITEM File="C:\Program Files\AOL 9.0b\xprt5.dll" CheckResult="-1" Descr="XPRT Runtime Library" LegalCopyright="Copyright 1998-2007 AOL LLC" UsedBy="1436" Hidden="-1" Size="249856" Attr="rsAh" CreateDate="4/18/2007 1:49:08 AM" ChageDate="4/18/2007 1:49:08 AM" MD5="BF9D64E0ECD591BC1B38BD335156B66F" />

<ITEM File="C:\Program Files\AOL 9.0b\coolcore46.dll" CheckResult="-1" Descr="COOL Core Component Library" LegalCopyright="Copyright 1998-2007 AOL LLC" UsedBy="1436" Hidden="-1" Size="749568" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="2522A70E4818281C27C9BD1952C376A1" />

<ITEM File="C:\Program Files\AOL 9.0b\comm.dll" CheckResult="-1" Descr="Comm" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="245760" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="AABE0FDB863D088AD3A3751C8D40E2C6" />

<ITEM File="C:\Program Files\AOL 9.0b\manager.dll" CheckResult="-1" Descr="Display Manager" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="901120" Attr="rsAh" CreateDate="4/18/2007 1:49:02 AM" ChageDate="9/14/2007 11:50:58 AM" MD5="A2BC762A42DC8A4BCE27CE3EA5ACF97B" />

<ITEM File="C:\Program Files\AOL 9.0b\SYNCCORE.dll" CheckResult="-1" Descr="SYNCCORE.DLL" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="22528" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="56501D3BE21525DB985700CD0FDE0414" />

<ITEM File="C:\Program Files\AOL 9.0b\ProxyMgr.dll" CheckResult="-1" Descr="ProxyMgr DLL" LegalCopyright="Copyright ¬ 1999 - 2003" UsedBy="1436" Hidden="-1" Size="114688" Attr="rsAh" CreateDate="4/18/2007 1:49:05 AM" ChageDate="4/18/2007 1:49:05 AM" MD5="465B58B8EE6BABDDEA6EB082B3E62ACC" />

<ITEM File="C:\Program Files\AOL 9.0b\APPDATA.dll" CheckResult="-1" Descr="AppData" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="11264" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="FD7B588D956F07BF3EAF22D84C061296" />

<ITEM File="C:\Program Files\AOL 9.0b\acfBase.DLL" CheckResult="-1" Descr="acf Module" LegalCopyright="Copyright 2001" UsedBy="1436" Hidden="-1" Size="41472" Attr="rsAh" CreateDate="4/18/2007 1:48:59 AM" ChageDate="4/18/2007 1:48:59 AM" MD5="959141849AFD2F062DDA9BD64C3CBD54" />

<ITEM File="C:\Program Files\AOL 9.0b\resource.dll" CheckResult="-1" Descr="RESOURCE Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="2703360" Attr="rsAh" CreateDate="4/18/2007 1:49:05 AM" ChageDate="4/18/2007 1:49:05 AM" MD5="6F20433C6889F1909A930474D6CB9515" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\imfdecode.rct" CheckResult="-1" Descr="Imfdecode Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="421888" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="5A67C2F49A59FFAE8FEA0F719C7B9F99" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\coretool.rct" CheckResult="-1" Descr="Coretool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="401408" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="713A0F8C867BEEB435EFEF0FA9C7E49E" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\mip.tol" CheckResult="-1" Descr="MIP Manager" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="315392" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="A9D4A63B1EA63D557DD6FAFD1BD0FFF9" />

<ITEM File="C:\Program Files\AOL 9.0b\ABOOK.dll" CheckResult="-1" Descr="ABook Library" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="380928" Attr="rsAh" CreateDate="4/18/2007 1:48:59 AM" ChageDate="4/18/2007 1:48:59 AM" MD5="FAD65A905B609722AC0704313C0849D7" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\rich.rct" CheckResult="-1" Descr="Rich Text Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="434176" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="9E0C34DA3F3265F846ABA1DBCFA0EE98" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\actvx.rct" CheckResult="-1" Descr="ActiveX" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="167936" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\sec.cct" CheckResult="-1" Descr="Security Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="163840" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="600FBBE776FDA52A57F550057E23163F" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\chat.tol" CheckResult="-1" Descr="Chat Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="364544" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="3B35DEE5F1A44CAE9F0097005435EA0A" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\htmlview.tol" CheckResult="-1" Descr="Managed By Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="352256" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\www.tol" CheckResult="-1" Descr="WWW" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="249856" Attr="rsAh" CreateDate="4/18/2007 1:49:07 AM" ChageDate="4/18/2007 1:49:07 AM" MD5="D54B93C40FD04039D66230BE054A4D45" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\lvi.tol" CheckResult="-1" Descr="LVI Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="77824" Attr="rsAh" CreateDate="10/2/2007 7:53:03 AM" ChageDate="4/18/2007 1:49:08 AM" MD5="81C9940357741049320B8EC79EC13AA3" />

<ITEM File="C:\Program Files\AOL 9.0b\COOLAPI.dll" CheckResult="-1" Descr="Cool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="196608" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="E754F58B4D61202C823DF0D61B5691A0" />

<ITEM File="C:\Program Files\AOL 9.0b\idleproc.dll" CheckResult="-1" Descr="IDLEPROC DLL" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="6144" Attr="rsAh" CreateDate="4/18/2007 1:49:01 AM" ChageDate="4/18/2007 1:49:01 AM" MD5="180D0E0733DB9BB7EBC3C0675A055E32" />

<ITEM File="C:\Program Files\AOL 9.0b\TOOL\talk.tol" CheckResult="-1" Descr="Talk Tool" LegalCopyright="Copyright © AOL, LLC 1999 - 2006" UsedBy="1436" Hidden="-1" Size="27648" Attr="rsAh" CreateDate="10/2/2007 7:53:02 AM" ChageDate="4/18/2007 1:49:08 AM" MD5="F6ACE72ED4960BB0DE3E81DA2EC1C2A6" />

<ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll" CheckResult="-1" Descr="Viewpoint Media Player for Internet Explorer" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="254022" Attr="rsAh" CreateDate="2/15/2007 9:50:19 AM" ChageDate="2/15/2007 9:50:18 AM" MD5="" />

<ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305000D.dll" CheckResult="-1" Descr="Viewpoint Media Player Component Manager" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="213062" Attr="rsAh" CreateDate="2/15/2007 9:50:19 AM" ChageDate="2/15/2007 9:50:19 AM" MD5="CB92EBF6A404E9CFCE1C226BB0D86AFF" />

<ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll" CheckResult="-1" Descr="Viewpoint Media Player Scene Component" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="1282120" Attr="rsAh" CreateDate="7/7/2005 5:26:32 PM" ChageDate="6/15/2007 11:27:15 AM" MD5="18AE6C06D816E187DBF73C88A6358FF5" />

<ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll" CheckResult="-1" Descr="Viewpoint Media Player AOLUserShell" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="413746" Attr="rsAh" CreateDate="7/7/2005 5:26:33 PM" ChageDate="2/20/2004 2:57:31 PM" MD5="930D959F612AA545DEF48CA94616E5D8" />

<ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll" CheckResult="-1" Descr="Viewpoint Media Player Rasterizer Component" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="528430" Attr="rsAh" CreateDate="7/7/2005 5:26:32 PM" ChageDate="2/20/2004 3:02:25 PM" MD5="3BADDC0379DC2E57F654E900F403D5AE" />

<ITEM File="C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll" CheckResult="-1" Descr="Viewpoint Media Player SWFView Component" LegalCopyright="Copyright © 2000 Viewpoint Corporation" UsedBy="1436" Hidden="-1" Size="659501" Attr="rsAh" CreateDate="7/7/2005 5:26:32 PM" ChageDate="2/20/2004 3:08:01 PM" MD5="20085B5B8BC179425ED29DCE0C5DD6DD" />

<ITEM File="C:\windows\system32\jgpl400.dll" CheckResult="-1" Descr="JG ART Player DLL" LegalCopyright="©1996 AOL/Johnson-Grace Company" UsedBy="1436" Hidden="-1" Size="27648" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="BBB92EFC61A2D867EB21CE24FC1BB5CA" />

<ITEM File="C:\windows\system32\jgdw400.dll" CheckResult="-1" Descr="JG ART DLL" LegalCopyright="Copyright © 1997 America Online, Inc." UsedBy="1436" Hidden="-1" Size="163840" Attr="rsAh" CreateDate="4/18/2007 1:49:06 AM" ChageDate="4/18/2007 1:49:06 AM" MD5="07F5D42EA81FC1A8A2F59D5104714546" />

<ITEM File="C:\WINDOWS\system32\mshtml.dll" CheckResult="-1" Descr="Microsoft ® HTML Viewer" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1436" Hidden="-1" Size="3590656" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/30/2007 6:42:28 PM" MD5="8AB7ECF59D6EBBE986277B65ED4A40A1" />

<ITEM File="C:\WINDOWS\system32\msls31.dll" CheckResult="-1" Descr="Microsoft Line Services library file" LegalCopyright="Copyright © Microsoft Corp. 1996-1999" UsedBy="1436" Hidden="-1" Size="156160" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="11/7/2006 9:03:36 PM" MD5="2D15E1C7CD0BC1A9B7F9660E39A0CE3E" />

<ITEM File="C:\WINDOWS\system32\mshtmled.dll" CheckResult="-1" Descr="Microsoft® HTML Editing Component" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1436" Hidden="-1" Size="478208" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:58 PM" MD5="67AEC681AE6131BA00119FB1C9C6C83C" />

<ITEM File="C:\WINDOWS\system32\Dxtrans.dll" CheckResult="-1" Descr="DirectX Media -- DirectX Transform Core" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1436" Hidden="-1" Size="214528" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:51 PM" MD5="" />

<ITEM File="C:\WINDOWS\system32\Dxtmsft.dll" CheckResult="-1" Descr="DirectX Media -- Image DirectX Transforms" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="1436" Hidden="-1" Size="346624" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/17/2006 11:58:06 AM" MD5="" />

<ITEM File="C:\windows\system32\wmpmde.dll" CheckResult="-1" Descr="WMPMDE DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3444" Hidden="-1" Size="613376" Attr="rsah" CreateDate="10/18/2006 8:47:20 PM" ChageDate="10/18/2006 8:47:20 PM" MD5="3B8CFDA90EFAA65901ECC2EDCAD4D1EF" />

<ITEM File="C:\windows\system32\MFPlat.DLL" CheckResult="-1" Descr="Media Foundation Platform DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3444" Hidden="-1" Size="212992" Attr="rsah" CreateDate="10/18/2006 8:47:14 PM" ChageDate="10/18/2006 8:47:14 PM" MD5="55C30168142479C602BD456AC4E230B0" />

<ITEM File="C:\WINDOWS\system32\wmp.dll" CheckResult="-1" Descr="Windows Media Player" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3444" Hidden="-1" Size="10834944" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/11/2007 10:51:12 PM" MD5="22A252B03462457AF8D1A22EC64AADBF" />

<ITEM File="C:\WINDOWS\system32\wmploc.dll" CheckResult="-1" Descr="Windows Media Player Resources" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3444" Hidden="-1" Size="8231936" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/18/2006 8:47:20 PM" MD5="E8885A533A3D46209851433E3B9B3BC4" />

<ITEM File="C:\WINDOWS\system32\wmpps.dll" CheckResult="-1" Descr="Windows Media Player Proxy Stub Dll" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="3444" Hidden="-1" Size="130048" Attr="rsah" CreateDate="10/18/2006 8:47:20 PM" ChageDate="10/18/2006 8:47:20 PM" MD5="5CCB54A9CF8FC5E3251374E0DC9C45BB" />

<ITEM File="C:\Program Files\Windows Media Player\wmpnssci.dll" CheckResult="-1" Descr="Windows Media Player Network Sharing Service Control Interface DLL" LegalCopyright="© Microsoft Corporation. All rights reserved." UsedBy="2676" Hidden="-1" Size="198144" Attr="rsah" CreateDate="10/18/2006 8:47:20 PM" ChageDate="10/18/2006 8:47:20 PM" MD5="E9A73E376B26D5243F7A418A0C548929" />

</DLL>

- <KERNELOBJ>

<ITEM File="C:\windows\System32\Drivers\dump_atapi.sys" CheckResult="-1" Base="F45AB000" MemSize="018000" Descr="" LegalCopyright="" />

<ITEM File="C:\windows\System32\Drivers\dump_WMILIB.SYS" CheckResult="-1" Base="F7B2C000" MemSize="002000" Descr="" LegalCopyright="" />

<ITEM File="C:\windows\system32\Drivers\fltMgr.sys" CheckResult="-1" Base="F7445000" MemSize="020000" Descr="Microsoft Filesystem Filter Manager" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="128896" Attr="rsAh" CreateDate="6/14/2005 7:33:11 PM" ChageDate="8/21/2006 4:14:58 AM" MD5="3D234FB6D6EE875EB009864A299BEA29" />

<ITEM File="C:\windows\System32\Drivers\HTTP.sys" CheckResult="-1" Base="BA1D2000" MemSize="041000" Descr="HTTP Protocol Stack" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="262784" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="3/16/2006 7:33:10 PM" MD5="CB77BB47E67E84DEB17BA29632501730" />

<ITEM File="C:\windows\system32\drivers\kmixer.sys" CheckResult="-1" Base="B7B78000" MemSize="02B000" Descr="Kernel Mode Audio Mixer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="172416" Attr="rsAh" CreateDate="6/15/2005 10:39:54 AM" ChageDate="6/14/2006 3:47:45 AM" MD5="BA5DEDA4D934E6288C2F66CAF58D2562" />

<ITEM File="C:\windows\system32\drivers\mfeavfk.sys" CheckResult="-1" Base="BA308000" MemSize="010000" Descr="Anti-Virus File System Filter Driver" LegalCopyright="Copyright© 1995-2006 McAfee, Inc. All Rights Reserved." Size="71496" Attr="rsAh" CreateDate="12/7/2007 2:14:30 AM" ChageDate="6/25/2007 2:54:44 PM" MD5="452321943976F1EC781E738ECC4C20C6" />

<ITEM File="C:\windows\system32\drivers\mfebopk.sys" CheckResult="-1" Base="F78EC000" MemSize="007000" Descr="Buffer Overflow Protection Driver" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="34184" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:10 AM" MD5="3E9886C65CC655044BABB6869B69E8A3" />

<ITEM File="C:\windows\system32\drivers\mfehidk.sys" CheckResult="-1" Base="B9D0C000" MemSize="029000" Descr="Host Intrusion Detection Link Driver" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="171240" Attr="rsAh" CreateDate="12/7/2007 2:14:31 AM" ChageDate="6/25/2007 10:57:20 AM" MD5="8FF78B6959BC106834F583B9ABE33E33" />

<ITEM File="C:\windows\system32\drivers\mfesmfk.sys" CheckResult="-1" Base="F78DC000" MemSize="008000" Descr="System Monitor Filter Driver" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="37480" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:28 AM" MD5="465E114B2D2DD7C79951F4A8E9FD9CD2" />

<ITEM File="C:\windows\System32\Drivers\Mpfp.sys" CheckResult="-1" Base="F47DB000" MemSize="023000" Descr="McAfee Personal Firewall Plus Driver" LegalCopyright="Copyright © 2005 McAfee, Inc. All rights reserved." Size="109608" Attr="rsAh" CreateDate="12/7/2007 2:14:21 AM" ChageDate="3/2/2007 2:16:52 PM" MD5="B53A1134237A49A10352D5DD54BB2A54" />

<ITEM File="C:\windows\system32\DRIVERS\mrxsmb.sys" CheckResult="-1" Base="F462F000" MemSize="06F000" Descr="Windows NT SMB Minirdr" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="453120" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/5/2006 4:41:45 AM" MD5="025AF03CE51645C62F3B6907A7E2BE5E" />

<ITEM File="C:\windows\system32\Drivers\Ntfs.sys" CheckResult="-1" Base="F738F000" MemSize="08D000" Descr="NT File System Driver" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="574464" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="2/9/2007 6:10:35 AM" MD5="19A811EF5F1ED5C926A028CE107FF1AF" />

<ITEM File="C:\windows\system32\ntkrnlpa.exe" CheckResult="-1" Base="804D7000" MemSize="1F6580" Descr="NT Kernel @amp; System" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="2057600" Attr="rsAh" CreateDate="8/3/2004 5:59:00 PM" ChageDate="2/28/2007 3:38:55 AM" MD5="515D30E2C90A3665A2739309334C9283" />

<ITEM File="C:\windows\system32\drivers\nvapu.sys" CheckResult="-1" Base="F6B81000" MemSize="066000" Descr="NVIDIA® nForce Audio Driver" LegalCopyright="Copyright© 2000-2005 NVIDIA Corporation" Size="415360" Attr="rsAh" CreateDate="6/15/2005 10:39:24 AM" ChageDate="7/26/2005 7:01:56 AM" MD5="6D6FD2B7035D415621ACAF1E555C8B90" />

<ITEM File="C:\windows\system32\drivers\nvarm.sys" CheckResult="-1" Base="F6A6A000" MemSize="011000" Descr="NVIDIA® nForce APU Resource Manager" LegalCopyright="Copyright© 2000-2005 NVIDIA Corporation" Size="66688" Attr="rsAh" CreateDate="6/15/2005 10:39:23 AM" ChageDate="7/26/2005 7:02:36 AM" MD5="6A4EF48A64C67230B9B1C8ECBF52948C" />

<ITEM File="C:\windows\system32\drivers\nvax.sys" CheckResult="-1" Base="F783C000" MemSize="00E000" Descr="NVIDIA® nForce MCP Audio Enumerator" LegalCopyright="Copyright© 2000-2005 NVIDIA Corporation" Size="53376" Attr="rsAh" CreateDate="6/15/2005 10:39:23 AM" ChageDate="7/26/2005 6:58:30 AM" MD5="F3D3015E52F2732042197D4EDCAAC2CB" />

<ITEM File="C:\windows\system32\DRIVERS\NVENETFD.sys" CheckResult="-1" Base="F777C000" MemSize="009000" Descr="NVIDIA Networking Function Driver." LegalCopyright="Copyright © 2001-2003 NVIDIA Corporation" Size="33408" Attr="RsAh" CreateDate="6/15/2005 10:39:04 AM" ChageDate="11/24/2004 4:42:46 AM" MD5="812F45DA883BDB87C5960B25295A7E9C" />

<ITEM File="C:\windows\system32\drivers\nvmcp.sys" CheckResult="-1" Base="F6A7B000" MemSize="0E2000" Descr="NVIDIA® nForce MCP APU Audio Library" LegalCopyright="Copyright© 2000-2005 NVIDIA Corporation" Size="923520" Attr="rsAh" CreateDate="6/15/2005 10:39:23 AM" ChageDate="7/26/2005 7:02:38 AM" MD5="AEE0876E55D888D84507C521F452260B" />

<ITEM File="C:\windows\system32\DRIVERS\nvnetbus.sys" CheckResult="-1" Base="F7AB8000" MemSize="004000" Descr="NVIDIA Networking Bus Driver." LegalCopyright="Copyright © 2001-2003 NVIDIA Corporation" Size="12928" Attr="RsAh" CreateDate="6/15/2005 10:39:02 AM" ChageDate="11/24/2004 4:42:48 AM" MD5="507B332B431392ED37C23B7CFB66DCF7" />

<ITEM File="C:\windows\system32\DRIVERS\NVNRM.SYS" CheckResult="-1" Base="F71A7000" MemSize="044000" Descr="NVIDIA Network Resource Manager." LegalCopyright="Copyright © 2001-2003 NVIDIA Corporation" Size="275584" Attr="RsAh" CreateDate="6/15/2005 10:39:02 AM" ChageDate="11/24/2004 4:42:22 AM" MD5="1DB63A3126303185256F7350EB8A50C9" />

<ITEM File="C:\windows\system32\DRIVERS\NVSNPU.SYS" CheckResult="-1" Base="F7174000" MemSize="033000" Descr="NVIDIA Networking Soft-NPU Driver." LegalCopyright="Copyright © 2001-2003 NVIDIA Corporation" Size="208256" Attr="RsAh" CreateDate="6/15/2005 10:39:03 AM" ChageDate="11/24/2004 4:42:06 AM" MD5="2A2428E9AC19D75670E8964CD070C900" />

<ITEM File="C:\windows\system32\DRIVERS\rdbss.sys" CheckResult="-1" Base="F46C6000" MemSize="02B000" Descr="Redirected Drive Buffering SubSystem Driver" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="174592" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/5/2006 4:47:57 AM" MD5="03B965B1CA47F6EF60EB5E51CB50E0AF" />

<ITEM File="C:\Program Files\SPYWAREfighter\spyfighter.sys" CheckResult="-1" Base="F78C4000" MemSize="005000" Descr="" LegalCopyright="" Size="8600" Attr="rsAh" CreateDate="6/8/2007 11:52:46 AM" ChageDate="6/8/2007 11:52:46 AM" MD5="07263F66EEF61331D9FBC0EEA316FF86" />

<ITEM File="C:\windows\system32\DRIVERS\srv.sys" CheckResult="-1" Base="BA0B8000" MemSize="052000" Descr="Server driver" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="332928" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/14/2006 5:34:41 AM" MD5="EA554A3FFC3F536FE8320EB38F5E4843" />

<ITEM File="C:\windows\system32\DRIVERS\wanatw4.sys" CheckResult="-1" Base="F7934000" MemSize="006000" Descr="Wan Miniport (ATW)" LegalCopyright="Copyright © 2001-2002 America Online, Inc." Size="33588" Attr="RsAh" CreateDate="1/10/2003 4:13:04 PM" ChageDate="1/10/2003 4:13:04 PM" MD5="0A716C08CB13C3A8F4F51E882DBF7416" />

<ITEM File="C:\windows\system32\drivers\wdmaud.sys" CheckResult="-1" Base="B9D83000" MemSize="015000" Descr="MMSYSTEM Wave/Midi API mapper" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="82944" Attr="rsAh" CreateDate="6/15/2005 10:40:03 AM" ChageDate="6/14/2006 4:00:45 AM" MD5="EFD235CA22B57C81118C1AEB4798F1C1" />

<ITEM File="C:\windows\System32\win32k.sys" CheckResult="-1" Base="BF800000" MemSize="1C3000" Descr="Multi-User Win32 Driver" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1843584" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="3/8/2007 8:47:48 AM" MD5="5B5AD4F40BE00F56F51F286BE72C0376" />

<ITEM File="C:\windows\system32\DRIVERS\WniHdd51.sys" CheckResult="-1" Base="F71EB000" MemSize="0CE000" Descr="Airgo Networks True MIMO Wireless Adapter" LegalCopyright="Copyright © Airgo Networks, Inc.,2004" Size="840192" Attr="rsAh" CreateDate="1/29/2006 4:11:15 PM" ChageDate="4/18/2005 4:47:00 PM" MD5="67B2F1BDE076EC780394C8F0EC6888B8" />

</KERNELOBJ>

- <Service>

<ITEM File="C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" Name="AOL ACS" CheckResult="-1" Type="272" State="4" Size="46640" Attr="RsAh" CreateDate="10/23/2006 7:50:35 AM" ChageDate="10/23/2006 7:50:35 AM" MD5="85180CF88C5EBAD73B452A43A004CA51" />

<ITEM File="C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" Name="McAfee HackerWatch Service" CheckResult="-1" Type="16" State="4" Size="540776" Attr="rsAh" CreateDate="12/7/2007 2:14:26 AM" ChageDate="2/13/2007 12:09:12 PM" MD5="38BCCF016B694A745E1CDBC0B080A59C" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe" Name="mcmscsvc" CheckResult="-1" Type="16" State="4" Size="361560" Attr="rsAh" CreateDate="12/7/2007 2:13:51 AM" ChageDate="1/5/2007 4:22:12 PM" MD5="BB8A45E65BE310996A201F8A75646A8D" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe" Name="McNASvc" CheckResult="-1" Type="16" State="4" Size="2213416" Attr="rsAh" CreateDate="12/7/2007 2:14:06 AM" ChageDate="3/9/2007 4:36:10 AM" MD5="39621D46D16AF1FCF6063BCED5CA60FC" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe" Name="McODS" CheckResult="-1" Type="16" State="4" Size="362064" Attr="rsAh" CreateDate="12/7/2007 2:15:09 AM" ChageDate="1/16/2007 6:03:36 PM" MD5="" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\mcpromgr.exe" Name="mcpromgr" CheckResult="-1" Type="16" State="4" Size="493144" Attr="rsAh" CreateDate="12/7/2007 2:13:53 AM" ChageDate="1/5/2007 4:21:40 PM" MD5="14313FF5203DF7CB53E8D2F18F59D4D2" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe" Name="McProxy" CheckResult="-1" Type="16" State="4" Size="353368" Attr="rsAh" CreateDate="12/7/2007 2:15:51 AM" ChageDate="4/12/2007 9:33:42 AM" MD5="7BC413411A8A0E58ECB6868FFC2180D9" />

<ITEM File="c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe" Name="McRedirector" CheckResult="-1" Type="16" State="4" Size="256096" Attr="rsAh" CreateDate="12/7/2007 2:14:23 AM" ChageDate="3/8/2007 3:42:42 PM" MD5="DAF486036F2F6EE9DBA390D3CF2E5C29" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe" Name="McShield" CheckResult="-1" Type="16" State="4" Size="144960" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:56:42 AM" MD5="6611420C3CC970126C86ADCDC376AE39" />

<ITEM File="C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe" Name="McSysmon" CheckResult="-1" Type="16" State="4" Size="643664" Attr="rsAh" CreateDate="12/7/2007 2:14:39 AM" ChageDate="1/25/2007 4:01:58 PM" MD5="9770A8706BBA3C4CBEA998D2A6BF2D08" />

<ITEM File="C:\Program Files\McAfee\MPF\MPFSrv.exe" Name="MpfService" CheckResult="-1" Type="16" State="4" Size="841256" Attr="rsAh" CreateDate="12/7/2007 2:15:27 AM" ChageDate="6/19/2007 8:55:24 AM" MD5="1CAD000C45ED402F9C61F90CF8D208C2" />

<ITEM File="C:\PROGRA~1\McAfee\MPS\mps.exe" Name="MPS9" CheckResult="-1" Type="16" State="4" Size="906792" Attr="rsAh" CreateDate="12/7/2007 2:15:56 AM" ChageDate="4/18/2007 2:08:06 PM" MD5="" />

<ITEM File="C:\Program Files\SPYWAREfighter\spfprc.exe" Name="SPYWAREfighterRP" CheckResult="-1" Type="272" State="4" Size="410520" Attr="rsAh" CreateDate="6/8/2007 11:52:14 AM" ChageDate="6/8/2007 11:52:14 AM" MD5="DD634A9825135DDD919683A7DC04360B" />

<ITEM File="C:\Program Files\Windows Media Player\WMPNetwk.exe" Name="WMPNetworkSvc" CheckResult="-1" Type="16" State="4" Size="913408" Attr="rsah" CreateDate="10/18/2006 7:05:24 PM" ChageDate="10/18/2006 7:05:24 PM" MD5="F74E3D9A7FA9556C3BBB14D4E5E63D3B" />

<ITEM File="C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" Name="Adobe LM Service" CheckResult="-1" Type="16" State="1" Size="72704" Attr="rsAh" CreateDate="8/17/2005 8:18:22 PM" ChageDate="8/17/2005 8:18:22 PM" MD5="8B46D5A1D3EF08232C04D0EAFB871FB2" />

<ITEM File="C:\WINDOWS\system32\ati2sgag.exe" Name="ATI Smart" CheckResult="-1" Type="272" State="1" Size="516096" Attr="rsah" CreateDate="6/15/2005 10:44:41 AM" ChageDate="3/22/2005 11:05:00 PM" MD5="E08F67A80BF2FA7DF80F99F1E771EF3E" />

<ITEM File="C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe" Name="Emproxy" CheckResult="-1" Type="16" State="1" Size="341328" Attr="rsAh" CreateDate="12/7/2007 2:14:28 AM" ChageDate="10/5/2007 5:33:26 PM" MD5="A75FF052CC5682A197DD5CD4E89C218A" />

<ITEM File="iPod Service.sys" Name="iPod Service" CheckResult="-1" Type="16" State="1" />

<ITEM File="C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe" Name="mcmispupdmgr" CheckResult="-1" Type="272" State="1" Size="689752" Attr="rsAh" CreateDate="12/7/2007 2:13:48 AM" ChageDate="1/5/2007 4:22:18 PM" MD5="993582EC1CF765206CF9D4D5CA22589F" />

</Service>

- <Drivers>

<ITEM File="C:\windows\system32\DRIVERS\WniHdd51.sys" Name="Airgo" CheckResult="-1" Type="1" State="4" Size="840192" Attr="rsAh" CreateDate="1/29/2006 4:11:15 PM" ChageDate="4/18/2005 4:47:00 PM" MD5="67B2F1BDE076EC780394C8F0EC6888B8" />

<ITEM File="C:\windows\system32\DRIVERS\fltMgr.sys" Name="FltMgr" CheckResult="-1" Type="2" State="4" Size="128896" Attr="rsAh" CreateDate="6/14/2005 7:33:11 PM" ChageDate="8/21/2006 4:14:58 AM" MD5="3D234FB6D6EE875EB009864A299BEA29" />

<ITEM File="C:\windows\system32\Drivers\HTTP.sys" Name="HTTP" CheckResult="-1" Type="1" State="4" Size="262784" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="3/16/2006 7:33:10 PM" MD5="CB77BB47E67E84DEB17BA29632501730" />

<ITEM File="C:\windows\system32\drivers\kmixer.sys" Name="kmixer" CheckResult="-1" Type="1" State="4" Size="172416" Attr="rsAh" CreateDate="6/15/2005 10:39:54 AM" ChageDate="6/14/2006 3:47:45 AM" MD5="BA5DEDA4D934E6288C2F66CAF58D2562" />

<ITEM File="C:\windows\system32\drivers\mfeavfk.sys" Name="mfeavfk" CheckResult="-1" Type="1" State="4" Size="71496" Attr="rsAh" CreateDate="12/7/2007 2:14:30 AM" ChageDate="6/25/2007 2:54:44 PM" MD5="452321943976F1EC781E738ECC4C20C6" />

<ITEM File="C:\windows\system32\drivers\mfebopk.sys" Name="mfebopk" CheckResult="-1" Type="1" State="4" Size="34184" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:10 AM" MD5="3E9886C65CC655044BABB6869B69E8A3" />

<ITEM File="C:\windows\system32\drivers\mfehidk.sys" Name="mfehidk" CheckResult="-1" Type="1" State="4" Size="171240" Attr="rsAh" CreateDate="12/7/2007 2:14:31 AM" ChageDate="6/25/2007 10:57:20 AM" MD5="8FF78B6959BC106834F583B9ABE33E33" />

<ITEM File="C:\windows\system32\drivers\mfesmfk.sys" Name="mfesmfk" CheckResult="-1" Type="1" State="4" Size="37480" Attr="rsAh" CreateDate="12/7/2007 2:14:33 AM" ChageDate="6/25/2007 10:57:28 AM" MD5="465E114B2D2DD7C79951F4A8E9FD9CD2" />

<ITEM File="C:\windows\system32\Drivers\Mpfp.sys" Name="MPFP" CheckResult="-1" Type="1" State="4" Size="109608" Attr="rsAh" CreateDate="12/7/2007 2:14:21 AM" ChageDate="3/2/2007 2:16:52 PM" MD5="B53A1134237A49A10352D5DD54BB2A54" />

<ITEM File="C:\windows\system32\DRIVERS\mrxsmb.sys" Name="MRxSmb" CheckResult="-1" Type="2" State="4" Size="453120" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/5/2006 4:41:45 AM" MD5="025AF03CE51645C62F3B6907A7E2BE5E" />

<ITEM File="C:\windows\system32\Drivers\Ntfs.sys" Name="Ntfs" CheckResult="-1" Type="2" State="4" Size="574464" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="2/9/2007 6:10:35 AM" MD5="19A811EF5F1ED5C926A028CE107FF1AF" />

<ITEM File="C:\windows\system32\drivers\nvax.sys" Name="nvax" CheckResult="-1" Type="1" State="4" Size="53376" Attr="rsAh" CreateDate="6/15/2005 10:39:23 AM" ChageDate="7/26/2005 6:58:30 AM" MD5="F3D3015E52F2732042197D4EDCAAC2CB" />

<ITEM File="C:\windows\system32\DRIVERS\NVENETFD.sys" Name="NVENETFD" CheckResult="-1" Type="1" State="4" Size="33408" Attr="RsAh" CreateDate="6/15/2005 10:39:04 AM" ChageDate="11/24/2004 4:42:46 AM" MD5="812F45DA883BDB87C5960B25295A7E9C" />

<ITEM File="C:\windows\system32\DRIVERS\nvnetbus.sys" Name="nvnetbus" CheckResult="-1" Type="1" State="4" Size="12928" Attr="RsAh" CreateDate="6/15/2005 10:39:02 AM" ChageDate="11/24/2004 4:42:48 AM" MD5="507B332B431392ED37C23B7CFB66DCF7" />

<ITEM File="C:\windows\system32\drivers\nvapu.sys" Name="nvnforce" CheckResult="-1" Type="1" State="4" Size="415360" Attr="rsAh" CreateDate="6/15/2005 10:39:24 AM" ChageDate="7/26/2005 7:01:56 AM" MD5="6D6FD2B7035D415621ACAF1E555C8B90" />

<ITEM File="C:\windows\system32\DRIVERS\rdbss.sys" Name="Rdbss" CheckResult="-1" Type="2" State="4" Size="174592" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="5/5/2006 4:47:57 AM" MD5="03B965B1CA47F6EF60EB5E51CB50E0AF" />

<ITEM File="C:\Program Files\SPYWAREfighter\spyfighter.sys" Name="SpyFighter" CheckResult="-1" Type="1" State="4" Size="8600" Attr="rsAh" CreateDate="6/8/2007 11:52:46 AM" ChageDate="6/8/2007 11:52:46 AM" MD5="07263F66EEF61331D9FBC0EEA316FF86" />

<ITEM File="C:\windows\system32\DRIVERS\srv.sys" Name="Srv" CheckResult="-1" Type="2" State="4" Size="332928" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="8/14/2006 5:34:41 AM" MD5="EA554A3FFC3F536FE8320EB38F5E4843" />

<ITEM File="C:\windows\system32\DRIVERS\wanatw4.sys" Name="wanatw" CheckResult="-1" Type="1" State="4" Size="33588" Attr="RsAh" CreateDate="1/10/2003 4:13:04 PM" ChageDate="1/10/2003 4:13:04 PM" MD5="0A716C08CB13C3A8F4F51E882DBF7416" />

<ITEM File="C:\windows\system32\drivers\wdmaud.sys" Name="wdmaud" CheckResult="-1" Type="1" State="4" Size="82944" Attr="rsAh" CreateDate="6/15/2005 10:40:03 AM" ChageDate="6/14/2006 4:00:45 AM" MD5="EFD235CA22B57C81118C1AEB4798F1C1" />

<ITEM File="Abiosdsk.sys" Name="Abiosdsk" CheckResult="-1" Type="1" State="1" />

<ITEM File="abp480n5.sys" Name="abp480n5" CheckResult="-1" Type="1" State="1" />

<ITEM File="adpu160m.sys" Name="adpu160m" CheckResult="-1" Type="1" State="1" />

<ITEM File="C:\windows\system32\drivers\aec.sys" Name="aec" CheckResult="-1" Type="1" State="1" Size="142464" Attr="rsAh" CreateDate="6/15/2005 10:39:55 AM" ChageDate="2/14/2006 7:22:26 PM" MD5="1EE7B434BA961EF845DE136224C30FEC" />

<ITEM File="Aha154x.sys" Name="Aha154x" CheckResult="-1" Type="1" State="1" />

<ITEM File="aic78u2.sys" Name="aic78u2" CheckResult="-1" Type="1" State="1" />

<ITEM File="aic78xx.sys" Name="aic78xx" CheckResult="-1" Type="1" State="1" />

<ITEM File="AliIde.sys" Name="AliIde" CheckResult="-1" Type="1" State="1" />

<ITEM File="amsint.sys" Name="amsint" CheckResult="-1" Type="1" State="1" />

<ITEM File="asc.sys" Name="asc" CheckResult="-1" Type="1" State="1" />

<ITEM File="asc3350p.sys" Name="asc3350p" CheckResult="-1" Type="1" State="1" />

<ITEM File="asc3550.sys" Name="asc3550" CheckResult="-1" Type="1" State="1" />

<ITEM File="Atdisk.sys" Name="Atdisk" CheckResult="-1" Type="1" State="1" />

<ITEM File="C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys" Name="catchme" CheckResult="-1" Type="1" State="1" />

<ITEM File="cd20xrnt.sys" Name="cd20xrnt" CheckResult="-1" Type="1" State="1" />

<ITEM File="Changer.sys" Name="Changer" CheckResult="-1" Type="1" State="1" />

<ITEM File="CmdIde.sys" Name="CmdIde" CheckResult="-1" Type="1" State="1" />

<ITEM File="Cpqarray.sys" Name="Cpqarray" CheckResult="-1" Type="1" State="1" />

<ITEM File="dac960nt.sys" Name="dac960nt" CheckResult="-1" Type="1" State="1" />

<ITEM File="dpti2o.sys" Name="dpti2o" CheckResult="-1" Type="1" State="1" />

<ITEM File="D:\Fxdrv.sys" Name="FXDRV" CheckResult="-1" Type="1" State="1" />

<ITEM File="hpn.sys" Name="hpn" CheckResult="-1" Type="1" State="1" />

<ITEM File="i2omgmt.sys" Name="i2omgmt" CheckResult="-1" Type="1" State="1" />

<ITEM File="i2omp.sys" Name="i2omp" CheckResult="-1" Type="1" State="1" />

<ITEM File="ini910u.sys" Name="ini910u" CheckResult="-1" Type="1" State="1" />

<ITEM File="IntelIde.sys" Name="IntelIde" CheckResult="-1" Type="1" State="1" />

<ITEM File="lbrtfdc.sys" Name="lbrtfdc" CheckResult="-1" Type="1" State="1" />

<ITEM File="C:\windows\system32\drivers\mferkdk.sys" Name="mferkdk" CheckResult="-1" Type="1" State="1" Size="32008" Attr="rsAh" CreateDate="12/7/2007 2:14:34 AM" ChageDate="6/25/2007 10:57:24 AM" MD5="4472CC5A38FB106751CB81883AE714D3" />

<ITEM File="mraid35x.sys" Name="mraid35x" CheckResult="-1" Type="1" State="1" />

<ITEM File="C:\windows\system32\DRIVERS\OmniUsb.sys" Name="OmniUsb" CheckResult="-1" Type="1" State="1" Size="28800" Attr="RsAh" CreateDate="1/5/2007 4:21:23 PM" ChageDate="9/22/2005 1:22:18 AM" MD5="E6622491F114B8C9CB179011D300C009" />

<ITEM File="C:\windows\system32\DRIVERS\OmniUsbl.sys" Name="OmniUsbl" CheckResult="-1" Type="1" State="1" Size="9696" Attr="RsAh" CreateDate="1/5/2007 4:21:23 PM" ChageDate="9/22/2005 1:22:18 AM" MD5="A20310E06FB9A26753979220FD50382C" />

<ITEM File="PCIDump.sys" Name="PCIDump" CheckResult="-1" Type="1" State="1" />

<ITEM File="PDCOMP.sys" Name="PDCOMP" CheckResult="-1" Type="1" State="1" />

<ITEM File="PDFRAME.sys" Name="PDFRAME" CheckResult="-1" Type="1" State="1" />

<ITEM File="PDRELI.sys" Name="PDRELI" CheckResult="-1" Type="1" State="1" />

<ITEM File="PDRFRAME.sys" Name="PDRFRAME" CheckResult="-1" Type="1" State="1" />

<ITEM File="perc2.sys" Name="perc2" CheckResult="-1" Type="1" State="1" />

<ITEM File="perc2hib.sys" Name="perc2hib" CheckResult="-1" Type="1" State="1" />

<ITEM File="ql1080.sys" Name="ql1080" CheckResult="-1" Type="1" State="1" />

<ITEM File="Ql10wnt.sys" Name="Ql10wnt" CheckResult="-1" Type="1" State="1" />

<ITEM File="ql12160.sys" Name="ql12160" CheckResult="-1" Type="1" State="1" />

<ITEM File="ql1240.sys" Name="ql1240" CheckResult="-1" Type="1" State="1" />

<ITEM File="ql1280.sys" Name="ql1280" CheckResult="-1" Type="1" State="1" />

<ITEM File="C:\windows\system32\Drivers\RDPWD.sys" Name="RDPWD" CheckResult="-1" Type="1" State="1" Size="139528" Attr="rsAh" CreateDate="6/14/2005 7:31:45 PM" ChageDate="6/9/2005 11:09:46 PM" MD5="B54CD38A9EBFBF2B3561426E3FE26F62" />

<ITEM File="C:\windows\system32\DRIVERS\secdrv.sys" Name="Secdrv" CheckResult="-1" Type="1" State="1" Size="20480" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="11/13/2007 5:25:53 AM" MD5="90A3935D05B494A5A39D37E71F09A677" />

<ITEM File="Simbad.sys" Name="Simbad" CheckResult="-1" Type="1" State="1" />

<ITEM File="Sparrow.sys" Name="Sparrow" CheckResult="-1" Type="1" State="1" />

<ITEM File="C:\windows\system32\drivers\splitter.sys" Name="splitter" CheckResult="-1" Type="1" State="1" Size="6400" Attr="rsAh" CreateDate="6/15/2005 10:40:04 AM" ChageDate="6/14/2006 3:47:46 AM" MD5="0CE218578FFF5F4F7E4201539C45C78F" />

<ITEM File="sym_hi.sys" Name="sym_hi" CheckResult="-1" Type="1" State="1" />

<ITEM File="sym_u3.sys" Name="sym_u3" CheckResult="-1" Type="1" State="1" />

<ITEM File="symc810.sys" Name="symc810" CheckResult="-1" Type="1" State="1" />

<ITEM File="symc8xx.sys" Name="symc8xx" CheckResult="-1" Type="1" State="1" />

<ITEM File="TosIde.sys" Name="TosIde" CheckResult="-1" Type="1" State="1" />

<ITEM File="ultra.sys" Name="ultra" CheckResult="-1" Type="1" State="1" />

<ITEM File="ViaIde.sys" Name="ViaIde" CheckResult="-1" Type="1" State="1" />

<ITEM File="WDICA.sys" Name="WDICA" CheckResult="-1" Type="1" State="1" />

<ITEM File="C:\windows\system32\DRIVERS\WudfPf.sys" Name="WudfPf" CheckResult="-1" Type="1" State="1" Size="77568" Attr="rsah" CreateDate="9/28/2006 5:55:50 PM" ChageDate="9/28/2006 5:55:50 PM" MD5="F15FEAFFFBB3644CCC80C5DA584E6311" />

</Drivers>

- <AUTORUN>

<ITEM File="C:\Program Files\AOL 9.0b\AOL.EXE" CheckResult="-1" Enabled="1" Type="REG" Size="50736" Attr="rsAh" CreateDate="4/18/2007 1:49:00 AM" ChageDate="4/18/2007 1:49:00 AM" MD5="8FC6A73DCBC27F310AB4CD9998AB8F17" X1="HKEY_CURRENT_USER" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="AOL Fast Start" />

<ITEM File="C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe" CheckResult="-1" Enabled="1" Type="REG" Size="80896" Attr="rsAh" CreateDate="8/22/2007 4:31:16 PM" ChageDate="8/22/2007 4:31:16 PM" MD5="941A08CBDEEDF16B6C986B6BA7C9A5D0" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="hpqSRMon" />

<ITEM File="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" CheckResult="-1" Enabled="1" Type="REG" Size="131072" Attr="rsAh" CreateDate="6/15/2005 10:39:44 AM" ChageDate="10/7/2004 7:53:06 PM" MD5="9A41CD3BEF74884C2C9E1269B8A6A566" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="NVMixerTray" />

<ITEM File="C:\Program Files\SPYWAREfighter\spftray.exe" CheckResult="-1" Enabled="1" Type="REG" Size="115608" Attr="rsAh" CreateDate="6/8/2007 11:52:18 AM" ChageDate="6/8/2007 11:52:18 AM" MD5="B98D723FBDF2508C8959258BD42F46E9" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="spywarefighterguard" />

<ITEM File="C:\Program Files\Windows Media Player\WMPNSCFG.exe" CheckResult="-1" Enabled="1" Type="REG" Size="204288" Attr="rsah" CreateDate="10/18/2006 7:05:26 PM" ChageDate="10/18/2006 7:05:26 PM" MD5="7EAED08CCCA4DDDE61A388C82598CFA9" X1="HKEY_CURRENT_USER" X2="Software\Microsoft\Windows\CurrentVersion\Run" X3="WMPNSCFG" />

<ITEM File="C:\WINDOWS\system32\WPDShServiceObj.dll" CheckResult="-1" Enabled="1" Type="REG" Size="133632" Attr="rsah" CreateDate="10/18/2006 8:47:22 PM" ChageDate="10/18/2006 8:47:22 PM" MD5="045E228F71C31901084B64BE59093499" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" X3="WPDShServiceObj" />

<ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Enabled="1" Type="REG" Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" X3="WebCheck" />

<ITEM File="C:\windows\system32\SHELL32.dll" CheckResult="-1" Enabled="1" Type="REG" Size="8460288" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/25/2007 10:34:01 PM" MD5="3BE4C2E84D99889685FE2B68E5FA2A9D" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" X3="PostBootReminder" />

<ITEM File="C:\windows\system32\SHELL32.dll" CheckResult="-1" Enabled="1" Type="REG" Size="8460288" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/25/2007 10:34:01 PM" MD5="3BE4C2E84D99889685FE2B68E5FA2A9D" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad" X3="CDBurn" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" Type="REG" Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" X3="{438755C2-A8BA-11D1-B96B-00A0C90312E1}" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" Type="REG" Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler" X3="{8C7461EF-2B13-11d2-BE35-3078302C2030}" />

<ITEM File="C:\windows\system32\dfrg.msc %c:" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath" X3="" />

<ITEM File="C:\windows\system32\iedkcs32.dll" CheckResult="-1" Enabled="1" Type="REG" Size="384512" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:52 PM" MD5="67E95C3DCF58CE1F94AE34C9FB498E22" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}" X3="DLLName" />

<ITEM File="C:\windows\system32\iedkcs32.dll" CheckResult="-1" Enabled="1" Type="REG" Size="384512" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:52 PM" MD5="67E95C3DCF58CE1F94AE34C9FB498E22" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}" X3="DLLName" />

<ITEM File="C:\windows\system32\schannel.dll" CheckResult="-1" Enabled="-1" Type="REG" Size="144896" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="4/25/2007 9:21:15 AM" MD5="532EA80E9F5452928F8426653215BE29" X1="HKEY_LOCAL_MACHINE" X2="SYSTEM\CurrentControlSet\Control\SecurityProviders" X3="SecurityProviders" />

<ITEM File="C:\windows\system32\shell32.dll" CheckResult="-1" Enabled="1" Type="REG" Size="8460288" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/25/2007 10:34:01 PM" MD5="3BE4C2E84D99889685FE2B68E5FA2A9D" X1="HKEY_LOCAL_MACHINE" X2="Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" X3="{AEB6717E-7E19-11d0-97EE-00C04FD91972}" />

<ITEM File="appmgmts.dll" CheckResult="-1" Enabled="1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}" X3="DLLName" />

<ITEM File="autocheck autochk *lsdelete" CheckResult="-1" Enabled="-1" Type="REG" X1="HKEY_LOCAL_MACHINE" X2="System\CurrentControlSet\Control\Session Manager" X3="BootExecute" />

</AUTORUN>

- <BHO>

<ITEM File="" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" Descr="" LegalCopyright="" />

<ITEM File="C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{6548BF73-58FF-71D5-F97D-17C71E323709}" Descr="IntelligentAdvisor" LegalCopyright="©" Size="1019904" Attr="rsAh" CreateDate="12/11/2007 4:27:08 PM" ChageDate="12/11/2007 4:27:08 PM" MD5="EB37DA8025116FC1A2DDD2F93B700C5A" />

<ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll" CheckResult="-1" Enabled="1" BHOType="1" RegKey="Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" CLSID="{7DB2D5A0-7241-4E79-B68D-6309F01C5231}" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="67136" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:44 AM" MD5="AAB55DDA71DA25DDED70FEA55B61CC19" />

<ITEM File="c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="CmdMapping" Descr="VSCore Script Scanner" LegalCopyright="Copyright© 1995-2007 McAfee, Inc. All Rights Reserved." Size="67136" Attr="rsAh" CreateDate="12/7/2007 2:14:35 AM" ChageDate="6/25/2007 10:57:44 AM" MD5="AAB55DDA71DA25DDED70FEA55B61CC19" />

<ITEM File="C:\windows\Network Diagnostic\xpnetdiag.exe" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{e2e2dd38-d088-4134-82b7-f2ba38496583}" Descr="Network Diagnostic for Windows XP" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="557568" Attr="rsah" CreateDate="12/9/2006 7:39:17 AM" ChageDate="10/10/2006 7:44:50 AM" MD5="CEBED017C4965FC4407CCD986AE0A528" />

<ITEM File="C:\Program Files\Messenger\MSMSGS.EXE" CheckResult="-1" Enabled="1" BHOType="3" RegKey="Software\Microsoft\Internet Explorer\Extensions" CLSID="{FB5F1910-F110-11d2-BB9E-00C04F795683}" Descr="Messenger" LegalCopyright="Copyright © Microsoft Corporation 1997-2003" Size="1498032" Attr="rsAh" CreateDate="4/14/2003 8:05:20 PM" ChageDate="4/14/2003 8:05:20 PM" MD5="F5C2F0308D0AA91457059EC7227A06F7" />

</BHO>

- <ExplorerExt>

<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Display Panning CPL Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{42071714-76d4-11d1-8b24-00a0c9068ff3}" Descr="" LegalCopyright="" />

<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Shell extensions for file compression" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{764BF0E1-F219-11ce-972D-00AA00A14F56}" Descr="" LegalCopyright="" />

<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Encryption Context Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" Descr="" LegalCopyright="" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Set Program Access and Defaults" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\WINDOWS\system32\wuaucpl.cpl" CheckResult="-1" Enabled="1" ExtName="Auto Update Property Sheet Extension" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{5F327514-6C5E-4d60-8F16-D07FA08A78ED}" Descr="Automatic Updates Control Panel" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="216408" Attr="rsAh" CreateDate="6/14/2005 7:33:20 PM" ChageDate="7/30/2007 6:19:28 PM" MD5="D7FA9A9750403CC68DC209CDE7C50D7A" />

<ITEM File="" CheckResult="-1" Enabled="1" ExtName="Taskbar and Start Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0DF44EAA-FF21-4412-828E-260A8728E7F1}" Descr="" LegalCopyright="" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Search" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Help and Support" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Help and Support" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Run..." RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Internet" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="E-mail" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Fonts" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{D20EA4E1-3957-11d2-A40B-0C5020524152}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Administrative Tools" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{D20EA4E1-3957-11d2-A40B-0C5020524153}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Internet Toolbar" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{5E6AB780-7743-11CF-A12B-00AA004AE837}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Download Status" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{22BF0C20-6DA7-11D0-B373-00A0C9034938}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Augmented Shell Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{91EA3F8B-C99B-11d0-9815-00C04FD91972}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Augmented Shell Folder 2" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6413BA2C-B461-11d1-A18A-080036B11A03}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="BandProxy" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{F61FFEC1-754F-11d0-80CA-00AA005B4383}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft BrowserBand" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7BA4C742-9E81-11CF-99D3-00AA004AE837}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Search Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{30D02401-6A81-11d0-8274-00C04FD5AE38}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="In-pane search" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{169A0691-8DF9-11d1-A1C4-00C04FD75D13}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Web Search" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{07798131-AF23-11d1-9111-00A0C98BA67D}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Registry Tree Options Utility" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{AF4F6510-F982-11d0-8595-00AA004CD6D8}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="@amp;Address" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{01E04581-4EEE-11d0-BFE9-00AA005B4383}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Address EditBox" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{A08C11D2-A228-11d0-825B-00AA005B4383}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft AutoComplete" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00BB2763-6A77-11D0-A535-00C04FD7D062}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="TridentImageExtractor" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7376D660-C583-11d0-A3A5-00C04FD706EC}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="MRU AutoComplete List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6756A641-DE71-11d0-831B-00AA005B4383}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Custom MRU AutoCompleted List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Accessible" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7e653215-fa25-46bd-a339-34a2790f3cb7}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Track Popup Bar" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{acf35015-526e-4230-9596-becbe19f0ac9}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft History AutoComplete List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00BB2764-6A77-11D0-A535-00C04FD7D062}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Shell Folder AutoComplete List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{03C036F1-A186-11D0-824A-00AA005B4383}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Multiple AutoComplete List Container" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00BB2765-6A77-11D0-A535-00C04FD7D062}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Shell Band Site Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{ECD4FC4E-521C-11D0-B792-00A0C90312E1}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Shell DeskBarApp" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Shell DeskBar" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{ECD4FC4C-521C-11D0-B792-00A0C90312E1}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Shell Rebar BandSite" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{ECD4FC4D-521C-11D0-B792-00A0C90312E1}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="User Assist" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{DD313E04-FEFF-11d1-8ECD-0000F87A470C}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Global Folder Settings" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Favorites Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{EFA24E61-B078-11d0-89E4-00C04FC9E26E}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Shell Automation Inproc Service" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{0A89A860-D7B1-11CE-8350-444553540000}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="Shell DocObject Viewer" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Browser Architecture" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="InternetShortcut" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Url History Service" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3C374A40-BAE4-11CF-BF7D-00AA006946EE}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="History" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FF393560-C2A7-11CF-BFF4-444553540000}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="Temporary Internet Files" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7BD29E00-76C1-11CF-9DD0-00A0C9034933}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="Temporary Internet Files" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7BD29E01-76C1-11CF-9DD0-00A0C9034933}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Url Search Hook" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="IE4 Suite Splash Screen" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="CDF Extension Copy Hook" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{67EA19A0-CCEF-11d0-8024-00C04FD75D13}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="ISFBand OC" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{131A6951-7F78-11D0-A979-00C04FD705A2}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Search Assistant OC" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{9461b922-3c5a-11d2-bf8b-00c04fb93661}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="The Internet" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="Internet Name Space" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{871C5380-42A0-1069-A2EA-08002B30309D}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\windows\system32\shdocvw.dll" CheckResult="-1" Enabled="1" ExtName="Explorer Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{EFA24E64-B078-11d0-89E4-00C04FC9E26E}" Descr="Shell Doc Object and Control Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1497088" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="559B2D22A1EE947A7EAED530C7FF9320" />

<ITEM File="C:\WINDOWS\system32\occache.dll" CheckResult="-1" Enabled="1" ExtName="ActiveX Cache Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{88C6C381-2E85-11D0-94DE-444553540000}" Descr="Object Control Viewer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="102400" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:59 PM" MD5="BFB113A5029E07C7307817A98835806D" />

<ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="WebCheck" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" />

<ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="Subscription Mgr" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" />

<ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="Subscription Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{F5175861-2688-11d0-9C5E-00AA00A45957}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" />

<ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="WebCheckWebCrawler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{08165EA0-E946-11CF-9C87-00AA005127ED}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" />

<ITEM File="C:\windows\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="WebCheckChannelAgent" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" />

<ITEM File="C:\windows\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="TrayAgent" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" />

<ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="Code Download Agent" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7D559C10-9FE9-11d0-93F7-00AA0059CE02}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" />

<ITEM File="C:\windows\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="ConnectionAgent" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" />

<ITEM File="C:\windows\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="PostAgent" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{D8BD2030-6FC9-11D0-864F-00AA006809D9}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" />

<ITEM File="C:\WINDOWS\system32\webcheck.dll" CheckResult="-1" Enabled="1" ExtName="WebCheck SyncMgr Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}" Descr="Web Site Monitor" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="232960" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:56:00 PM" MD5="513FC3EB51B70D65B52860C7A0CCDE61" />

<ITEM File="rundll32.exe C:\windows\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" CheckResult="-1" Enabled="1" ExtName="Autoplay for SlideShow" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}" Descr="" LegalCopyright="" />

<ITEM File="" CheckResult="-1" Enabled="1" ExtName="User Accounts" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{7A9D77BD-5403-11d2-8785-2E0420524153}" Descr="" LegalCopyright="" />

<ITEM File="C:\WINDOWS\system32\extmgr.dll" CheckResult="-1" Enabled="1" ExtName="Extensions Manager Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{692F0339-CBAA-47e6-B5B5-3B84DB604E87}" Descr="Extensions Manager" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="132608" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:51 PM" MD5="DB300F1EDD5DB9EA6A8552867C36EC77" />

<ITEM File="C:\WINDOWS\system32\wmpshell.dll" CheckResult="-1" Enabled="1" ExtName="Windows Media Player Burn Audio CD Context Menu Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{8DD448E6-C188-4aed-AF92-44956194EB1F}" Descr="Windows Media Player Launcher" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="99840" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/18/2006 8:47:20 PM" MD5="EC4857574F466CB8E8D7AF92D7830A56" />

<ITEM File="C:\WINDOWS\system32\wmpshell.dll" CheckResult="-1" Enabled="1" ExtName="Windows Media Player Play as Playlist Context Menu Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}" Descr="Windows Media Player Launcher" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="99840" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/18/2006 8:47:20 PM" MD5="EC4857574F466CB8E8D7AF92D7830A56" />

<ITEM File="C:\WINDOWS\system32\wmpshell.dll" CheckResult="-1" Enabled="1" ExtName="Windows Media Player Add to Playlist Context Menu Handler" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}" Descr="Windows Media Player Launcher" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="99840" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/18/2006 8:47:20 PM" MD5="EC4857574F466CB8E8D7AF92D7830A56" />

<ITEM File="C:\windows\system32\browseui.dll" CheckResult="-1" Enabled="1" ExtName="Shell Search Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{21569614-B795-46b1-85F4-E737A8DC09AD}" Descr="Shell Browser UI Library" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1022976" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="9/23/2006 12:12:50 PM" MD5="B99FF349BF53BD91FBDDCD6B1EDE8980" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Microsoft BrowserBand" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{07C45BB1-4A8C-4642-A1F5-237E7215FF66}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Fade Task" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{1C1EDB47-CE22-4bbb-B608-77B48F83C823}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Menu Desk Bar" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{205D7A97-F16D-4691-86EF-F3075DCCA57D}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE AutoComplete" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{3028902F-6374-48b2-8DC6-9725E775B926}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Navigation Bar" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{43886CD5-6529-41c4-A707-7B3C92C05E68}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Menu Site" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{44C76ECD-F7FA-411c-9929-1B77BA77F524}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Menu Band" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{4B78D326-D922-44f9-AF2A-07805C2A3560}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Microsoft History AutoComplete List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6038EF75-ABFC-4e59-AB6F-12D397F6568D}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Tracking Shell Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE IShellFolderBand" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{6CF48EF8-44CD-45d2-8832-A16EA016311B}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE BandProxy" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{73CFD649-CD48-4fd8-A272-2070EA56526B}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE MRU AutoComplete List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE RSS Feeder Folder" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Microsoft Shell Folder AutoComplete List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{9D958C62-3954-4b44-8FAB-C4670C1DB4C2}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Microsoft Multiple AutoComplete List Container" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{B31C5FAE-961F-415b-BAF0-E697A5178B94}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="Microsoft Browser Architecture" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{BC476F4C-D9D7-4100-8D4E-E043F6DEC409}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Shell Rebar BandSite" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Shell Band Site Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{E6EE9AAC-F76B-4947-8260-A9F136138E11}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="@amp;Links" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{F2CF5485-4E02-4f68-819C-B92DE9277049}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Registry Tree Options Utility" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE User Assist" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\WINDOWS\system32\ieframe.dll" CheckResult="-1" Enabled="1" ExtName="IE Custom MRU AutoCompleted List" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{FDE7673D-2E19-4145-8376-BBD58C4BC7BA}" Descr="Internet Explorer" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="6065664" Attr="rsAh" CreateDate="11/7/2006 9:03:36 PM" ChageDate="10/10/2007 6:55:54 PM" MD5="122C2B5BCFE01B899E5B4A41B5AFF55B" />

<ITEM File="C:\windows\system32\wpdshext.dll" CheckResult="-1" Enabled="1" ExtName="Portable Devices" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{35786D3C-B075-49b9-88DD-029876E11C01}" Descr="Portable Devices Shell Extension" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="2603008" Attr="rsah" CreateDate="10/18/2006 8:47:22 PM" ChageDate="10/18/2006 8:47:22 PM" MD5="81D2A27C916C7830743E4AFA454099F7" />

<ITEM File="C:\windows\system32\wpdshext.dll" CheckResult="-1" Enabled="1" ExtName="Portable Devices Menu" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}" Descr="Portable Devices Shell Extension" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="2603008" Attr="rsah" CreateDate="10/18/2006 8:47:22 PM" ChageDate="10/18/2006 8:47:22 PM" MD5="81D2A27C916C7830743E4AFA454099F7" />

<ITEM File="C:\windows\system32\Audiodev.dll" CheckResult="-1" Enabled="1" ExtName="Portable Media Devices" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{640167b4-59b0-47a6-b335-a6b3c0695aea}" Descr="Portable Media Devices Shell Extension" LegalCopyright="Copyright © Microsoft Corporation. All rights reserved." Size="276992" Attr="rsah" CreateDate="9/22/2004 5:45:36 PM" ChageDate="10/18/2006 8:47:08 PM" MD5="4C48F1B30A82583CAEE0DA02DD7259EE" />

<ITEM File="C:\WINDOWS\system32\mscoree.dll" CheckResult="-1" Enabled="1" ExtName="Fusion Cache" RegKey="SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved" CLSID="{1D2680C9-0E2A-469d-B787-065558BC7D43}" Descr="Microsoft .NET Runtime Execution Engine" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="271360" Attr="rsAh" CreateDate="3/13/2007 8:54:08 PM" ChageDate="3/13/2007 8:54:08 PM" MD5="CE3FB88207EE4D3C8BD55EB869585144" />

</ExplorerExt>

- <PrintEXT>

<ITEM File="C:\windows\system32\hpz3l463.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="LanguageMonitor" LegalCopyright="Copyright © 1999" Size="38400" Attr="rsAh" CreateDate="4/7/2007 9:28:13 PM" ChageDate="3/22/2006 8:10:18 PM" MD5="D9CBE3BD7A91FB6731F343C003C3D52D" />

<ITEM File="C:\windows\system32\hpz3l4pi.dll" CheckResult="-1" Enabled="1" RegKey="SYSTEM\CurrentControlSet\Control\Print\Monitors" Descr="LanguageMonitor" LegalCopyright="Copyright © 1999" Size="48128" Attr="rsAh" CreateDate="4/7/2007 6:55:22 PM" ChageDate="6/3/2006 8:29:16 PM" MD5="37EAAE02EBF3B89F4F7BD1D40761F80B" />

</PrintEXT>

- <TaskScheduler>

<ITEM File="c:\PROGRA~1\mcafee\mqc\QcConsol.exe" CheckResult="-1" Enabled="4235908" Descr="QuickClean Console Application" LegalCopyright="Copyright © 2006 McAfee, Inc." Size="136744" Attr="rsAh" CreateDate="12/7/2007 2:13:59 AM" ChageDate="1/17/2007 6:02:10 PM" MD5="9D3D28FF398533B5DCDA638F0794AE8A" />

<ITEM File="c:\PROGRA~1\mcafee\mqc\QcConsol.exe" CheckResult="-1" Enabled="4235908" Descr="QuickClean Console Application" LegalCopyright="Copyright © 2006 McAfee, Inc." Size="136744" Attr="rsAh" CreateDate="12/7/2007 2:13:59 AM" ChageDate="1/17/2007 6:02:10 PM" MD5="9D3D28FF398533B5DCDA638F0794AE8A" />

<ITEM File="C:\Program Files\RegCure\RegCure.exe" CheckResult="-1" Enabled="4235908" Descr="RegCure Application" LegalCopyright="Copyright © 2006" Size="11511104" Attr="rsAh" CreateDate="8/2/2007 11:20:34 AM" ChageDate="8/2/2007 11:20:34 AM" MD5="1E70230570407FA2899D27AE31A8E407" />

<ITEM File="C:\Program Files\RegCure\RegCure.exe" CheckResult="-1" Enabled="4235908" Descr="RegCure Application" LegalCopyright="Copyright © 2006" Size="11511104" Attr="rsAh" CreateDate="8/2/2007 11:20:34 AM" ChageDate="8/2/2007 11:20:34 AM" MD5="1E70230570407FA2899D27AE31A8E407" />

<ITEM File="C:\Program Files\SpywareBot\SpywareBot.exe" CheckResult="-1" Enabled="4235908" Descr="" LegalCopyright="" />

</TaskScheduler>

- <DPF>

<ITEM File="C:\WINDOWS\Downloaded Program Files\fscax.dll" CheckResult="-1" Enabled="1" RegKey="SOFTWARE\Microsoft\Code Store Database\Distribution Units" CLSID="{0B79F48A-E8D6-11DB-9283-E25056D89593}" CodeBase="http://support.f-secure.com/ols/fscax.cab" Descr="fscax module" LegalCopyright="© 2005-2006 F-Secure Corporation. All rights reserved." Size="254360" Attr="rsAh" CreateDate="5/7/2007 4:39:24 PM" ChageDate="5/7/2007 4:39:24 PM" MD5="D5199825510E4C4F97DC93B7BC3B1A8A" />

</DPF>

- <CPL>

<ITEM File="C:\windows\system32\inetcpl.cpl" CheckResult="-1" Enabled="1" Descr="Internet Control Panel" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="1831424" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:55 PM" MD5="CB43139D9583655AC66C0D02B882FB81" />

<ITEM File="C:\windows\system32\wuaucpl.cpl" CheckResult="-1" Enabled="1" Descr="Automatic Updates Control Panel" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="216408" Attr="rsAh" CreateDate="6/14/2005 7:33:20 PM" ChageDate="7/30/2007 6:19:28 PM" MD5="D7FA9A9750403CC68DC209CDE7C50D7A" />

</CPL>

- <ActiveSetup>

<ITEM File="C:\WINDOWS\system32\ieudinit.exe" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="@lt;{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}" Descr="IE Per User Active Setup Uninstall Utility" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="13824" Attr="rsAh" CreateDate="11/7/2006 3:26:32 AM" ChageDate="10/10/2007 5:59:40 AM" MD5="324ECD19DB11EBDBA37E1F69D887B565" />

<ITEM File="C:\WINDOWS\inf\unregmp2.exe" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="@gt;{22d6f312-b0f6-11d0-94ab-0080c74c7e95}" Descr="Microsoft Windows Media Player Setup Utility" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="317440" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="6/26/2007 9:10:26 PM" MD5="D0CB8DEAF008D7CDC794EF6A37EC8134" />

<ITEM File="C:\WINDOWS\system32\ie4uinit.exe" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="@gt;{26923b43-4d38-484f-9b9e-de460746276c}" Descr="IE Per-User Initialization Utility" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="70656" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 5:59:40 AM" MD5="5082EB7CEBC228028E5326D1CB05B925" />

<ITEM File="C:\windows\system32\IEDKCS32.DLL" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="@gt;{60B49E34-C7CC-11D0-8953-00A0C90347FF}" Descr="IEAK branding" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="384512" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:52 PM" MD5="67E95C3DCF58CE1F94AE34C9FB498E22" />

<ITEM File="C:\windows\system32\IEDKCS32.DLL" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="@gt;{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS" Descr="IEAK branding" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="384512" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:52 PM" MD5="67E95C3DCF58CE1F94AE34C9FB498E22" />

<ITEM File="C:\windows\system32\advpack.dll" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="{44BBA842-CC51-11CF-AAFA-00AA00B6015B}" Descr="ADVPACK" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="124928" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:51 PM" MD5="30210D3B6AA569B78FA0EA1E1E8A5A70" />

<ITEM File="C:\windows\system32\advpack.dll" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="{5945c046-1e7d-11d1-bc44-00c04fd912be}" Descr="ADVPACK" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="124928" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:51 PM" MD5="30210D3B6AA569B78FA0EA1E1E8A5A70" />

<ITEM File="C:\windows\system32\advpack.dll" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="{6BF52A52-394A-11d3-B153-00C04F79FAA6}" Descr="ADVPACK" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="124928" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 6:55:51 PM" MD5="30210D3B6AA569B78FA0EA1E1E8A5A70" />

<ITEM File="C:\WINDOWS\system32\ie4uinit.exe" CheckResult="-1" Enabled="1" RegKey="Software\Microsoft\Active Setup\Installed Components" CLSID="{89820200-ECBD-11cf-8B85-00AA005B4383}" Descr="IE Per-User Initialization Utility" LegalCopyright="© Microsoft Corporation. All rights reserved." Size="70656" Attr="rsAh" CreateDate="8/4/2004 7:00:00 AM" ChageDate="10/10/2007 5:59:40 AM" MD5="5082EB7CEBC228028E5326D1CB05B925" />

</ActiveSetup>

- <HOSTS>

<ITEM Line="127.0.0.1 localhost" />

</HOSTS>

- <SuspFiles>

<ITEM File="C:\windows\system32\drivers\mfehidk.sys" VirType="4" Descr="Kernel-mode hook" />

<ITEM File="C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe" VirType="2" Descr="Suspicion for Backdoor.Win32.JustJoke.26.a ( 07EF7DDB 05203645 00241305 0018D5B8 466944)" />

<ITEM File="C:\windows\system32\iertutil.dll" VirType="5" Descr="Suspicion for a Keylogger or Trojan DLL" />

</SuspFiles>

- <RK_KM>

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateFile" FIndx="37" HookPtr="8056D3CA" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateKey" FIndx="41" HookPtr="80618E86" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateProcess" FIndx="47" HookPtr="805C5F8E" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtDeleteKey" FIndx="63" HookPtr="80619316" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtDeleteValueKey" FIndx="65" HookPtr="806194E6" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtMapViewOfSection" FIndx="108" HookPtr="805A6206" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtOpenKey" FIndx="119" HookPtr="8061A21C" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtProtectVirtualMemory" FIndx="137" HookPtr="805AC78E" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtRenameKey" FIndx="192" HookPtr="806188AC" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtSetValueKey" FIndx="247" HookPtr="80617546" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtTerminateProcess" FIndx="257" HookPtr="805C776C" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtUnmapViewOfSection" FIndx="267" HookPtr="805A701C" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtYieldExecution" FIndx="278" HookPtr="8050189C" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="" FIndx="739" HookPtr="805C0320" HookType="3" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="" FIndx="752" HookPtr="805C0320" HookType="3" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateFile" FIndx="37" HookPtr="8056D3CA" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateKey" FIndx="41" HookPtr="80618E86" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtCreateProcess" FIndx="47" HookPtr="805C5F8E" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtDeleteKey" FIndx="63" HookPtr="80619316" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtDeleteValueKey" FIndx="65" HookPtr="806194E6" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtMapViewOfSection" FIndx="108" HookPtr="805A6206" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtOpenKey" FIndx="119" HookPtr="8061A21C" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtProtectVirtualMemory" FIndx="137" HookPtr="805AC78E" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtRenameKey" FIndx="192" HookPtr="806188AC" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtSetValueKey" FIndx="247" HookPtr="80617546" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtTerminateProcess" FIndx="257" HookPtr="805C776C" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtUnmapViewOfSection" FIndx="267" HookPtr="805A701C" HookType="2" />

<ITEM File="\SystemRoot\system32\drivers\mfehidk.sys" FNaim="NtYieldExecution" FIndx="278" HookPtr="8050189C" HookType="2" />

</RK_KM>

- <KEYLOGGER>

<ITEM File="C:\windows\system32\iertutil.dll" Verdict="" CheckResult="-1" Size="267776" Attr="rsAh" CreateDate="10/17/2006 11:57:20 AM" ChageDate="10/10/2007 6:55:55 PM" MD5="AF67AAB4ECC886EAAB6912A53FA717DB" />

</KEYLOGGER>

</AVZ>

Share this post


Link to post
Share on other sites

And I do believe these are the other two

 

syscheck

 

Results of system analysis

AVZ 4.29 [invalid url removed]

 

List of processes

File name PID Description Copyright MD5 Information

c:\program files\common files\aol\acs\aolacsd.exe

Script: Quarantine, Delete, BC delete, Terminate 1812 AOL Connectivity Service Copyright © 2001-2006 AOL LLC ?? 45.55 kb, RsAh,

created: 10/23/2006 7:50:35 AM,

modified: 10/23/2006 7:50:35 AM

Command line:

"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"

c:\program files\common files\aol\1175982866\ee\aolsoftware.exe

Script: Quarantine, Delete, BC delete, Terminate 3140 AOL Copyright © 2007 AOL LLC ?? 41.05 kb, rsAh,

created: 4/12/2007 4:23:31 PM,

modified: 4/12/2007 4:23:31 PM

Command line:

"C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe" /h servicehost.defaultGrp

c:\windows\explorer.exe

Script: Quarantine, Delete, BC delete, Terminate 944 Windows Explorer © Microsoft Corporation. All rights reserved. ?? 1009.00 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 6/13/2007 5:23:07 AM

Command line:

C:\windows\Explorer.EXE

c:\program files\hp\digital imaging\bin\hpqsrmon.exe

Script: Quarantine, Delete, BC delete, Terminate 2648 HpqSRmon © Hewlett-Packard. All rights reserved. ?? 79.00 kb, rsAh,

created: 8/22/2007 4:31:16 PM,

modified: 8/22/2007 4:31:16 PM

Command line:

"C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"

c:\program files\common files\mcafee\hackerwatch\hwapi.exe

Script: Quarantine, Delete, BC delete, Terminate 1952 McAfee HackerWatch Service © McAfee, Inc. All rights reserved. ?? 528.10 kb, rsAh,

created: 12/7/2007 2:14:26 AM,

modified: 2/13/2007 12:09:12 PM

Command line:

"C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"

c:\progra~1\mcafee.com\agent\mcagent.exe

Script: Quarantine, Delete, BC delete, Terminate 1476 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 553.59 kb, rsAh,

created: 12/7/2007 2:13:56 AM,

modified: 1/5/2007 4:21:16 PM

Command line:

c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

c:\progra~1\mcafee\msc\mcmscsvc.exe

Script: Quarantine, Delete, BC delete, Terminate 2028 MISP User Manager Copyright © 2006 McAfee, Inc. ?? 353.09 kb, rsAh,

created: 12/7/2007 2:13:51 AM,

modified: 1/5/2007 4:22:12 PM

Command line:

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\common~1\mcafee\mna\mcnasvc.exe

Script: Quarantine, Delete, BC delete, Terminate 124 McAfee Network Agent Copyright © 2006 McAfee, Inc. ?? 2161.54 kb, rsAh,

created: 12/7/2007 2:14:06 AM,

modified: 3/9/2007 4:36:10 AM

Command line:

"c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"

c:\progra~1\mcafee\viruss~1\mcods.exe

Script: Quarantine, Delete, BC delete, Terminate 188 McAfee VirusScan - On Demand Scan Copyright © 2006 McAfee, Inc. ?? 353.58 kb, rsAh,

created: 12/7/2007 2:15:09 AM,

modified: 1/16/2007 6:03:36 PM

Command line:

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

c:\progra~1\mcafee\msc\mcpromgr.exe

Script: Quarantine, Delete, BC delete, Terminate 204 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 481.59 kb, rsAh,

created: 12/7/2007 2:13:53 AM,

modified: 1/5/2007 4:21:40 PM

Command line:

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe

Script: Quarantine, Delete, BC delete, Terminate 228 McAfee Proxy Service Module Copyright © 2006 McAfee, Inc. ?? 345.09 kb, rsAh,

created: 12/7/2007 2:15:51 AM,

modified: 4/12/2007 9:33:42 AM

Command line:

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\progra~1\mcafee\viruss~1\mcshield.exe

Script: Quarantine, Delete, BC delete, Terminate 408 On-Access Scanner service Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. ?? 141.56 kb, rsAh,

created: 12/7/2007 2:14:35 AM,

modified: 6/25/2007 10:56:42 AM

Command line:

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

c:\progra~1\mcafee\viruss~1\mcsysmon.exe

Script: Quarantine, Delete, BC delete, Terminate 492 McAfee SystemGuards Service Copyright © 2006 McAfee, Inc. ?? 628.58 kb, rsAh,

created: 12/7/2007 2:14:39 AM,

modified: 1/25/2007 4:01:58 PM

Command line:

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\program files\mcafee\mpf\mpfsrv.exe

Script: Quarantine, Delete, BC delete, Terminate 620 McAfee Personal Firewall Service Copyright © 2005 McAfee, Inc. All Rights Reserved. ?? 821.54 kb, rsAh,

created: 12/7/2007 2:15:27 AM,

modified: 6/19/2007 8:55:24 AM

Command line:

"C:\Program Files\McAfee\MPF\MPFSrv.exe"

c:\progra~1\mcafee\mps\mps.exe

Script: Quarantine, Delete, BC delete, Terminate 2312 McAfee Privacy Service 9.0 Copyright © 2006 McAfee, Inc. ?? 885.54 kb, rsAh,

created: 12/7/2007 2:15:56 AM,

modified: 4/18/2007 2:08:06 PM

Command line:

C:\PROGRA~1\McAfee\MPS\mps.exe

c:\program files\mcafee\mps\mpsevh.exe

Script: Quarantine, Delete, BC delete, Terminate 3500 McAfee Privacy Service 9.0 Event Handler Copyright © 2006 McAfee, Inc. ?? 297.54 kb, rsAh,

created: 12/7/2007 2:16:01 AM,

modified: 4/18/2007 2:08:10 PM

Command line:

"C:\Program Files\McAfee\MPS\mpsevh.exe" -Embedding

c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe

Script: Quarantine, Delete, BC delete, Terminate 312 McAfee Redirector Service Module Copyright © 2006 McAfee, Inc. ?? 250.09 kb, rsAh,

created: 12/7/2007 2:14:23 AM,

modified: 3/8/2007 3:42:42 PM

Command line:

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

c:\program files\aol 9.0b\shellmon.exe

Script: Quarantine, Delete, BC delete, Terminate 3320 waolmon Copyright © AOL, LLC 1999 - 2006 ?? 53.55 kb, rsAh,

created: 4/18/2007 1:49:05 AM,

modified: 4/18/2007 1:49:05 AM

Command line:

"C:\Program Files\AOL 9.0b\shellmon.exe"

c:\program files\spywarefighter\spfprc.exe

Script: Quarantine, Delete, BC delete, Terminate 2936 SpywareFighter SpamFighter APS. All rights reserved. ?? 400.90 kb, rsAh,

created: 6/8/2007 11:52:14 AM,

modified: 6/8/2007 11:52:14 AM

Command line:

"C:\Program Files\SPYWAREfighter\spfprc.exe"

c:\program files\spywarefighter\spftray.exe

Script: Quarantine, Delete, BC delete, Terminate 2632 Spywarefighter Tray ?? 112.90 kb, rsAh,

created: 6/8/2007 11:52:18 AM,

modified: 6/8/2007 11:52:18 AM

Command line:

"C:\Program Files\SPYWAREfighter\spftray.exe"

c:\windows\system32\spoolsv.exe

Script: Quarantine, Delete, BC delete, Terminate 1680 Spooler SubSystem App © Microsoft Corporation. All rights reserved. ?? 56.50 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 6/10/2005 6:53:32 PM

Command line:

C:\windows\system32\spoolsv.exe

c:\program files\aol 9.0b\waol.exe

Script: Quarantine, Delete, BC delete, Terminate 1436 AOL Software Copyright © AOL, LLC 1999 - 2006 ?? 38.55 kb, rsAh,

created: 4/18/2007 1:49:07 AM,

modified: 4/18/2007 1:49:07 AM

Command line:

-Brestart

Detected:47, recognized as trusted 27

Module name Handle Description Copyright MD5 Used by processes

C:\Program Files\AOL 9.0b\acfBase.DLL

Script: Quarantine, Delete, BC delete 1864368128 acf Module Copyright 2001 -- 1436

C:\Program Files\AOL 9.0b\APPDATA.dll

Script: Quarantine, Delete, BC delete 1666973696 AppData Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\comm.dll

Script: Quarantine, Delete, BC delete 1610612736 Comm Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\COOLAPI.dll

Script: Quarantine, Delete, BC delete 1663041536 Cool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\coolcore46.dll

Script: Quarantine, Delete, BC delete 1074790400 COOL Core Component Library Copyright 1998-2007 AOL LLC -- 1436

C:\Program Files\AOL 9.0b\idleproc.dll

Script: Quarantine, Delete, BC delete 1743781888 IDLEPROC DLL Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\manager.dll

Script: Quarantine, Delete, BC delete 1729626112 Display Manager Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\ProxyMgr.dll

Script: Quarantine, Delete, BC delete 1621098496 ProxyMgr DLL Copyright ¬ 1999 - 2003 -- 1436

C:\Program Files\AOL 9.0b\resource.dll

Script: Quarantine, Delete, BC delete 1664090112 RESOURCE Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\shellmon.exe

Script: Quarantine, Delete, BC delete 4194304 waolmon Copyright © AOL, LLC 1999 - 2006 ?? 3320

C:\Program Files\AOL 9.0b\supersub.dll

Script: Quarantine, Delete, BC delete 1616379904 SuperSub Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\SYNCCORE.dll

Script: Quarantine, Delete, BC delete 1645215744 SYNCCORE.DLL Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\actvx.rct

Script: Quarantine, Delete, BC delete 1779433472 ActiveX Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\chat.tol

Script: Quarantine, Delete, BC delete 1787822080 Chat Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\coretool.rct

Script: Quarantine, Delete, BC delete 1342242816 Coretool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\htmlview.tol

Script: Quarantine, Delete, BC delete 1777270784 Managed By Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\imfdecode.rct

Script: Quarantine, Delete, BC delete 1806696448 Imfdecode Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\lvi.tol

Script: Quarantine, Delete, BC delete 1689255936 LVI Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\mip.tol

Script: Quarantine, Delete, BC delete 1732771840 MIP Manager Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\rich.rct

Script: Quarantine, Delete, BC delete 1762131968 Rich Text Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\sec.cct

Script: Quarantine, Delete, BC delete 1753481216 Security Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\talk.tol

Script: Quarantine, Delete, BC delete 1649934336 Talk Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\www.tol

Script: Quarantine, Delete, BC delete 1757806592 WWW Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\waol.dll

Script: Quarantine, Delete, BC delete 5242880 AOL Software Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\waol.exe

Script: Quarantine, Delete, BC delete 4194304 AOL Software Copyright © AOL, LLC 1999 - 2006 ?? 1436

C:\Program Files\AOL 9.0b\xprt5.dll

Script: Quarantine, Delete, BC delete 1073741824 XPRT Runtime Library Copyright 1998-2007 AOL LLC -- 1436

C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe

Script: Quarantine, Delete, BC delete 4194304 AOL Copyright © 2007 AOL LLC ?? 3140

C:\Program Files\Common Files\AOL\1175982866\ee\AOLSvcMgr.dll

Script: Quarantine, Delete, BC delete 1811939328 AOLSvcMgr Copyright © 2007 AOL LLC -- 3140, 1436

c:\program files\common files\aol\1175982866\ee\services\aolsystrayservice\ver3_0_16_1\AOLSysTrayService.dll

Script: Quarantine, Delete, BC delete 1742995456 aolsystrayservice EE Service Copyright © 2006 AOL LLC. All rights reserved. -- 3140

c:\program files\common files\aol\1175982866\ee\services\localStorage\ver7_1_6_1\clsSvc.dll

Script: Quarantine, Delete, BC delete 1732837376 clssvc EE Service Copyright © 2007 AOL LLC -- 3140

c:\program files\common files\aol\1175982866\ee\services\metrics\ver3_6_16_1\cmls.dll

Script: Quarantine, Delete, BC delete 1729495040 Client Metrics Service Copyright © 2006 AOL LLC -- 3140

c:\program files\common files\aol\1175982866\ee\services\notification\ver6_2_6_1\Notify.dll

Script: Quarantine, Delete, BC delete 1733230592 Notification Service Copyright © 2006 America Online, Inc. -- 3140

c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\AOLIdleMon.dll

Script: Quarantine, Delete, BC delete 268435456 AolIdleMon EE Service Copyright © 2006 AOL LLC -- 3140

c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\OS.dll

Script: Quarantine, Delete, BC delete 1733492736 os EE Service Copyright © 2006 AOL LLC -- 3140

c:\program files\common files\aol\1175982866\ee\services\suiteFramework\ver4_1_6_1\suiteFramework.dll

Script: Quarantine, Delete, BC delete 1735917568 SuiteFramework Service Copyright © 2006 AOL LLC. -- 3140

C:\Program Files\Common Files\AOL\1175982866\ee\xprt5.dll

Script: Quarantine, Delete, BC delete 17301504 XPRT Runtime Library Copyright 1998-2007 AOL LLC -- 3140

C:\Program Files\Common Files\AOL\1175982866\ee\xprt6.dll

Script: Quarantine, Delete, BC delete 1073741824 XPRT Runtime Library Copyright 1998-2006 AOL LLC -- 3140, 1436

C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll

Script: Quarantine, Delete, BC delete 42008576 AOL Connectivity Service Common Code Copyright © 2001-2006 AOL LLC -- 1436

C:\Program Files\Common Files\AOL\ACS\ACSMDiag.dll

Script: Quarantine, Delete, BC delete 12517376 AOL Connectivity Service Diagnostics Copyright © 2001-2006 AOL LLC -- 1812

C:\Program Files\Common Files\AOL\ACS\ACSSwu.dll

Script: Quarantine, Delete, BC delete 24313856 AOL Connectivity Service Software Update Copyright © 2001-2006 AOL LLC -- 1812

C:\Program Files\Common Files\AOL\ACS\AOLacsd.dll

Script: Quarantine, Delete, BC delete 268435456 AOL Connectivity Service Copyright © 2001-2006 AOL LLC -- 1812

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

Script: Quarantine, Delete, BC delete 4194304 AOL Connectivity Service Copyright © 2001-2006 AOL LLC ?? 1812

C:\Program Files\Common Files\AOL\ACS\xpat.dll

Script: Quarantine, Delete, BC delete 3407872 AOL Connectivity Service XML Parser Copyright © 2001-2006 AOL LLC -- 1812

C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

Script: Quarantine, Delete, BC delete 1811546112 AOL Diagnostics Copyright © 1998-2006 - SupportSoft Software, Inc. All Rights Reserved. -- 1812, 3140, 1436

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee HackerWatch Service © McAfee, Inc. All rights reserved. ?? 1952

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

Script: Quarantine, Delete, BC delete 4194304 HpqSRmon © Hewlett-Packard. All rights reserved. ?? 2648

C:\Program Files\McAfee\MPF\MPFSrv.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Personal Firewall Service Copyright © 2005 McAfee, Inc. All Rights Reserved. ?? 620

C:\Program Files\McAfee\MPS\mpsevh.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Privacy Service 9.0 Event Handler Copyright © 2006 McAfee, Inc. ?? 3500

C:\Program Files\McAfee\MSC\oem\578\Mccobres.dll

Script: Quarantine, Delete, BC delete 1715470336 McAfee Co-Branded Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500

C:\Program Files\McAfee\VirusScan\mcscan32.dll

Script: Quarantine, Delete, BC delete 301989888 AV Scanning Engine Copyright © 2007 McAfee, Inc. -- 408

C:\Program Files\SPYWAREfighter\engine.dll

Script: Quarantine, Delete, BC delete 268435456 scan engine Copyright © 2005 Anti-Malware Development a.s. -- 2936

C:\Program Files\SPYWAREfighter\spfprc.exe

Script: Quarantine, Delete, BC delete 4194304 SpywareFighter SpamFighter APS. All rights reserved. ?? 2936

C:\Program Files\SPYWAREfighter\spfrm.dll

Script: Quarantine, Delete, BC delete 10158080 SpyWareFighter RS SpamFighter Aps. All rights reserved. -- 2936, 2632

C:\Program Files\SPYWAREfighter\spftray.exe

Script: Quarantine, Delete, BC delete 4194304 Spywarefighter Tray ?? 2632

C:\Program Files\SPYWAREfighter\SPYWAREfighterBO.dll

Script: Quarantine, Delete, BC delete 285212672 -- 2936, 2632

C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll

Script: Quarantine, Delete, BC delete 343932928 Viewpoint Media Player for Internet Explorer Copyright © 2000 Viewpoint Corporation -- 1436

C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305000D.dll

Script: Quarantine, Delete, BC delete 360710144 Viewpoint Media Player Component Manager Copyright © 2000 Viewpoint Corporation -- 1436

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll

Script: Quarantine, Delete, BC delete 549453824 Viewpoint Media Player AOLUserShell Copyright © 2000 Viewpoint Corporation -- 1436

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll

Script: Quarantine, Delete, BC delete 369098752 Viewpoint Media Player Scene Component Copyright © 2000 Viewpoint Corporation -- 1436

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll

Script: Quarantine, Delete, BC delete 385875968 Viewpoint Media Player Rasterizer Component Copyright © 2000 Viewpoint Corporation -- 1436

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll

Script: Quarantine, Delete, BC delete 394264576 Viewpoint Media Player SWFView Component Copyright © 2000 Viewpoint Corporation -- 1436

c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll

Script: Quarantine, Delete, BC delete 1654652928 McAfee Core Proxy Stub Copyright © 2006 McAfee, Inc. -- 1952, 1476, 2028, 124, 204, 408, 492, 620, 2312, 3500, 312

c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll

Script: Quarantine, Delete, BC delete 1655701504 McAfee Event Broker Copyright © 2006 McAfee, Inc. -- 228, 408, 492, 620, 2312, 312

c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll

Script: Quarantine, Delete, BC delete 1667235840 McAfee HackerWatch Proxy Stub © McAfee, Inc. All rights reserved. -- 1952, 492, 620, 312

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Proxy Service Module Copyright © 2006 McAfee, Inc. ?? 228

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Network Agent Copyright © 2006 McAfee, Inc. ?? 124

c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL

Script: Quarantine, Delete, BC delete 1801453568 McAfee Network Agent Proxy/Stub Copyright © 2006 McAfee, Inc. -- 124, 204

c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll

Script: Quarantine, Delete, BC delete 1800404992 McAfee Unified Join Copyright © 2006 McAfee, Inc. -- 124

C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll

Script: Quarantine, Delete, BC delete 1650458624 McAfee Utility DLL Copyright © 2006 McAfee, Inc. -- 124, 204

C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll

Script: Quarantine, Delete, BC delete 1652555776 Sqlite3 Database Module Copyright © 2006 McAfee, Inc. -- 2028

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll

Script: Quarantine, Delete, BC delete 1644167168 McAfee Redirector Service Proxy Stub Copyright © 2006 McAfee, Inc. -- 228, 312

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Redirector Service Module Copyright © 2006 McAfee, Inc. ?? 312

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 1476

c:\PROGRA~1\mcafee.com\agent\mcagntps.dll

Script: Quarantine, Delete, BC delete 1711276032 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. -- 1476

c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll

Script: Quarantine, Delete, BC delete 1665138688 McAfee Personal Firewall Plus Copyright © 2005 McAfee, Inc. All Rights Reserved. -- 620

C:\PROGRA~1\McAfee\MPS\mps.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Privacy Service 9.0 Copyright © 2006 McAfee, Inc. ?? 2312

c:\PROGRA~1\mcafee\mps\mpsmisp.dll

Script: Quarantine, Delete, BC delete 1681915904 McAfee Privacy Service 9.0 Copyright © 2006 McAfee, Inc. -- 3500

c:\PROGRA~1\mcafee\mps\mpsppm.dll

Script: Quarantine, Delete, BC delete 1682964480 MPS Proxy Plugin Module Copyright © 2006 McAfee, Inc. -- 228

c:\PROGRA~1\mcafee\mps\mpsps.dll

Script: Quarantine, Delete, BC delete 1684013056 McAfee Privacy Service 9.0 Proxy Stub Copyright © 2006 McAfee, Inc. -- 2312, 3500

C:\PROGRA~1\McAfee\MSC\McAltLib.dll

Script: Quarantine, Delete, BC delete 1712324608 MISP Alert Library Copyright © 2006 McAfee, Inc. -- 3500

c:\PROGRA~1\mcafee\msc\mccfgpv.dll

Script: Quarantine, Delete, BC delete 1714421760 MISP Default Configuration Provider Copyright © 2006 McAfee, Inc. -- 1476

C:\PROGRA~1\McAfee\MSC\Mccobres.dll

Script: Quarantine, Delete, BC delete 13107200 McAfee Co-Branded Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500

c:\PROGRA~1\mcafee\msc\mcdbmgr.dll

Script: Quarantine, Delete, BC delete 1719664640 McAfee Log Database Manager Copyright © 2006 McAfee, Inc. -- 2028

C:\PROGRA~1\McAfee\MSC\McLocRes.dll

Script: Quarantine, Delete, BC delete 1716518912 McAfee Localized Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500

c:\PROGRA~1\mcafee\msc\mcmismgr.dll

Script: Quarantine, Delete, BC delete 1718616064 McAfee Misc Manager Copyright © 2006 McAfee, Inc. -- 124

c:\PROGRA~1\mcafee\msc\mcmispps.dll

Script: Quarantine, Delete, BC delete 1721761792 McAfee MISP Proxy Stub DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 408, 492, 620, 3500

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

Script: Quarantine, Delete, BC delete 4194304 MISP User Manager Copyright © 2006 McAfee, Inc. ?? 2028

C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll

Script: Quarantine, Delete, BC delete 35454976 McAfee NMC Co-Branded Resource DLL Copyright © 2006 McAfee, Inc. -- 124, 204

C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll

Script: Quarantine, Delete, BC delete 35323904 McAfee NMC Localized Resource DLL Copyright © 2006 McAfee, Inc. -- 124, 204

c:\PROGRA~1\mcafee\msc\mcnmcprv.dll

Script: Quarantine, Delete, BC delete 37879808 McAfee NMC Provider Copyright © 2006 McAfee, Inc. -- 204

C:\PROGRA~1\McAfee\MSC\McNmcRes.dll

Script: Quarantine, Delete, BC delete 34930688 McAfee NMC Resource DLL Copyright © 2006 McAfee, Inc. -- 124, 204

c:\PROGRA~1\mcafee\msc\mcnmcsps.dll

Script: Quarantine, Delete, BC delete 15794176 McAfee NMC Server Proxy Stub Copyright © 2006 McAfee, Inc. -- 124, 204

c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll

Script: Quarantine, Delete, BC delete 268435456 McAfee NMC Server Copyright © 2006 McAfee, Inc. -- 124

C:\PROGRA~1\McAfee\MSC\McProHlp.dll

Script: Quarantine, Delete, BC delete 1725956096 Mc Security Index Copyright © 2006 McAfee, Inc. -- 204

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 204

c:\PROGRA~1\mcafee\msc\mcprotpv.dll

Script: Quarantine, Delete, BC delete 1727004672 MISP Default Protection Provider Copyright © 2006 McAfee, Inc. -- 204

c:\PROGRA~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll

Script: Quarantine, Delete, BC delete 1729101824 MISP Registration Component Copyright © 2006 McAfee, Inc. -- 1476, 124

C:\PROGRA~1\McAfee\MSC\McRes.dll

Script: Quarantine, Delete, BC delete 1730150400 McAfee Non-Localized Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500

c:\PROGRA~1\mcafee\msc\mcshllps.dll

Script: Quarantine, Delete, BC delete 1731198976 McAfee McShell Proxy Stub DLL Copyright © 2006 McAfee, Inc. -- 124, 204

c:\PROGRA~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll

Script: Quarantine, Delete, BC delete 1733296128 McAfee Subscription manager module Copyright © 2006 McAfee, Inc. -- 1476, 124, 204, 492

c:\PROGRA~1\mcafee\msc\mcuicfg.dll

Script: Quarantine, Delete, BC delete 1734344704 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. -- 1476

C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll

Script: Quarantine, Delete, BC delete 336068608 File Filter Library Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll

Script: Quarantine, Delete, BC delete 336461824 Provides self-protection functionality Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee VirusScan - On Demand Scan Copyright © 2006 McAfee, Inc. ?? 188

C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll

Script: Quarantine, Delete, BC delete 1621098496 McAfee Quarantine Library Copyright © 2006 McAfee, Inc. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

Script: Quarantine, Delete, BC delete 4194304 On-Access Scanner service Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. ?? 408

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee SystemGuards Service Copyright © 2006 McAfee, Inc. ?? 492

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll

Script: Quarantine, Delete, BC delete 1624244224 McAfee VirusScan Proxy Stub dll Copyright © 2006 McAfee, Inc. -- 408, 492

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll

Script: Quarantine, Delete, BC delete 1625292800 McAfee VirusScan Quarantine Interface Copyright © 2006 McAfee, Inc. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll

Script: Quarantine, Delete, BC delete 1862205440 Anti Virus File System Filter Driver API Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll

Script: Quarantine, Delete, BC delete 1614610432 Buffer Overflow Protection Service Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll

Script: Quarantine, Delete, BC delete 1713635328 Host Intrusion Detection Link Driver Communication Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408, 492

C:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll

Script: Quarantine, Delete, BC delete 1786970112 System Monitor Filter Driver API Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 492

c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll

Script: Quarantine, Delete, BC delete 1627389952 McAfee Configuration Object Tool Copyright © 2006 McAfee, Inc. -- 408, 492

C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll

Script: Quarantine, Delete, BC delete 1630535680 McAfee VirusScan Log Helper Copyright © 2006 McAfee, Inc. -- 408, 492

C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll

Script: Quarantine, Delete, BC delete 337117184 Common Shell - Scanners' interface to the engine Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll

Script: Quarantine, Delete, BC delete 337772544 Common Shell2 - Scanners' interface to the 5000 series engine Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll

Script: Quarantine, Delete, BC delete 1636827136 McAfee VirusScan Announcer Copyright © 2006 McAfee, Inc. -- 408

c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll

Script: Quarantine, Delete, BC delete 1637875712 McAfee VirusScan Announcer Proxy Stub dll Copyright © 2006 McAfee, Inc. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll

Script: Quarantine, Delete, BC delete 336592896 Resources for McShield Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

Script: Quarantine, Delete, BC delete 340328448 VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 944, 1436

C:\PROGRA~1\McAfee\VIRUSS~1\scriptsv.dll

Script: Quarantine, Delete, BC delete 340328448 VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

C:\windows\system32\Dunzip32.dll

Script: Quarantine, Delete, BC delete 805306368 DynaZIP-32 Multi-Threading UnZIP DLL Copyright © 1995 - 2004 by Inner Media, Inc. All Rights Reserved. -- 2312

C:\windows\system32\hpz3l4pi.dll

Script: Quarantine, Delete, BC delete 9961472 LanguageMonitor Copyright © 1999 -- 1680

C:\windows\system32\jgdw400.dll

Script: Quarantine, Delete, BC delete 60620800 JG ART DLL Copyright © 1997 America Online, Inc. -- 1436

C:\windows\system32\jgpl400.dll

Script: Quarantine, Delete, BC delete 60555264 JG ART Player DLL ©1996 AOL/Johnson-Grace Company -- 1436

C:\windows\System32\spool\PRTPROCS\W32X86\hpzpp4pi.dll

Script: Quarantine, Delete, BC delete 13959168 Copyright © Hewlett-Packard Corp. 1997-2002 -- 1680

C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCP80.dll

Script: Quarantine, Delete, BC delete 2084700160 Microsoft® C++ Runtime Library © Microsoft Corporation. All rights reserved. -- 2648

C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCR80.dll

Script: Quarantine, Delete, BC delete 2014511104 Microsoft® C Runtime Library © Microsoft Corporation. All rights reserved. -- 2648

Modules detected:435, recognized as trusted 306

 

Kernel space modules

Module Base address Size in memory Description Manufacturer

C:\windows\System32\Drivers\dump_atapi.sys

Script: Quarantine, Delete, BC delete F45AB000 018000 (98304)

C:\windows\System32\Drivers\dump_WMILIB.SYS

Script: Quarantine, Delete, BC delete F7B2C000 002000 (8192)

C:\windows\system32\drivers\mfebopk.sys

Script: Quarantine, Delete, BC delete F78EC000 007000 (28672) Buffer Overflow Protection Driver Copyright© 1995-2007 McAfee, Inc. All Rights Reserved.

C:\windows\system32\drivers\mfehidk.sys

Script: Quarantine, Delete, BC delete B9D0C000 029000 (167936) Host Intrusion Detection Link Driver Copyright© 1995-2007 McAfee, Inc. All Rights Reserved.

C:\windows\system32\drivers\mfesmfk.sys

Script: Quarantine, Delete, BC delete F78DC000 008000 (32768) System Monitor Filter Driver Copyright© 1995-2007 McAfee, Inc. All Rights Reserved.

C:\windows\System32\Drivers\Mpfp.sys

Script: Quarantine, Delete, BC delete F47DB000 023000 (143360) McAfee Personal Firewall Plus Driver Copyright © 2005 McAfee, Inc. All rights reserved.

C:\Program Files\SPYWAREfighter\spyfighter.sys

Script: Quarantine, Delete, BC delete F78C4000 005000 (20480)

Modules detected - 132, recognized as trusted - 125

 

Services

Service Description Status File Group Dependencies

AOL ACS

Service: Stop, Delete, Disable AOL Connectivity Service Running C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

Script: Quarantine, Delete, BC delete

McAfee HackerWatch Service

Service: Stop, Delete, Disable McAfee HackerWatch Service Running C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

Script: Quarantine, Delete, BC delete RPCSS

mcmscsvc

Service: Stop, Delete, Disable McAfee Services Running C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

Script: Quarantine, Delete, BC delete

McNASvc

Service: Stop, Delete, Disable McAfee Network Agent Running c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

Script: Quarantine, Delete, BC delete RPCSS

McODS

Service: Stop, Delete, Disable McAfee Scanner Running C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

Script: Quarantine, Delete, BC delete

mcpromgr

Service: Stop, Delete, Disable McAfee Protection Manager Running C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

Script: Quarantine, Delete, BC delete

McProxy

Service: Stop, Delete, Disable McAfee Proxy Service Running c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

Script: Quarantine, Delete, BC delete

McRedirector

Service: Stop, Delete, Disable McAfee Redirector Service Running c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

Script: Quarantine, Delete, BC delete

McShield

Service: Stop, Delete, Disable McAfee Real-time Scanner Running C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

Script: Quarantine, Delete, BC delete

McSysmon

Service: Stop, Delete, Disable McAfee SystemGuards Running C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

Script: Quarantine, Delete, BC delete

MpfService

Service: Stop, Delete, Disable McAfee Personal Firewall Service Running C:\Program Files\McAfee\MPF\MPFSrv.exe

Script: Quarantine, Delete, BC delete

MPS9

Service: Stop, Delete, Disable McAfee Privacy Service Running C:\PROGRA~1\McAfee\MPS\mps.exe

Script: Quarantine, Delete, BC delete McProxy

SPYWAREfighterRP

Service: Stop, Delete, Disable SPYWAREfighterRP Running C:\Program Files\SPYWAREfighter\spfprc.exe

Script: Quarantine, Delete, BC delete RPCSS

Adobe LM Service

Service: Stop, Delete, Disable Adobe LM Service Not started C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

Script: Quarantine, Delete, BC delete

ATI Smart

Service: Stop, Delete, Disable ATI Smart Not started C:\WINDOWS\system32\ati2sgag.exe

Script: Quarantine, Delete, BC delete

Emproxy

Service: Stop, Delete, Disable McAfee E-mail Proxy Not started C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

Script: Quarantine, Delete, BC delete

iPod Service

Service: Stop, Delete, Disable iPod Service Not started iPod Service.sys

Script: Quarantine, Delete, BC delete RpcSs

mcmispupdmgr

Service: Stop, Delete, Disable McAfee Update Manager Not started C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

Script: Quarantine, Delete, BC delete

Detected - 102, recognized as trusted - 84

 

Drivers

Service Description Status File Group Dependencies

mfebopk

Driver: Unload, Delete, Disable McAfee Inc. Running C:\windows\system32\drivers\mfebopk.sys

Script: Quarantine, Delete, BC delete

mfehidk

Driver: Unload, Delete, Disable McAfee Inc. Running C:\windows\system32\drivers\mfehidk.sys

Script: Quarantine, Delete, BC delete

mfesmfk

Driver: Unload, Delete, Disable McAfee Inc. Running C:\windows\system32\drivers\mfesmfk.sys

Script: Quarantine, Delete, BC delete

MPFP

Driver: Unload, Delete, Disable MPFP Running C:\windows\system32\Drivers\Mpfp.sys

Script: Quarantine, Delete, BC delete PNP_TDI TcpIp

SpyFighter

Driver: Unload, Delete, Disable SpyFighter Guard Device Running C:\Program Files\SPYWAREfighter\spyfighter.sys

Script: Quarantine, Delete, BC delete

Abiosdsk

Driver: Unload, Delete, Disable Abiosdsk Not started Abiosdsk.sys

Script: Quarantine, Delete, BC delete Primary disk

abp480n5

Driver: Unload, Delete, Disable abp480n5 Not started abp480n5.sys

Script: Quarantine, Delete, BC delete SCSI miniport

adpu160m

Driver: Unload, Delete, Disable adpu160m Not started adpu160m.sys

Script: Quarantine, Delete, BC delete SCSI miniport

Aha154x

Driver: Unload, Delete, Disable Aha154x Not started Aha154x.sys

Script: Quarantine, Delete, BC delete SCSI miniport

aic78u2

Driver: Unload, Delete, Disable aic78u2 Not started aic78u2.sys

Script: Quarantine, Delete, BC delete SCSI miniport

aic78xx

Driver: Unload, Delete, Disable aic78xx Not started aic78xx.sys

Script: Quarantine, Delete, BC delete SCSI miniport

AliIde

Driver: Unload, Delete, Disable AliIde Not started AliIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

amsint

Driver: Unload, Delete, Disable amsint Not started amsint.sys

Script: Quarantine, Delete, BC delete SCSI miniport

asc

Driver: Unload, Delete, Disable asc Not started asc.sys

Script: Quarantine, Delete, BC delete SCSI miniport

asc3350p

Driver: Unload, Delete, Disable asc3350p Not started asc3350p.sys

Script: Quarantine, Delete, BC delete SCSI miniport

asc3550

Driver: Unload, Delete, Disable asc3550 Not started asc3550.sys

Script: Quarantine, Delete, BC delete SCSI miniport

Atdisk

Driver: Unload, Delete, Disable Atdisk Not started Atdisk.sys

Script: Quarantine, Delete, BC delete Primary disk

catchme

Driver: Unload, Delete, Disable catchme Not started C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys

Script: Quarantine, Delete, BC delete Base

cd20xrnt

Driver: Unload, Delete, Disable cd20xrnt Not started cd20xrnt.sys

Script: Quarantine, Delete, BC delete SCSI miniport

Changer

Driver: Unload, Delete, Disable Changer Not started Changer.sys

Script: Quarantine, Delete, BC delete Filter

CmdIde

Driver: Unload, Delete, Disable CmdIde Not started CmdIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

Cpqarray

Driver: Unload, Delete, Disable Cpqarray Not started Cpqarray.sys

Script: Quarantine, Delete, BC delete SCSI miniport

dac960nt

Driver: Unload, Delete, Disable dac960nt Not started dac960nt.sys

Script: Quarantine, Delete, BC delete SCSI miniport

dpti2o

Driver: Unload, Delete, Disable dpti2o Not started dpti2o.sys

Script: Quarantine, Delete, BC delete SCSI miniport

FXDRV

Driver: Unload, Delete, Disable FXDRV Not started D:\Fxdrv.sys

Script: Quarantine, Delete, BC delete

hpn

Driver: Unload, Delete, Disable hpn Not started hpn.sys

Script: Quarantine, Delete, BC delete SCSI miniport

i2omgmt

Driver: Unload, Delete, Disable i2omgmt Not started i2omgmt.sys

Script: Quarantine, Delete, BC delete SCSI Class

i2omp

Driver: Unload, Delete, Disable i2omp Not started i2omp.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ini910u

Driver: Unload, Delete, Disable ini910u Not started ini910u.sys

Script: Quarantine, Delete, BC delete SCSI miniport

IntelIde

Driver: Unload, Delete, Disable IntelIde Not started IntelIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

lbrtfdc

Driver: Unload, Delete, Disable lbrtfdc Not started lbrtfdc.sys

Script: Quarantine, Delete, BC delete System Bus Extender

mferkdk

Driver: Unload, Delete, Disable McAfee Inc. Not started C:\windows\system32\drivers\mferkdk.sys

Script: Quarantine, Delete, BC delete

mraid35x

Driver: Unload, Delete, Disable mraid35x Not started mraid35x.sys

Script: Quarantine, Delete, BC delete SCSI miniport

PCIDump

Driver: Unload, Delete, Disable PCIDump Not started PCIDump.sys

Script: Quarantine, Delete, BC delete PCI Configuration

PDCOMP

Driver: Unload, Delete, Disable PDCOMP Not started PDCOMP.sys

Script: Quarantine, Delete, BC delete

PDFRAME

Driver: Unload, Delete, Disable PDFRAME Not started PDFRAME.sys

Script: Quarantine, Delete, BC delete

PDRELI

Driver: Unload, Delete, Disable PDRELI Not started PDRELI.sys

Script: Quarantine, Delete, BC delete

PDRFRAME

Driver: Unload, Delete, Disable PDRFRAME Not started PDRFRAME.sys

Script: Quarantine, Delete, BC delete

perc2

Driver: Unload, Delete, Disable perc2 Not started perc2.sys

Script: Quarantine, Delete, BC delete SCSI miniport

perc2hib

Driver: Unload, Delete, Disable perc2hib Not started perc2hib.sys

Script: Quarantine, Delete, BC delete Filter

ql1080

Driver: Unload, Delete, Disable ql1080 Not started ql1080.sys

Script: Quarantine, Delete, BC delete SCSI miniport

Ql10wnt

Driver: Unload, Delete, Disable Ql10wnt Not started Ql10wnt.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ql12160

Driver: Unload, Delete, Disable ql12160 Not started ql12160.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ql1240

Driver: Unload, Delete, Disable ql1240 Not started ql1240.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ql1280

Driver: Unload, Delete, Disable ql1280 Not started ql1280.sys

Script: Quarantine, Delete, BC delete SCSI miniport

Simbad

Driver: Unload, Delete, Disable Simbad Not started Simbad.sys

Script: Quarantine, Delete, BC delete Filter

Sparrow

Driver: Unload, Delete, Disable Sparrow Not started Sparrow.sys

Script: Quarantine, Delete, BC delete SCSI miniport

sym_hi

Driver: Unload, Delete, Disable sym_hi Not started sym_hi.sys

Script: Quarantine, Delete, BC delete SCSI miniport

sym_u3

Driver: Unload, Delete, Disable sym_u3 Not started sym_u3.sys

Script: Quarantine, Delete, BC delete SCSI miniport

symc810

Driver: Unload, Delete, Disable symc810 Not started symc810.sys

Script: Quarantine, Delete, BC delete SCSI miniport

symc8xx

Driver: Unload, Delete, Disable symc8xx Not started symc8xx.sys

Script: Quarantine, Delete, BC delete SCSI miniport

TosIde

Driver: Unload, Delete, Disable TosIde Not started TosIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

ultra

Driver: Unload, Delete, Disable ultra Not started ultra.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ViaIde

Driver: Unload, Delete, Disable ViaIde Not started ViaIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

WDICA

Driver: Unload, Delete, Disable WDICA Not started WDICA.sys

Script: Quarantine, Delete, BC delete

Detected - 190, recognized as trusted - 135

 

Autoruns

File name Status Startup method Description

C:\Program Files\AOL 9.0b\AOL.EXE

Script: Quarantine, Delete, BC delete Active Registry key HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, AOL Fast Start

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, hpqSRMon

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, NVMixerTray

C:\Program Files\SPYWAREfighter\spftray.exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, spywarefighterguard

appmgmts.dll

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}, DLLName

autocheck autochk *lsdelete

Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager, BootExecute

Autoruns items detected - 61, recognized as trusted - 55

 

Internet Explorer extension modules (BHOs, Toolbars ...)

File name Type Description Manufacturer CLSID

BHO {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

Delete

C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

Script: Quarantine, Delete, BC delete BHO IntelligentAdvisor © {6548BF73-58FF-71D5-F97D-17C71E323709}

Delete

c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

Script: Quarantine, Delete, BC delete BHO VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. {7DB2D5A0-7241-4E79-B68D-6309F01C5231}

Delete

c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

Script: Quarantine, Delete, BC delete Extension module VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. CmdMapping

Delete

C:\Program Files\Messenger\MSMSGS.EXE

Script: Quarantine, Delete, BC delete Extension module Messenger Copyright © Microsoft Corporation 1997-2003 {FB5F1910-F110-11d2-BB9E-00C04F795683}

Delete

Elements detected - 9, recognized as trusted - 4

 

Windows Explorer extension modules

File name Destination Description Manufacturer CLSID

Display Panning CPL Extension {42071714-76d4-11d1-8b24-00a0c9068ff3}

Shell extensions for file compression {764BF0E1-F219-11ce-972D-00AA00A14F56}

Encryption Context Menu {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}

Taskbar and Start Menu {0DF44EAA-FF21-4412-828E-260A8728E7F1}

rundll32.exe C:\windows\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}

Script: Quarantine, Delete, BC delete Autoplay for SlideShow {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}

User Accounts {7A9D77BD-5403-11d2-8785-2E0420524153}

C:\WINDOWS\system32\mscoree.dll

Script: Quarantine, Delete, BC delete Fusion Cache Microsoft .NET Runtime Execution Engine © Microsoft Corporation. All rights reserved. {1D2680C9-0E2A-469d-B787-065558BC7D43}

Elements detected - 204, recognized as trusted - 197

 

Print system extensions (print monitors, providers)

File name Type Name Description Manufacturer

C:\windows\system32\hpz3l4pi.dll

Script: Quarantine, Delete, BC delete Monitor PCL hpz3l4pi LanguageMonitor Copyright © 1999

Elements detected - 9, recognized as trusted - 8

 

Task Scheduler jobs

File name Job name Job status Description Manufacturer

c:\PROGRA~1\mcafee\mqc\QcConsol.exe

Script: Quarantine, Delete, BC delete McDefragTask.job The task is ready to run at its next scheduled time. QuickClean Console Application Copyright © 2006 McAfee, Inc.

c:\PROGRA~1\mcafee\mqc\QcConsol.exe

Script: Quarantine, Delete, BC delete McQcTask.job The task has not yet run. QuickClean Console Application Copyright © 2006 McAfee, Inc.

C:\Program Files\RegCure\RegCure.exe

Script: Quarantine, Delete, BC delete RegCure Program Check.job The task is ready to run at its next scheduled time. RegCure Application Copyright © 2006

C:\Program Files\RegCure\RegCure.exe

Script: Quarantine, Delete, BC delete RegCure.job The task is ready to run at its next scheduled time. RegCure Application Copyright © 2006

C:\Program Files\SpywareBot\SpywareBot.exe

Script: Quarantine, Delete, BC delete SpywareBot Scheduled Scan.job The task has not yet run.

Elements detected - 5, recognized as trusted - 0

 

SPI/LSP settings

Namespace providers (NSP) Manufacturer Status Exe file Description GUID

Detected - 3, recognized as trusted - 3

Transport protocol providers (TSP, LSP) Manufacturer Exe file Description

Detected - 21, recognized as trusted - 21

Automatic SPI settings check results LSP settings checked. No errors detected

 

 

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes

TCP ports

135 LISTENING 0.0.0.0 22715 [1076] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

139 LISTENING 0.0.0.0 26854 [4] System

Script: Quarantine, Delete, BC delete, Terminate

445 LISTENING 0.0.0.0 38948 [4] System

Script: Quarantine, Delete, BC delete, Terminate

1033 LISTENING 0.0.0.0 2112 [2932] c:\windows\system32\alg.exe

Script: Quarantine, Delete, BC delete, Terminate

6646 LISTENING 0.0.0.0 14552 [124] c:\progra~1\common~1\mcafee\mna\mcnasvc.exe

Script: Quarantine, Delete, BC delete, Terminate

UDP ports

123 LISTENING -- -- [1112] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

123 LISTENING -- -- [1112] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

137 LISTENING -- -- [4] System

Script: Quarantine, Delete, BC delete, Terminate

138 LISTENING -- -- [4] System

Script: Quarantine, Delete, BC delete, Terminate

445 LISTENING -- -- [4] System

Script: Quarantine, Delete, BC delete, Terminate

500 LISTENING -- -- [848] c:\windows\system32\lsass.exe

Script: Quarantine, Delete, BC delete, Terminate

1026 LISTENING -- -- [1160] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

1056 LISTENING -- -- [1812] c:\program files\common files\aol\acs\aolacsd.exe

Script: Quarantine, Delete, BC delete, Terminate

1900 LISTENING -- -- [1304] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

1900 LISTENING -- -- [1304] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

4500 LISTENING -- -- [848] c:\windows\system32\lsass.exe

Script: Quarantine, Delete, BC delete, Terminate

6646 LISTENING -- -- [124] c:\progra~1\common~1\mcafee\mna\mcnasvc.exe

Script: Quarantine, Delete, BC delete, Terminate

 

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL

C:\WINDOWS\Downloaded Program Files\fscax.dll

Script: Quarantine, Delete, BC delete fscax module © 2005-2006 F-Secure Corporation. All rights reserved. {0B79F48A-E8D6-11DB-9283-E25056D89593}

Delete http://support.f-secure.com/ols/fscax.cab

Elements detected - 5, recognized as trusted - 4

 

Control Panel Applets (CPL)

File name Description Manufacturer

Elements detected - 25, recognized as trusted - 25

 

Active Setup

File name Description Manufacturer CLSID

Elements detected - 15, recognized as trusted - 15

 

HOSTS file

Hosts file record

127.0.0.1 localhost

 

 

 

Protocols and handlers

File name Type Description Manufacturer CLSID

mscoree.dll

Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

mscoree.dll

Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

mscoree.dll

Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

Elements detected - 28, recognized as trusted - 25

 

Suspicious objects

File Description Type

C:\windows\system32\drivers\mfehidk.sys

Script: Quarantine, Delete, BC delete Suspicion for Rootkit Kernel-mode hook

C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe

Script: Quarantine, Delete, BC delete Suspicion by File scanner Suspicion for Backdoor.Win32.JustJoke.26.a ( 07EF7DDB 05203645 00241305 0018D5B8 466944)

 

 

--------------------------------------------------------------------------------

 

AVZ Antiviral Toolkit log; AVZ version is 4.29

Scanning started at 12/24/2007 9:33:11 PM

Database loaded: signatures - 140626, NN profile(s) - 2, microprograms of healing - 55, signature database released 23.12.2007 19:45

Heuristic microprograms loaded: 371

SPV microprograms loaded: 9

Digital signatures of system files loaded: 68055

Heuristic analyzer mode: Maximum heuristics level

Healing mode: disabled

Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights

System Recovery: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=07B380)

Kernel ntkrnlpa.exe found in memory at address 804D7000

SDT = 80552380

KiST = 805011FC (284)

Function NtCreateFile (25) - machine code modification Method of JmpTo. jmp B9D1F7CF\SystemRoot\system32\drivers\mfehidk.sys

Function NtCreateKey (29) - machine code modification Method of JmpTo. jmp B9D1F74F\SystemRoot\system32\drivers\mfehidk.sys

Function NtCreateProcess (2F) - machine code modification Method of JmpTo. jmp B9D1F7F9\SystemRoot\system32\drivers\mfehidk.sys

Function NtDeleteKey (3F) - machine code modification Method of JmpTo. jmp B9D1F763\SystemRoot\system32\drivers\mfehidk.sys

Function NtDeleteValueKey (41) - machine code modification Method of JmpTo. jmp B9D1F78F\SystemRoot\system32\drivers\mfehidk.sys

Function NtMapViewOfSection (6C) - machine code modification Method of JmpTo. jmp B9D1F823\SystemRoot\system32\drivers\mfehidk.sys

Function NtOpenKey (77) - machine code modification Method of JmpTo. jmp B9D1F73B\SystemRoot\system32\drivers\mfehidk.sys

Function NtProtectVirtualMemory (89) - machine code modification Method of JmpTo. jmp B9D1F7E3\SystemRoot\system32\drivers\mfehidk.sys

Function NtRenameKey (C0) - machine code modification Method of JmpTo. jmp B9D1F779\SystemRoot\system32\drivers\mfehidk.sys

Function NtSetValueKey (F7) - machine code modification Method of JmpTo. jmp B9D1F7A5\SystemRoot\system32\drivers\mfehidk.sys

Function NtTerminateProcess (101) - machine code modification Method of JmpTo. jmp B9D1F7BB\SystemRoot\system32\drivers\mfehidk.sys

Function NtUnmapViewOfSection (10B) - machine code modification Method of JmpTo. jmp B9D1F839\SystemRoot\system32\drivers\mfehidk.sys

Function NtYieldExecution (116) - machine code modification Method of JmpTo. jmp B9D1F80D\SystemRoot\system32\drivers\mfehidk.sys

Function NtCreateFile (8056D3CA) - machine code modification Method of JmpTo. jmp B9D1F7CF \SystemRoot\system32\drivers\mfehidk.sys

Function NtMapViewOfSection (805A6206) - machine code modification Method of JmpTo. jmp B9D1F823 \SystemRoot\system32\drivers\mfehidk.sys

Functions checked: 284, intercepted: 0, restored: 0

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: the extended monitoring driver (AVZPM) is not installed

2. Scanning memory

Number of processes found: 46

Analyzer - the process under analysis is 1812 C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer - the process under analysis is 1952 C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer - the process under analysis is 2028 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 188 C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 204 C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 228 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 312 c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

[ES]:Application has no visible windows

Analyzer - the process under analysis is 408 C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 492 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 620 C:\Program Files\McAfee\MPF\MPFSrv.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 1476 c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 2312 C:\PROGRA~1\McAfee\MPS\mps.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 2632 C:\Program Files\SPYWAREfighter\spftray.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer - the process under analysis is 2648 C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer - the process under analysis is 3500 C:\Program Files\McAfee\MPS\mpsevh.exe

[ES]:Application has no visible windows

Analyzer - the process under analysis is 2936 C:\Program Files\SPYWAREfighter\spfprc.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 3140 C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer - the process under analysis is 1436 C:\Program Files\AOL 9.0b\waol.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Process c:\program files\aol 9.0b\waol.exe Contains network functionality (comm.dll)

Analyzer - the process under analysis is 3320 C:\Program Files\AOL 9.0b\shellmon.exe

[ES]:Application has no visible windows

Number of modules loaded: 414

Memory checking - complete

3. Scanning disks

Direct reading C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp

C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe >>> suspicion for Backdoor.Win32.JustJoke.26.a ( 07EF7DDB 05203645 00241305 0018D5B8 466944)

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

Checking complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed TermService (Terminal Services)

>> Services: potentially dangerous service allowed SSDPSRV (SSDP Discovery Service)

>> Services: potentially dangerous service allowed Schedule (Task Scheduler)

>> Services: potentially dangerous service allowed mnmsrvc (NetMeeting Remote Desktop Sharing)

>> Services: potentially dangerous service allowed RDSessMgr (Remote Desktop Help Session Manager)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking complete

9. Troubleshooting wizard

Checking complete

Files scanned: 70180, extracted from archives: 45500, malicious programs found 0, suspicions - 1

Scanning finished at 12/24/2007 10:06:39 PM

Time of scanning: 00:33:30

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

System Analysis in progress

 

Script commands begin

RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'SYSTEM\CurrentControlSet\Control\Terminal Server','fAllowToGetHelp', 0);

RegKeyIntParamWrite('HKEY_LOCAL_MACHINE', 'System\CurrentControlSet\Services\CDROM','AutoRun', 0);

end.

Add commands to script:Blocking hooks using Anti-RootkitEnable AVZGuardBootCleaner - import list of deleted filesRegistry cleanup after deleting filesBootCleaner - activateRebootInsert template for QuarantineFile() - quarantining fileInsert template for BC_QrFile() - quarantining file via

BootCleanerInsert template for DeleteFile() - deleting fileInsert template for DelCLSID() - deleting CLSID item from the registryAdditional operations:Performance tweaking: disable service TermService (Terminal Services)Performance tweaking: disable service SSDPSRV (SSDP Discovery Service)Performance tweaking: disable service Schedule (Task Scheduler)Performance tweaking: disable service mnmsrvc (NetMeeting Remote Desktop Sharing)Performance tweaking: disable service RDSessMgr (Remote Desktop Help Session Manager)Security tweaking: disable disk drives' autorunSecurity tweaking: disable administrative sharesSecurity tweaking: disable anonymous user accessSecurity: disable sending Remote Assistant queries--------------------------------------------------------------------------------

File list

 

 

syscure

 

Results of system analysis

AVZ 4.29 http://z-oleg.com/secur/avz/

 

List of processes

File name PID Description Copyright MD5 Information

c:\program files\lavasoft\ad-aware 2007\aawservice.exe

Script: Quarantine, Delete, BC delete, Terminate 1560 Ad-Aware 2007 Service Copyright © 2007 ?? 573.34 kb, rsAh,

created: 10/29/2007 1:27:04 PM,

modified: 10/29/2007 1:27:04 PM

Command line:

"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"

c:\windows\system32\alg.exe

Script: Quarantine, Delete, BC delete, Terminate 2932 Application Layer Gateway Service © Microsoft Corporation. All rights reserved. ?? 43.50 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 8/4/2004 7:00:00 AM

Command line:

C:\windows\System32\alg.exe

c:\program files\common files\aol\acs\aolacsd.exe

Script: Quarantine, Delete, BC delete, Terminate 1812 AOL Connectivity Service Copyright © 2001-2006 AOL LLC ?? 45.55 kb, RsAh,

created: 10/23/2006 7:50:35 AM,

modified: 10/23/2006 7:50:35 AM

Command line:

"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"

c:\program files\common files\aol\1175982866\ee\aolsoftware.exe

Script: Quarantine, Delete, BC delete, Terminate 3140 AOL Copyright © 2007 AOL LLC ?? 41.05 kb, rsAh,

created: 4/12/2007 4:23:31 PM,

modified: 4/12/2007 4:23:31 PM

Command line:

"C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe" /h servicehost.defaultGrp

c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe

Script: Quarantine, Delete, BC delete, Terminate 2616 Adobe Photoshop Album Starter Edition 3.0 component © 2005 Adobe Systems Incorporated ?? 56.00 kb, rsAh,

created: 6/6/2005 11:46:24 PM,

modified: 6/6/2005 11:46:24 PM

Command line:

"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

c:\documents and settings\user\desktop\avz4\avz.exe

Script: Quarantine, Delete, BC delete, Terminate 2628 ???????????? ??????? AVZ ???????????? ??????? AVZ ?? 715.50 kb, rsAh,

created: 12/13/2007 3:28:04 PM,

modified: 12/13/2007 3:28:04 PM

Command line:

"C:\Documents and Settings\user\Desktop\avz4\avz.exe"

c:\windows\system32\csrss.exe

Script: Quarantine, Delete, BC delete, Terminate 768 Client Server Runtime Process © Microsoft Corporation. All rights reserved. ?? 6.00 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 8/4/2004 7:00:00 AM

Command line:

C:\windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

c:\windows\system32\ctfmon.exe

Script: Quarantine, Delete, BC delete, Terminate 2664 CTF Loader © Microsoft Corporation. All rights reserved. ?? 15.00 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 8/4/2004 7:00:00 AM

Command line:

"C:\windows\system32\ctfmon.exe"

c:\windows\explorer.exe

Script: Quarantine, Delete, BC delete, Terminate 944 Windows Explorer © Microsoft Corporation. All rights reserved. ?? 1009.00 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 6/13/2007 5:23:07 AM

Command line:

C:\windows\Explorer.EXE

c:\program files\hp\digital imaging\bin\hpqsrmon.exe

Script: Quarantine, Delete, BC delete, Terminate 2648 HpqSRmon © Hewlett-Packard. All rights reserved. ?? 79.00 kb, rsAh,

created: 8/22/2007 4:31:16 PM,

modified: 8/22/2007 4:31:16 PM

Command line:

"C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"

c:\program files\hp\hp software update\hpwuschd2.exe

Script: Quarantine, Delete, BC delete, Terminate 2640 Hewlett-Packard Product Assistant Copyright © Hewlett-Packard Development Company, L.P. 1995-2005 ?? 48.00 kb, rsAh,

created: 2/19/2006 1:41:10 AM,

modified: 2/19/2006 1:41:10 AM

Command line:

"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

c:\windows\system32\hpzipm12.exe

Script: Quarantine, Delete, BC delete, Terminate 2848 PML Driver Copyright © 1998, 1999 Hewlett-Packard Company ?? 68.00 kb, rsah,

created: 4/7/2007 6:54:07 PM,

modified: 3/3/2006 8:03:10 PM

Command line:

C:\WINDOWS\system32\HPZipm12.exe

c:\program files\common files\mcafee\hackerwatch\hwapi.exe

Script: Quarantine, Delete, BC delete, Terminate 1952 McAfee HackerWatch Service © McAfee, Inc. All rights reserved. ?? 528.10 kb, rsAh,

created: 12/7/2007 2:14:26 AM,

modified: 2/13/2007 12:09:12 PM

Command line:

"C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"

c:\program files\java\jre1.6.0_03\bin\jusched.exe

Script: Quarantine, Delete, BC delete, Terminate 2656 Java Platform SE binary Copyright © 2004 ?? 129.39 kb, rsAh,

created: 12/22/2007 10:23:15 AM,

modified: 9/25/2007 1:11:35 AM

Command line:

"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

c:\windows\system32\lsass.exe

Script: Quarantine, Delete, BC delete, Terminate 848 LSA Shell (Export Version) © Microsoft Corporation. All rights reserved. ?? 13.00 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 8/4/2004 7:00:00 AM

Command line:

C:\windows\system32\lsass.exe

c:\progra~1\mcafee.com\agent\mcagent.exe

Script: Quarantine, Delete, BC delete, Terminate 1476 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 553.59 kb, rsAh,

created: 12/7/2007 2:13:56 AM,

modified: 1/5/2007 4:21:16 PM

Command line:

c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding

c:\progra~1\mcafee\msc\mcmscsvc.exe

Script: Quarantine, Delete, BC delete, Terminate 2028 MISP User Manager Copyright © 2006 McAfee, Inc. ?? 353.09 kb, rsAh,

created: 12/7/2007 2:13:51 AM,

modified: 1/5/2007 4:22:12 PM

Command line:

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\common~1\mcafee\mna\mcnasvc.exe

Script: Quarantine, Delete, BC delete, Terminate 124 McAfee Network Agent Copyright © 2006 McAfee, Inc. ?? 2161.54 kb, rsAh,

created: 12/7/2007 2:14:06 AM,

modified: 3/9/2007 4:36:10 AM

Command line:

"c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe"

c:\progra~1\mcafee\viruss~1\mcods.exe

Script: Quarantine, Delete, BC delete, Terminate 188 McAfee VirusScan - On Demand Scan Copyright © 2006 McAfee, Inc. ?? 353.58 kb, rsAh,

created: 12/7/2007 2:15:09 AM,

modified: 1/16/2007 6:03:36 PM

Command line:

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

c:\progra~1\mcafee\msc\mcpromgr.exe

Script: Quarantine, Delete, BC delete, Terminate 204 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 481.59 kb, rsAh,

created: 12/7/2007 2:13:53 AM,

modified: 1/5/2007 4:21:40 PM

Command line:

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe

Script: Quarantine, Delete, BC delete, Terminate 228 McAfee Proxy Service Module Copyright © 2006 McAfee, Inc. ?? 345.09 kb, rsAh,

created: 12/7/2007 2:15:51 AM,

modified: 4/12/2007 9:33:42 AM

Command line:

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\progra~1\mcafee\viruss~1\mcshield.exe

Script: Quarantine, Delete, BC delete, Terminate 408 On-Access Scanner service Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. ?? 141.56 kb, rsAh,

created: 12/7/2007 2:14:35 AM,

modified: 6/25/2007 10:56:42 AM

Command line:

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

c:\progra~1\mcafee\viruss~1\mcsysmon.exe

Script: Quarantine, Delete, BC delete, Terminate 492 McAfee SystemGuards Service Copyright © 2006 McAfee, Inc. ?? 628.58 kb, rsAh,

created: 12/7/2007 2:14:39 AM,

modified: 1/25/2007 4:01:58 PM

Command line:

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\program files\mcafee\mpf\mpfsrv.exe

Script: Quarantine, Delete, BC delete, Terminate 620 McAfee Personal Firewall Service Copyright © 2005 McAfee, Inc. All Rights Reserved. ?? 821.54 kb, rsAh,

created: 12/7/2007 2:15:27 AM,

modified: 6/19/2007 8:55:24 AM

Command line:

"C:\Program Files\McAfee\MPF\MPFSrv.exe"

c:\progra~1\mcafee\mps\mps.exe

Script: Quarantine, Delete, BC delete, Terminate 2312 McAfee Privacy Service 9.0 Copyright © 2006 McAfee, Inc. ?? 885.54 kb, rsAh,

created: 12/7/2007 2:15:56 AM,

modified: 4/18/2007 2:08:06 PM

Command line:

C:\PROGRA~1\McAfee\MPS\mps.exe

c:\program files\mcafee\mps\mpsevh.exe

Script: Quarantine, Delete, BC delete, Terminate 3500 McAfee Privacy Service 9.0 Event Handler Copyright © 2006 McAfee, Inc. ?? 297.54 kb, rsAh,

created: 12/7/2007 2:16:01 AM,

modified: 4/18/2007 2:08:10 PM

Command line:

"C:\Program Files\McAfee\MPS\mpsevh.exe" -Embedding

c:\windows\system32\nvsvc32.exe

Script: Quarantine, Delete, BC delete, Terminate 2736 NVIDIA Driver Helper Service, Version 77.72 © NVIDIA Corporation. All rights reserved. ?? 124.07 kb, rsAh,

created: 10/11/2004 4:17:16 AM,

modified: 6/15/2005 7:20:00 PM

Command line:

C:\windows\system32\nvsvc32.exe

c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe

Script: Quarantine, Delete, BC delete, Terminate 312 McAfee Redirector Service Module Copyright © 2006 McAfee, Inc. ?? 250.09 kb, rsAh,

created: 12/7/2007 2:14:23 AM,

modified: 3/8/2007 3:42:42 PM

Command line:

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

c:\windows\system32\services.exe

Script: Quarantine, Delete, BC delete, Terminate 836 Services and Controller app © Microsoft Corporation. All rights reserved. ?? 105.50 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 8/4/2004 7:00:00 AM

Command line:

C:\windows\system32\services.exe

c:\program files\aol 9.0b\shellmon.exe

Script: Quarantine, Delete, BC delete, Terminate 3320 waolmon Copyright © AOL, LLC 1999 - 2006 ?? 53.55 kb, rsAh,

created: 4/18/2007 1:49:05 AM,

modified: 4/18/2007 1:49:05 AM

Command line:

"C:\Program Files\AOL 9.0b\shellmon.exe"

c:\program files\spywarefighter\spfprc.exe

Script: Quarantine, Delete, BC delete, Terminate 2936 SpywareFighter SpamFighter APS. All rights reserved. ?? 400.90 kb, rsAh,

created: 6/8/2007 11:52:14 AM,

modified: 6/8/2007 11:52:14 AM

Command line:

"C:\Program Files\SPYWAREfighter\spfprc.exe"

c:\program files\spywarefighter\spftray.exe

Script: Quarantine, Delete, BC delete, Terminate 2632 Spywarefighter Tray ?? 112.90 kb, rsAh,

created: 6/8/2007 11:52:18 AM,

modified: 6/8/2007 11:52:18 AM

Command line:

"C:\Program Files\SPYWAREfighter\spftray.exe"

c:\windows\system32\spoolsv.exe

Script: Quarantine, Delete, BC delete, Terminate 1680 Spooler SubSystem App © Microsoft Corporation. All rights reserved. ?? 56.50 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 6/10/2005 6:53:32 PM

Command line:

C:\windows\system32\spoolsv.exe

c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate 3000 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 8/4/2004 7:00:00 AM

Command line:

C:\windows\system32\svchost.exe -k imgsvc

c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate 1076 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 8/4/2004 7:00:00 AM

Command line:

C:\windows\system32\svchost -k rpcss

c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate 1112 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 8/4/2004 7:00:00 AM

Command line:

C:\windows\System32\svchost.exe -k netsvcs

c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate 1912 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 8/4/2004 7:00:00 AM

Command line:

C:\windows\System32\svchost.exe -k HTTPFilter

c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate 1160 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 8/4/2004 7:00:00 AM

Command line:

C:\windows\system32\svchost.exe -k NetworkService

c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate 1304 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 8/4/2004 7:00:00 AM

Command line:

C:\windows\system32\svchost.exe -k LocalService

c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate 1000 Generic Host Process for Win32 Services © Microsoft Corporation. All rights reserved. ?? 14.00 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 8/4/2004 7:00:00 AM

Command line:

C:\windows\system32\svchost -k DcomLaunch

c:\program files\aol 9.0b\waol.exe

Script: Quarantine, Delete, BC delete, Terminate 1436 AOL Software Copyright © AOL, LLC 1999 - 2006 ?? 38.55 kb, rsAh,

created: 4/18/2007 1:49:07 AM,

modified: 4/18/2007 1:49:07 AM

Command line:

-Brestart

c:\windows\system32\winlogon.exe

Script: Quarantine, Delete, BC delete, Terminate 792 Windows NT Logon Application © Microsoft Corporation. All rights reserved. ?? 490.50 kb, rsAh,

created: 8/4/2004 7:00:00 AM,

modified: 8/4/2004 7:00:00 AM

Command line:

winlogon.exe

c:\windows\system32\wbem\wmiprvse.exe

Script: Quarantine, Delete, BC delete, Terminate 1036 WMI © Microsoft Corporation. All rights reserved. ?? 213.00 kb, rsAh,

created: 6/14/2005 7:31:40 PM,

modified: 8/4/2004 7:00:00 AM

Command line:

C:\WINDOWS\system32\wbem\wmiprvse.exe-Embedding

c:\program files\windows media player\wmpnetwk.exe

Script: Quarantine, Delete, BC delete, Terminate 3444 Windows Media Player Network Sharing Service © Microsoft Corporation. All rights reserved. ?? 892.00 kb, rsah,

created: 10/18/2006 7:05:24 PM,

modified: 10/18/2006 7:05:24 PM

Command line:

"C:\Program Files\Windows Media Player\WMPNetwk.exe"

c:\program files\windows media player\wmpnscfg.exe

Script: Quarantine, Delete, BC delete, Terminate 2676 Windows Media Player Network Sharing Service Configuration Application © Microsoft Corporation. All rights reserved. ?? 199.50 kb, rsah,

created: 10/18/2006 7:05:26 PM,

modified: 10/18/2006 7:05:26 PM

Command line:

"C:\Program Files\Windows Media Player\WMPNSCFG.exe"

Detected:47, recognized as trusted 24

Module name Handle Description Copyright MD5 Used by processes

C:\Program Files\AOL 9.0b\acfBase.DLL

Script: Quarantine, Delete, BC delete 1864368128 acf Module Copyright 2001 -- 1436

C:\Program Files\AOL 9.0b\APPDATA.dll

Script: Quarantine, Delete, BC delete 1666973696 AppData Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\comm.dll

Script: Quarantine, Delete, BC delete 1610612736 Comm Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\COOLAPI.dll

Script: Quarantine, Delete, BC delete 1663041536 Cool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\coolcore46.dll

Script: Quarantine, Delete, BC delete 1074790400 COOL Core Component Library Copyright 1998-2007 AOL LLC -- 1436

C:\Program Files\AOL 9.0b\idleproc.dll

Script: Quarantine, Delete, BC delete 1743781888 IDLEPROC DLL Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\manager.dll

Script: Quarantine, Delete, BC delete 1729626112 Display Manager Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\ProxyMgr.dll

Script: Quarantine, Delete, BC delete 1621098496 ProxyMgr DLL Copyright ¬ 1999 - 2003 -- 1436

C:\Program Files\AOL 9.0b\resource.dll

Script: Quarantine, Delete, BC delete 1664090112 RESOURCE Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\shellmon.exe

Script: Quarantine, Delete, BC delete 4194304 waolmon Copyright © AOL, LLC 1999 - 2006 ?? 3320

C:\Program Files\AOL 9.0b\supersub.dll

Script: Quarantine, Delete, BC delete 1616379904 SuperSub Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\SYNCCORE.dll

Script: Quarantine, Delete, BC delete 1645215744 SYNCCORE.DLL Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\actvx.rct

Script: Quarantine, Delete, BC delete 1779433472 ActiveX Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\chat.tol

Script: Quarantine, Delete, BC delete 1787822080 Chat Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\coretool.rct

Script: Quarantine, Delete, BC delete 1342242816 Coretool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\htmlview.tol

Script: Quarantine, Delete, BC delete 1777270784 Managed By Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\imfdecode.rct

Script: Quarantine, Delete, BC delete 1806696448 Imfdecode Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\lvi.tol

Script: Quarantine, Delete, BC delete 1689255936 LVI Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\mip.tol

Script: Quarantine, Delete, BC delete 1732771840 MIP Manager Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\rich.rct

Script: Quarantine, Delete, BC delete 1762131968 Rich Text Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\sec.cct

Script: Quarantine, Delete, BC delete 1753481216 Security Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\talk.tol

Script: Quarantine, Delete, BC delete 1649934336 Talk Tool Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\TOOL\www.tol

Script: Quarantine, Delete, BC delete 1757806592 WWW Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\waol.dll

Script: Quarantine, Delete, BC delete 5242880 AOL Software Copyright © AOL, LLC 1999 - 2006 -- 1436

C:\Program Files\AOL 9.0b\waol.exe

Script: Quarantine, Delete, BC delete 4194304 AOL Software Copyright © AOL, LLC 1999 - 2006 ?? 1436

C:\Program Files\AOL 9.0b\xprt5.dll

Script: Quarantine, Delete, BC delete 1073741824 XPRT Runtime Library Copyright 1998-2007 AOL LLC -- 1436

C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe

Script: Quarantine, Delete, BC delete 4194304 AOL Copyright © 2007 AOL LLC ?? 3140

C:\Program Files\Common Files\AOL\1175982866\ee\AOLSvcMgr.dll

Script: Quarantine, Delete, BC delete 1811939328 AOLSvcMgr Copyright © 2007 AOL LLC -- 3140, 1436

c:\program files\common files\aol\1175982866\ee\services\aolsystrayservice\ver3_0_16_1\AOLSysTrayService.dll

Script: Quarantine, Delete, BC delete 1742995456 aolsystrayservice EE Service Copyright © 2006 AOL LLC. All rights reserved. -- 3140

c:\program files\common files\aol\1175982866\ee\services\localStorage\ver7_1_6_1\clsSvc.dll

Script: Quarantine, Delete, BC delete 1732837376 clssvc EE Service Copyright © 2007 AOL LLC -- 3140

c:\program files\common files\aol\1175982866\ee\services\metrics\ver3_6_16_1\cmls.dll

Script: Quarantine, Delete, BC delete 1729495040 Client Metrics Service Copyright © 2006 AOL LLC -- 3140

c:\program files\common files\aol\1175982866\ee\services\notification\ver6_2_6_1\Notify.dll

Script: Quarantine, Delete, BC delete 1733230592 Notification Service Copyright © 2006 America Online, Inc. -- 3140

c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\AOLIdleMon.dll

Script: Quarantine, Delete, BC delete 268435456 AolIdleMon EE Service Copyright © 2006 AOL LLC -- 3140

c:\program files\common files\aol\1175982866\ee\services\os\ver5_2_1_1\OS.dll

Script: Quarantine, Delete, BC delete 1733492736 os EE Service Copyright © 2006 AOL LLC -- 3140

c:\program files\common files\aol\1175982866\ee\services\suiteFramework\ver4_1_6_1\suiteFramework.dll

Script: Quarantine, Delete, BC delete 1735917568 SuiteFramework Service Copyright © 2006 AOL LLC. -- 3140

C:\Program Files\Common Files\AOL\1175982866\ee\xprt5.dll

Script: Quarantine, Delete, BC delete 17301504 XPRT Runtime Library Copyright 1998-2007 AOL LLC -- 3140

C:\Program Files\Common Files\AOL\1175982866\ee\xprt6.dll

Script: Quarantine, Delete, BC delete 1073741824 XPRT Runtime Library Copyright 1998-2006 AOL LLC -- 3140, 1436

C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll

Script: Quarantine, Delete, BC delete 42008576 AOL Connectivity Service Common Code Copyright © 2001-2006 AOL LLC -- 1436

C:\Program Files\Common Files\AOL\ACS\ACSMDiag.dll

Script: Quarantine, Delete, BC delete 12517376 AOL Connectivity Service Diagnostics Copyright © 2001-2006 AOL LLC -- 1812

C:\Program Files\Common Files\AOL\ACS\ACSSwu.dll

Script: Quarantine, Delete, BC delete 24313856 AOL Connectivity Service Software Update Copyright © 2001-2006 AOL LLC -- 1812

C:\Program Files\Common Files\AOL\ACS\AOLacsd.dll

Script: Quarantine, Delete, BC delete 268435456 AOL Connectivity Service Copyright © 2001-2006 AOL LLC -- 1812

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

Script: Quarantine, Delete, BC delete 4194304 AOL Connectivity Service Copyright © 2001-2006 AOL LLC ?? 1812

C:\Program Files\Common Files\AOL\ACS\xpat.dll

Script: Quarantine, Delete, BC delete 3407872 AOL Connectivity Service XML Parser Copyright © 2001-2006 AOL LLC -- 1812

C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll

Script: Quarantine, Delete, BC delete 1811546112 AOL Diagnostics Copyright © 1998-2006 - SupportSoft Software, Inc. All Rights Reserved. -- 1812, 3140, 1436

C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee HackerWatch Service © McAfee, Inc. All rights reserved. ?? 1952

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

Script: Quarantine, Delete, BC delete 4194304 HpqSRmon © Hewlett-Packard. All rights reserved. ?? 2648

C:\Program Files\McAfee\MPF\MPFSrv.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Personal Firewall Service Copyright © 2005 McAfee, Inc. All Rights Reserved. ?? 620

C:\Program Files\McAfee\MPS\mpsevh.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Privacy Service 9.0 Event Handler Copyright © 2006 McAfee, Inc. ?? 3500

C:\Program Files\McAfee\MSC\oem\578\Mccobres.dll

Script: Quarantine, Delete, BC delete 1715470336 McAfee Co-Branded Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500

C:\Program Files\McAfee\VirusScan\mcscan32.dll

Script: Quarantine, Delete, BC delete 301989888 AV Scanning Engine Copyright © 2007 McAfee, Inc. -- 408

C:\Program Files\SPYWAREfighter\engine.dll

Script: Quarantine, Delete, BC delete 268435456 scan engine Copyright © 2005 Anti-Malware Development a.s. -- 2936

C:\Program Files\SPYWAREfighter\spfprc.exe

Script: Quarantine, Delete, BC delete 4194304 SpywareFighter SpamFighter APS. All rights reserved. ?? 2936

C:\Program Files\SPYWAREfighter\spfrm.dll

Script: Quarantine, Delete, BC delete 10158080 SpyWareFighter RS SpamFighter Aps. All rights reserved. -- 2936, 2632

C:\Program Files\SPYWAREfighter\spftray.exe

Script: Quarantine, Delete, BC delete 4194304 Spywarefighter Tray ?? 2632

C:\Program Files\SPYWAREfighter\SPYWAREfighterBO.dll

Script: Quarantine, Delete, BC delete 285212672 -- 2936, 2632

C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream_0305000D.dll

Script: Quarantine, Delete, BC delete 343932928 Viewpoint Media Player for Internet Explorer Copyright © 2000 Viewpoint Corporation -- 1436

C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr_0305000D.dll

Script: Quarantine, Delete, BC delete 360710144 Viewpoint Media Player Component Manager Copyright © 2000 Viewpoint Corporation -- 1436

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll

Script: Quarantine, Delete, BC delete 549453824 Viewpoint Media Player AOLUserShell Copyright © 2000 Viewpoint Corporation -- 1436

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll

Script: Quarantine, Delete, BC delete 369098752 Viewpoint Media Player Scene Component Copyright © 2000 Viewpoint Corporation -- 1436

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll

Script: Quarantine, Delete, BC delete 385875968 Viewpoint Media Player Rasterizer Component Copyright © 2000 Viewpoint Corporation -- 1436

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll

Script: Quarantine, Delete, BC delete 394264576 Viewpoint Media Player SWFView Component Copyright © 2000 Viewpoint Corporation -- 1436

C:\Program Files\Windows Media Player\WMPNetwk.exe

Script: Quarantine, Delete, BC delete 16777216 Windows Media Player Network Sharing Service © Microsoft Corporation. All rights reserved. ?? 3444

C:\Program Files\Windows Media Player\WMPNSCFG.exe

Script: Quarantine, Delete, BC delete 16777216 Windows Media Player Network Sharing Service Configuration Application © Microsoft Corporation. All rights reserved. ?? 2676

C:\Program Files\Windows Media Player\wmpnssci.dll

Script: Quarantine, Delete, BC delete 335413248 Windows Media Player Network Sharing Service Control Interface DLL © Microsoft Corporation. All rights reserved. -- 2676

c:\PROGRA~1\COMMON~1\mcafee\core\mccoreps.dll

Script: Quarantine, Delete, BC delete 1654652928 McAfee Core Proxy Stub Copyright © 2006 McAfee, Inc. -- 1952, 1476, 2028, 124, 204, 408, 492, 620, 2312, 3500, 312

c:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll

Script: Quarantine, Delete, BC delete 1655701504 McAfee Event Broker Copyright © 2006 McAfee, Inc. -- 228, 408, 492, 620, 2312, 312

c:\PROGRA~1\COMMON~1\mcafee\HACKER~1\hwapips.dll

Script: Quarantine, Delete, BC delete 1667235840 McAfee HackerWatch Proxy Stub © McAfee, Inc. All rights reserved. -- 1952, 492, 620, 312

c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Proxy Service Module Copyright © 2006 McAfee, Inc. ?? 228

c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Network Agent Copyright © 2006 McAfee, Inc. ?? 124

c:\PROGRA~1\COMMON~1\mcafee\mna\MCNASV~1.DLL

Script: Quarantine, Delete, BC delete 1801453568 McAfee Network Agent Proxy/Stub Copyright © 2006 McAfee, Inc. -- 124, 204

c:\PROGRA~1\COMMON~1\mcafee\mna\mcuj.dll

Script: Quarantine, Delete, BC delete 1800404992 McAfee Unified Join Copyright © 2006 McAfee, Inc. -- 124

C:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll

Script: Quarantine, Delete, BC delete 1650458624 McAfee Utility DLL Copyright © 2006 McAfee, Inc. -- 124, 204

C:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll

Script: Quarantine, Delete, BC delete 1652555776 Sqlite3 Database Module Copyright © 2006 McAfee, Inc. -- 2028

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirps.dll

Script: Quarantine, Delete, BC delete 1644167168 McAfee Redirector Service Proxy Stub Copyright © 2006 McAfee, Inc. -- 228, 312

c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Redirector Service Module Copyright © 2006 McAfee, Inc. ?? 312

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 1476

c:\PROGRA~1\mcafee.com\agent\mcagntps.dll

Script: Quarantine, Delete, BC delete 1711276032 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. -- 1476

c:\PROGRA~1\mcafee\mpf\mc\mpfmisp.dll

Script: Quarantine, Delete, BC delete 1665138688 McAfee Personal Firewall Plus Copyright © 2005 McAfee, Inc. All Rights Reserved. -- 620

C:\PROGRA~1\McAfee\MPS\mps.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Privacy Service 9.0 Copyright © 2006 McAfee, Inc. ?? 2312

c:\PROGRA~1\mcafee\mps\mpsmisp.dll

Script: Quarantine, Delete, BC delete 1681915904 McAfee Privacy Service 9.0 Copyright © 2006 McAfee, Inc. -- 3500

c:\PROGRA~1\mcafee\mps\mpsppm.dll

Script: Quarantine, Delete, BC delete 1682964480 MPS Proxy Plugin Module Copyright © 2006 McAfee, Inc. -- 228

c:\PROGRA~1\mcafee\mps\mpsps.dll

Script: Quarantine, Delete, BC delete 1684013056 McAfee Privacy Service 9.0 Proxy Stub Copyright © 2006 McAfee, Inc. -- 2312, 3500

C:\PROGRA~1\McAfee\MSC\McAltLib.dll

Script: Quarantine, Delete, BC delete 1712324608 MISP Alert Library Copyright © 2006 McAfee, Inc. -- 3500

c:\PROGRA~1\mcafee\msc\mccfgpv.dll

Script: Quarantine, Delete, BC delete 1714421760 MISP Default Configuration Provider Copyright © 2006 McAfee, Inc. -- 1476

C:\PROGRA~1\McAfee\MSC\Mccobres.dll

Script: Quarantine, Delete, BC delete 13107200 McAfee Co-Branded Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500

c:\PROGRA~1\mcafee\msc\mcdbmgr.dll

Script: Quarantine, Delete, BC delete 1719664640 McAfee Log Database Manager Copyright © 2006 McAfee, Inc. -- 2028

C:\PROGRA~1\McAfee\MSC\McLocRes.dll

Script: Quarantine, Delete, BC delete 1716518912 McAfee Localized Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500

c:\PROGRA~1\mcafee\msc\mcmismgr.dll

Script: Quarantine, Delete, BC delete 1718616064 McAfee Misc Manager Copyright © 2006 McAfee, Inc. -- 124

c:\PROGRA~1\mcafee\msc\mcmispps.dll

Script: Quarantine, Delete, BC delete 1721761792 McAfee MISP Proxy Stub DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 408, 492, 620, 3500

C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

Script: Quarantine, Delete, BC delete 4194304 MISP User Manager Copyright © 2006 McAfee, Inc. ?? 2028

C:\PROGRA~1\McAfee\MSC\McNmcCoR.dll

Script: Quarantine, Delete, BC delete 35454976 McAfee NMC Co-Branded Resource DLL Copyright © 2006 McAfee, Inc. -- 124, 204

C:\PROGRA~1\McAfee\MSC\McNmcLoR.dll

Script: Quarantine, Delete, BC delete 35323904 McAfee NMC Localized Resource DLL Copyright © 2006 McAfee, Inc. -- 124, 204

c:\PROGRA~1\mcafee\msc\mcnmcprv.dll

Script: Quarantine, Delete, BC delete 37879808 McAfee NMC Provider Copyright © 2006 McAfee, Inc. -- 204

C:\PROGRA~1\McAfee\MSC\McNmcRes.dll

Script: Quarantine, Delete, BC delete 34930688 McAfee NMC Resource DLL Copyright © 2006 McAfee, Inc. -- 124, 204

c:\PROGRA~1\mcafee\msc\mcnmcsps.dll

Script: Quarantine, Delete, BC delete 15794176 McAfee NMC Server Proxy Stub Copyright © 2006 McAfee, Inc. -- 124, 204

c:\PROGRA~1\mcafee\msc\mcnmcsrv.dll

Script: Quarantine, Delete, BC delete 268435456 McAfee NMC Server Copyright © 2006 McAfee, Inc. -- 124

C:\PROGRA~1\McAfee\MSC\McProHlp.dll

Script: Quarantine, Delete, BC delete 1725956096 Mc Security Index Copyright © 2006 McAfee, Inc. -- 204

C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. ?? 204

c:\PROGRA~1\mcafee\msc\mcprotpv.dll

Script: Quarantine, Delete, BC delete 1727004672 MISP Default Protection Provider Copyright © 2006 McAfee, Inc. -- 204

c:\PROGRA~1\mcafee\msc\mcregobj\7_2_14~1\mcregobj.dll

Script: Quarantine, Delete, BC delete 1729101824 MISP Registration Component Copyright © 2006 McAfee, Inc. -- 1476, 124

C:\PROGRA~1\McAfee\MSC\McRes.dll

Script: Quarantine, Delete, BC delete 1730150400 McAfee Non-Localized Resource DLL Copyright © 2006 McAfee, Inc. -- 1476, 2028, 124, 204, 3500

c:\PROGRA~1\mcafee\msc\mcshllps.dll

Script: Quarantine, Delete, BC delete 1731198976 McAfee McShell Proxy Stub DLL Copyright © 2006 McAfee, Inc. -- 124, 204

c:\PROGRA~1\mcafee\msc\mcsubmgr\7_2_14~1\mcsubmgr.dll

Script: Quarantine, Delete, BC delete 1733296128 McAfee Subscription manager module Copyright © 2006 McAfee, Inc. -- 1476, 124, 204, 408, 492

c:\PROGRA~1\mcafee\msc\mcuicfg.dll

Script: Quarantine, Delete, BC delete 1734344704 McAfee Integrated Security Platform Copyright © 2006 McAfee, Inc. -- 1476

C:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll

Script: Quarantine, Delete, BC delete 336068608 File Filter Library Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll

Script: Quarantine, Delete, BC delete 336461824 Provides self-protection functionality Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee VirusScan - On Demand Scan Copyright © 2006 McAfee, Inc. ?? 188

C:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll

Script: Quarantine, Delete, BC delete 1621098496 McAfee Quarantine Library Copyright © 2006 McAfee, Inc. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

Script: Quarantine, Delete, BC delete 4194304 On-Access Scanner service Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. ?? 408

C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

Script: Quarantine, Delete, BC delete 4194304 McAfee SystemGuards Service Copyright © 2006 McAfee, Inc. ?? 492

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsps.dll

Script: Quarantine, Delete, BC delete 1624244224 McAfee VirusScan Proxy Stub dll Copyright © 2006 McAfee, Inc. -- 408, 492

c:\PROGRA~1\mcafee\VIRUSS~1\mcvsqt.dll

Script: Quarantine, Delete, BC delete 1625292800 McAfee VirusScan Quarantine Interface Copyright © 2006 McAfee, Inc. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll

Script: Quarantine, Delete, BC delete 1862205440 Anti Virus File System Filter Driver API Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll

Script: Quarantine, Delete, BC delete 1614610432 Buffer Overflow Protection Service Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll

Script: Quarantine, Delete, BC delete 1713635328 Host Intrusion Detection Link Driver Communication Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408, 492

C:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll

Script: Quarantine, Delete, BC delete 1786970112 System Monitor Filter Driver API Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 492

c:\PROGRA~1\mcafee\VIRUSS~1\mvscfg.dll

Script: Quarantine, Delete, BC delete 1627389952 McAfee Configuration Object Tool Copyright © 2006 McAfee, Inc. -- 408, 492

C:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll

Script: Quarantine, Delete, BC delete 1630535680 McAfee VirusScan Log Helper Copyright © 2006 McAfee, Inc. -- 408, 492

C:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll

Script: Quarantine, Delete, BC delete 337117184 Common Shell - Scanners' interface to the engine Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll

Script: Quarantine, Delete, BC delete 337772544 Common Shell2 - Scanners' interface to the 5000 series engine Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll

Script: Quarantine, Delete, BC delete 1636827136 McAfee VirusScan Announcer Copyright © 2006 McAfee, Inc. -- 408

c:\PROGRA~1\mcafee\VIRUSS~1\naiannps.dll

Script: Quarantine, Delete, BC delete 1637875712 McAfee VirusScan Announcer Proxy Stub dll Copyright © 2006 McAfee, Inc. -- 408

C:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll

Script: Quarantine, Delete, BC delete 336592896 Resources for McShield Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

Script: Quarantine, Delete, BC delete 340328448 VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 944, 1436

C:\PROGRA~1\McAfee\VIRUSS~1\scriptsv.dll

Script: Quarantine, Delete, BC delete 340328448 VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. -- 408

C:\windows\Explorer.EXE

Script: Quarantine, Delete, BC delete 16777216 Windows Explorer © Microsoft Corporation. All rights reserved. ?? 944

C:\windows\system32\BROWSEUI.dll

Script: Quarantine, Delete, BC delete 1979187200 Shell Browser UI Library © Microsoft Corporation. All rights reserved. -- 944

C:\windows\system32\comctl32.dll

Script: Quarantine, Delete, BC delete 1560870912 Common Controls Library © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 944, 2648, 2640, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 3320, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444

c:\windows\system32\dhcpcsvc.dll

Script: Quarantine, Delete, BC delete 1993867264 DHCP Client Service © Microsoft Corporation. All rights reserved. -- 1112

C:\windows\system32\DNSAPI.dll

Script: Quarantine, Delete, BC delete 1995571200 DNS Client API DLL © Microsoft Corporation. All rights reserved. -- 1812, 3140, 2628, 1952, 848, 124, 204, 492, 2936, 1680, 1076, 1112, 1160, 1036

C:\windows\system32\Dunzip32.dll

Script: Quarantine, Delete, BC delete 805306368 DynaZIP-32 Multi-Threading UnZIP DLL Copyright © 1995 - 2004 by Inner Media, Inc. All Rights Reserved. -- 2312

C:\WINDOWS\system32\Dxtmsft.dll

Script: Quarantine, Delete, BC delete 902496256 DirectX Media -- Image DirectX Transforms © Microsoft Corporation. All rights reserved. -- 1436

C:\WINDOWS\system32\Dxtrans.dll

Script: Quarantine, Delete, BC delete 1108082688 DirectX Media -- DirectX Transform Core © Microsoft Corporation. All rights reserved. -- 1436

c:\windows\system32\ESENT.dll

Script: Quarantine, Delete, BC delete 1617625088 Server Database Storage Engine © Microsoft Corporation. All rights reserved. -- 1112

C:\windows\system32\GDI32.dll

Script: Quarantine, Delete, BC delete 2012282880 GDI Client DLL © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 2628, 768, 2664, 944, 2648, 2640, 2848, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 836, 3320, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444, 2676

C:\windows\system32\hpz3l463.dll

Script: Quarantine, Delete, BC delete 9895936 LanguageMonitor Copyright © 1999 -- 1680

C:\windows\system32\hpz3l4pi.dll

Script: Quarantine, Delete, BC delete 9961472 LanguageMonitor Copyright © 1999 -- 1680

C:\windows\system32\ieframe.dll

Script: Quarantine, Delete, BC delete 1122959360 Internet Explorer © Microsoft Corporation. All rights reserved. -- 944, 1436

C:\windows\system32\iertutil.dll

Script: Quarantine, Delete, BC delete 1117323264 Run time utility for Internet Explorer © Microsoft Corporation. All rights reserved. -- 1560, 1812, 2616, 2628, 944, 2656, 1476, 124, 204, 620, 1112, 1304, 1436

C:\windows\system32\iphlpapi.dll

Script: Quarantine, Delete, BC delete 1993736192 IP Helper API © Microsoft Corporation. All rights reserved. -- 1812, 3140, 2616, 2628, 944, 848, 2028, 124, 188, 620, 2736, 2936, 2632, 1076, 1112, 1160, 1304, 1000, 1436, 792, 3444

C:\windows\system32\jgdw400.dll

Script: Quarantine, Delete, BC delete 60620800 JG ART DLL Copyright © 1997 America Online, Inc. -- 1436

C:\windows\system32\jgpl400.dll

Script: Quarantine, Delete, BC delete 60555264 JG ART Player DLL ©1996 AOL/Johnson-Grace Company -- 1436

C:\windows\system32\JScript.dll

Script: Quarantine, Delete, BC delete 1664614400 Microsoft ® JScript Copyright © Microsoft Corp. 1996-2006, All Rights Reserved -- 944, 1436

C:\windows\system32\kernel32.dll

Script: Quarantine, Delete, BC delete 2088763392 Windows NT BASE API Client DLL © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 2628, 768, 2664, 944, 2648, 2640, 2848, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 836, 3320, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444, 2676

C:\windows\system32\LSASRV.dll

Script: Quarantine, Delete, BC delete 1970470912 LSA Server DLL © Microsoft Corporation. All rights reserved. -- 848

C:\windows\system32\MFPlat.DLL

Script: Quarantine, Delete, BC delete 200212480 Media Foundation Platform DLL © Microsoft Corporation. All rights reserved. -- 3444

C:\WINDOWS\system32\mshtml.dll

Script: Quarantine, Delete, BC delete 1130168320 Microsoft ® HTML Viewer © Microsoft Corporation. All rights reserved. -- 1436

C:\WINDOWS\system32\mshtmled.dll

Script: Quarantine, Delete, BC delete 1119420416 Microsoft® HTML Editing Component © Microsoft Corporation. All rights reserved. -- 1436

C:\windows\system32\msi.dll

Script: Quarantine, Delete, BC delete 2099118080 Windows Installer © Microsoft Corporation. All rights reserved. -- 3140, 944, 124, 204, 2312, 3500, 2936, 2632, 1112, 1436, 3444

C:\WINDOWS\system32\msls31.dll

Script: Quarantine, Delete, BC delete 1953234944 Microsoft Line Services library file Copyright © Microsoft Corp. 1996-1999 -- 1436

C:\windows\system32\msxml3.dll

Script: Quarantine, Delete, BC delete 1956118528 MSXML 3.0 SP9 Copyright © Microsoft Corporation. 1981-2007 -- 1476, 492, 3500, 1436

C:\WINDOWS\system32\MTXCLU.DLL

Script: Quarantine, Delete, BC delete 1963917312 MS DTC amd MTS clustering support DLL Copyright © Microsoft Corp. 1995-1998 -- 1112

C:\windows\system32\NETAPI32.dll

Script: Quarantine, Delete, BC delete 1535508480 Net Win32 API DLL © Microsoft Corporation. All rights reserved. -- 1812, 3140, 2628, 944, 2648, 1952, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 836, 2936, 1680, 3000, 1112, 1304, 1000, 1436, 792, 1036, 3444, 2676

C:\windows\system32\OLEAUT32.dll

Script: Quarantine, Delete, BC delete 1997668352 Copyright © Microsoft Corp. 1993-2001. -- 2932, 1812, 3140, 2616, 2628, 2664, 944, 2648, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 312, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444, 2676

C:\WINDOWS\system32\PortableDeviceTypes.dll

Script: Quarantine, Delete, BC delete 278659072 Windows Portable Device (Parameter) Types Component © Microsoft Corporation. All rights reserved. -- 944

C:\windows\System32\rasmans.dll

Script: Quarantine, Delete, BC delete 2113077248 Remote Access Connection Manager © Microsoft Corporation. All rights reserved. -- 1112

C:\windows\system32\RPCRT4.dll

Script: Quarantine, Delete, BC delete 2011627520 Remote Procedure Call Runtime © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 2628, 768, 2664, 944, 2648, 2640, 2848, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 836, 3320, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444, 2676

C:\windows\system32\schannel.dll

Script: Quarantine, Delete, BC delete 1988034560 TLS / SSL Security Provider © Microsoft Corporation. All rights reserved. -- 848, 1112

C:\windows\system32\SHDOCVW.dll

Script: Quarantine, Delete, BC delete 2004221952 Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. -- 944

C:\windows\system32\SHELL32.dll

Script: Quarantine, Delete, BC delete 2090598400 Windows Shell Common Dll © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 2628, 2664, 944, 2648, 2640, 1952, 2656, 848, 1476, 2028, 124, 204, 408, 492, 620, 2312, 3500, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444

C:\windows\system32\SHLWAPI.dll

Script: Quarantine, Delete, BC delete 2012610560 Shell Light-weight Utility Library © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 2628, 2664, 944, 2648, 2640, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 3320, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444, 2676

c:\windows\system32\shsvcs.dll

Script: Quarantine, Delete, BC delete 2003697664 Windows Shell Services Dll © Microsoft Corporation. All rights reserved. -- 1112, 792

C:\windows\System32\spool\PRTPROCS\W32X86\hpzpp463.dll

Script: Quarantine, Delete, BC delete 13828096 Copyright © Hewlett-Packard Corp. 1997-2002 -- 1680

C:\windows\System32\spool\PRTPROCS\W32X86\hpzpp4pi.dll

Script: Quarantine, Delete, BC delete 13959168 Copyright © Hewlett-Packard Corp. 1997-2002 -- 1680

C:\windows\system32\sxs.dll

Script: Quarantine, Delete, BC delete 1978204160 Fusion 2.5 © Microsoft Corporation. All rights reserved. -- 768, 944, 188, 204, 408, 492, 620, 2312, 3500, 2936, 2632, 1112, 1436, 792, 3444

c:\windows\system32\upnphost.dll

Script: Quarantine, Delete, BC delete 1656684544 UPnP Device Host © Microsoft Corporation. All rights reserved. -- 1304

C:\windows\system32\urlmon.dll

Script: Quarantine, Delete, BC delete 1120862208 OLE32 Extensions for Win32 © Microsoft Corporation. All rights reserved. -- 944, 204, 620, 1436

C:\windows\system32\USER32.dll

Script: Quarantine, Delete, BC delete 2118189056 Windows XP USER API Client DLL © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 2628, 768, 2664, 944, 2648, 2640, 2848, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 836, 3320, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444, 2676

C:\windows\system32\vb script: Quarantine, Delete, BC delete 1932525568 Microsoft ® vb script: Quarantine, Delete, BC delete 1949827072 Microsoft Digest Access © Microsoft Corporation. All rights reserved. -- 848

C:\WINDOWS\system32\webcheck.dll

Script: Quarantine, Delete, BC delete 1122238464 Web Site Monitor © Microsoft Corporation. All rights reserved. -- 944

c:\windows\system32\webclnt.dll

Script: Quarantine, Delete, BC delete 1517158400 Web DAV Service DLL © Microsoft Corporation. All rights reserved. -- 1304

c:\windows\system32\wiaservc.dll

Script: Quarantine, Delete, BC delete 1974075392 Still Image Devices Service © Microsoft Corporation. All rights reserved. -- 3000

C:\windows\system32\WININET.dll

Script: Quarantine, Delete, BC delete 1119944704 Internet Extensions for Win32 © Microsoft Corporation. All rights reserved. -- 1560, 1812, 2616, 2628, 944, 2656, 1476, 124, 204, 620, 1112, 1304, 1436

C:\windows\system32\winsrv.dll

Script: Quarantine, Delete, BC delete 1974861824 Windows Server DLL © Microsoft Corporation. All rights reserved. -- 768

c:\windows\system32\wkssvc.dll

Script: Quarantine, Delete, BC delete 1994653696 Workstation Service DLL © Microsoft Corporation. All rights reserved. -- 1112

C:\WINDOWS\system32\wmp.dll

Script: Quarantine, Delete, BC delete 311754752 Windows Media Player © Microsoft Corporation. All rights reserved. -- 3444

C:\WINDOWS\system32\wmploc.dll

Script: Quarantine, Delete, BC delete 326369280 Windows Media Player Resources © Microsoft Corporation. All rights reserved. -- 3444

C:\windows\system32\wmpmde.dll

Script: Quarantine, Delete, BC delete 334692352 WMPMDE DLL © Microsoft Corporation. All rights reserved. -- 3444

C:\WINDOWS\system32\wmpps.dll

Script: Quarantine, Delete, BC delete 335740928 Windows Media Player Proxy Stub Dll © Microsoft Corporation. All rights reserved. -- 3444

C:\WINDOWS\system32\WPDShServiceObj.dll

Script: Quarantine, Delete, BC delete 373948416 Windows Portable Device Shell Service Object © Microsoft Corporation. All rights reserved. -- 944

C:\windows\system32\wuaueng.dll

Script: Quarantine, Delete, BC delete 1342439424 Windows Update Agent © Microsoft Corporation. All rights reserved. -- 1112

C:\WINDOWS\system32\wups2.dll

Script: Quarantine, Delete, BC delete 1357250560 Windows Update client proxy stub 2 © Microsoft Corporation. All rights reserved. -- 1112

C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCP80.dll

Script: Quarantine, Delete, BC delete 2084700160 Microsoft® C++ Runtime Library © Microsoft Corporation. All rights reserved. -- 2648

C:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\MSVCR80.dll

Script: Quarantine, Delete, BC delete 2014511104 Microsoft® C Runtime Library © Microsoft Corporation. All rights reserved. -- 2648

C:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

Script: Quarantine, Delete, BC delete 2000486400 User Experience Controls Library © Microsoft Corporation. All rights reserved. -- 1560, 2932, 1812, 3140, 2616, 2628, 2664, 944, 2648, 2640, 1952, 2656, 848, 1476, 2028, 124, 188, 204, 228, 408, 492, 620, 2312, 3500, 2736, 312, 3320, 2936, 2632, 1680, 3000, 1076, 1112, 1912, 1160, 1304, 1000, 1436, 792, 1036, 3444, 2676

Modules detected:433, recognized as trusted 247

 

Kernel space modules

Module Base address Size in memory Description Manufacturer

C:\windows\System32\Drivers\dump_atapi.sys

Script: Quarantine, Delete, BC delete F45AB000 018000 (98304)

C:\windows\System32\Drivers\dump_WMILIB.SYS

Script: Quarantine, Delete, BC delete F7B2C000 002000 (8192)

C:\windows\system32\Drivers\fltMgr.sys

Script: Quarantine, Delete, BC delete F7445000 020000 (131072) Microsoft Filesystem Filter Manager © Microsoft Corporation. All rights reserved.

C:\windows\System32\Drivers\HTTP.sys

Script: Quarantine, Delete, BC delete BA1D2000 041000 (266240) HTTP Protocol Stack © Microsoft Corporation. All rights reserved.

C:\windows\system32\drivers\kmixer.sys

Script: Quarantine, Delete, BC delete B7B78000 02B000 (176128) Kernel Mode Audio Mixer © Microsoft Corporation. All rights reserved.

C:\windows\system32\drivers\mfeavfk.sys

Script: Quarantine, Delete, BC delete BA308000 010000 (65536) Anti-Virus File System Filter Driver Copyright© 1995-2006 McAfee, Inc. All Rights Reserved.

C:\windows\system32\drivers\mfebopk.sys

Script: Quarantine, Delete, BC delete F78EC000 007000 (28672) Buffer Overflow Protection Driver Copyright© 1995-2007 McAfee, Inc. All Rights Reserved.

C:\windows\system32\drivers\mfehidk.sys

Script: Quarantine, Delete, BC delete B9D0C000 029000 (167936) Host Intrusion Detection Link Driver Copyright© 1995-2007 McAfee, Inc. All Rights Reserved.

C:\windows\system32\drivers\mfesmfk.sys

Script: Quarantine, Delete, BC delete F78DC000 008000 (32768) System Monitor Filter Driver Copyright© 1995-2007 McAfee, Inc. All Rights Reserved.

C:\windows\System32\Drivers\Mpfp.sys

Script: Quarantine, Delete, BC delete F47DB000 023000 (143360) McAfee Personal Firewall Plus Driver Copyright © 2005 McAfee, Inc. All rights reserved.

C:\windows\system32\DRIVERS\mrxsmb.sys

Script: Quarantine, Delete, BC delete F462F000 06F000 (454656) Windows NT SMB Minirdr © Microsoft Corporation. All rights reserved.

C:\windows\system32\Drivers\Ntfs.sys

Script: Quarantine, Delete, BC delete F738F000 08D000 (577536) NT File System Driver © Microsoft Corporation. All rights reserved.

C:\windows\system32\ntkrnlpa.exe

Script: Quarantine, Delete, BC delete 804D7000 1F6580 (2057600) NT Kernel & System © Microsoft Corporation. All rights reserved.

C:\windows\system32\drivers\nvapu.sys

Script: Quarantine, Delete, BC delete F6B81000 066000 (417792) NVIDIA® nForce Audio Driver Copyright© 2000-2005 NVIDIA Corporation

C:\windows\system32\drivers\nvarm.sys

Script: Quarantine, Delete, BC delete F6A6A000 011000 (69632) NVIDIA® nForce APU Resource Manager Copyright© 2000-2005 NVIDIA Corporation

C:\windows\system32\drivers\nvax.sys

Script: Quarantine, Delete, BC delete F783C000 00E000 (57344) NVIDIA® nForce MCP Audio Enumerator Copyright© 2000-2005 NVIDIA Corporation

C:\windows\system32\DRIVERS\NVENETFD.sys

Script: Quarantine, Delete, BC delete F777C000 009000 (36864) NVIDIA Networking Function Driver. Copyright © 2001-2003 NVIDIA Corporation

C:\windows\system32\drivers\nvmcp.sys

Script: Quarantine, Delete, BC delete F6A7B000 0E2000 (925696) NVIDIA® nForce MCP APU Audio Library Copyright© 2000-2005 NVIDIA Corporation

C:\windows\system32\DRIVERS\nvnetbus.sys

Script: Quarantine, Delete, BC delete F7AB8000 004000 (16384) NVIDIA Networking Bus Driver. Copyright © 2001-2003 NVIDIA Corporation

C:\windows\system32\DRIVERS\NVNRM.SYS

Script: Quarantine, Delete, BC delete F71A7000 044000 (278528) NVIDIA Network Resource Manager. Copyright © 2001-2003 NVIDIA Corporation

C:\windows\system32\DRIVERS\NVSNPU.SYS

Script: Quarantine, Delete, BC delete F7174000 033000 (208896) NVIDIA Networking Soft-NPU Driver. Copyright © 2001-2003 NVIDIA Corporation

C:\windows\system32\DRIVERS\rdbss.sys

Script: Quarantine, Delete, BC delete F46C6000 02B000 (176128) Redirected Drive Buffering SubSystem Driver © Microsoft Corporation. All rights reserved.

C:\Program Files\SPYWAREfighter\spyfighter.sys

Script: Quarantine, Delete, BC delete F78C4000 005000 (20480)

C:\windows\system32\DRIVERS\srv.sys

Script: Quarantine, Delete, BC delete BA0B8000 052000 (335872) Server driver © Microsoft Corporation. All rights reserved.

C:\windows\system32\DRIVERS\wanatw4.sys

Script: Quarantine, Delete, BC delete F7934000 006000 (24576) Wan Miniport (ATW) Copyright © 2001-2002 America Online, Inc.

C:\windows\system32\drivers\wdmaud.sys

Script: Quarantine, Delete, BC delete B9D83000 015000 (86016) MMSYSTEM Wave/Midi API mapper © Microsoft Corporation. All rights reserved.

C:\windows\System32\win32k.sys

Script: Quarantine, Delete, BC delete BF800000 1C3000 (1847296) Multi-User Win32 Driver © Microsoft Corporation. All rights reserved.

C:\windows\system32\DRIVERS\WniHdd51.sys

Script: Quarantine, Delete, BC delete F71EB000 0CE000 (843776) Airgo Networks True MIMO Wireless Adapter Copyright © Airgo Networks, Inc.,2004

Modules detected - 132, recognized as trusted - 104

 

Services

Service Description Status File Group Dependencies

AOL ACS

Service: Stop, Delete, Disable AOL Connectivity Service Running C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

Script: Quarantine, Delete, BC delete

McAfee HackerWatch Service

Service: Stop, Delete, Disable McAfee HackerWatch Service Running C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

Script: Quarantine, Delete, BC delete RPCSS

mcmscsvc

Service: Stop, Delete, Disable McAfee Services Running C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

Script: Quarantine, Delete, BC delete

McNASvc

Service: Stop, Delete, Disable McAfee Network Agent Running c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

Script: Quarantine, Delete, BC delete RPCSS

McODS

Service: Stop, Delete, Disable McAfee Scanner Running C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

Script: Quarantine, Delete, BC delete

mcpromgr

Service: Stop, Delete, Disable McAfee Protection Manager Running C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

Script: Quarantine, Delete, BC delete

McProxy

Service: Stop, Delete, Disable McAfee Proxy Service Running c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

Script: Quarantine, Delete, BC delete

McRedirector

Service: Stop, Delete, Disable McAfee Redirector Service Running c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

Script: Quarantine, Delete, BC delete

McShield

Service: Stop, Delete, Disable McAfee Real-time Scanner Running C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

Script: Quarantine, Delete, BC delete

McSysmon

Service: Stop, Delete, Disable McAfee SystemGuards Running C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

Script: Quarantine, Delete, BC delete

MpfService

Service: Stop, Delete, Disable McAfee Personal Firewall Service Running C:\Program Files\McAfee\MPF\MPFSrv.exe

Script: Quarantine, Delete, BC delete

MPS9

Service: Stop, Delete, Disable McAfee Privacy Service Running C:\PROGRA~1\McAfee\MPS\mps.exe

Script: Quarantine, Delete, BC delete McProxy

SPYWAREfighterRP

Service: Stop, Delete, Disable SPYWAREfighterRP Running C:\Program Files\SPYWAREfighter\spfprc.exe

Script: Quarantine, Delete, BC delete RPCSS

WMPNetworkSvc

Service: Stop, Delete, Disable Windows Media Player Network Sharing Service Running C:\Program Files\Windows Media Player\WMPNetwk.exe

Script: Quarantine, Delete, BC delete upnphost

Adobe LM Service

Service: Stop, Delete, Disable Adobe LM Service Not started C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

Script: Quarantine, Delete, BC delete

ATI Smart

Service: Stop, Delete, Disable ATI Smart Not started C:\WINDOWS\system32\ati2sgag.exe

Script: Quarantine, Delete, BC delete

Emproxy

Service: Stop, Delete, Disable McAfee E-mail Proxy Not started C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe

Script: Quarantine, Delete, BC delete

iPod Service

Service: Stop, Delete, Disable iPod Service Not started iPod Service.sys

Script: Quarantine, Delete, BC delete RpcSs

mcmispupdmgr

Service: Stop, Delete, Disable McAfee Update Manager Not started C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe

Script: Quarantine, Delete, BC delete

Detected - 102, recognized as trusted - 83

 

Drivers

Service Description Status File Group Dependencies

Airgo

Driver: Unload, Delete, Disable Wireless-G PCI Adapter with SRX Driver Running C:\windows\system32\DRIVERS\WniHdd51.sys

Script: Quarantine, Delete, BC delete NDIS

FltMgr

Driver: Unload, Delete, Disable FltMgr Running C:\windows\system32\DRIVERS\fltMgr.sys

Script: Quarantine, Delete, BC delete FSFilter Infrastructure

HTTP

Driver: Unload, Delete, Disable HTTP Running C:\windows\system32\Drivers\HTTP.sys

Script: Quarantine, Delete, BC delete

kmixer

Driver: Unload, Delete, Disable Microsoft Kernel Wave Audio Mixer Running C:\windows\system32\drivers\kmixer.sys

Script: Quarantine, Delete, BC delete

mfeavfk

Driver: Unload, Delete, Disable McAfee Inc. Running C:\windows\system32\drivers\mfeavfk.sys

Script: Quarantine, Delete, BC delete

mfebopk

Driver: Unload, Delete, Disable McAfee Inc. Running C:\windows\system32\drivers\mfebopk.sys

Script: Quarantine, Delete, BC delete

mfehidk

Driver: Unload, Delete, Disable McAfee Inc. Running C:\windows\system32\drivers\mfehidk.sys

Script: Quarantine, Delete, BC delete

mfesmfk

Driver: Unload, Delete, Disable McAfee Inc. Running C:\windows\system32\drivers\mfesmfk.sys

Script: Quarantine, Delete, BC delete

MPFP

Driver: Unload, Delete, Disable MPFP Running C:\windows\system32\Drivers\Mpfp.sys

Script: Quarantine, Delete, BC delete PNP_TDI TcpIp

MRxSmb

Driver: Unload, Delete, Disable MRxSmb Running C:\windows\system32\DRIVERS\mrxsmb.sys

Script: Quarantine, Delete, BC delete Network

Ntfs

Driver: Unload, Delete, Disable Ntfs Running C:\windows\system32\Drivers\Ntfs.sys

Script: Quarantine, Delete, BC delete File system

nvax

Driver: Unload, Delete, Disable Service for NVIDIA® nForce Audio Enumerator Running C:\windows\system32\drivers\nvax.sys

Script: Quarantine, Delete, BC delete

NVENETFD

Driver: Unload, Delete, Disable NVIDIA nForce Networking Controller Driver Running C:\windows\system32\DRIVERS\NVENETFD.sys

Script: Quarantine, Delete, BC delete NDIS

nvnetbus

Driver: Unload, Delete, Disable NVIDIA Network Bus Enumerator Running C:\windows\system32\DRIVERS\nvnetbus.sys

Script: Quarantine, Delete, BC delete Extended Base

nvnforce

Driver: Unload, Delete, Disable Service for NVIDIA® nForce Audio Running C:\windows\system32\drivers\nvapu.sys

Script: Quarantine, Delete, BC delete

Rdbss

Driver: Unload, Delete, Disable Rdbss Running C:\windows\system32\DRIVERS\rdbss.sys

Script: Quarantine, Delete, BC delete Network

SpyFighter

Driver: Unload, Delete, Disable SpyFighter Guard Device Running C:\Program Files\SPYWAREfighter\spyfighter.sys

Script: Quarantine, Delete, BC delete

Srv

Driver: Unload, Delete, Disable Srv Running C:\windows\system32\DRIVERS\srv.sys

Script: Quarantine, Delete, BC delete Network

wanatw

Driver: Unload, Delete, Disable WAN Miniport (ATW) Running C:\windows\system32\DRIVERS\wanatw4.sys

Script: Quarantine, Delete, BC delete NDIS

wdmaud

Driver: Unload, Delete, Disable Microsoft WINMM WDM Audio Compatibility Driver Running C:\windows\system32\drivers\wdmaud.sys

Script: Quarantine, Delete, BC delete

Abiosdsk

Driver: Unload, Delete, Disable Abiosdsk Not started Abiosdsk.sys

Script: Quarantine, Delete, BC delete Primary disk

abp480n5

Driver: Unload, Delete, Disable abp480n5 Not started abp480n5.sys

Script: Quarantine, Delete, BC delete SCSI miniport

adpu160m

Driver: Unload, Delete, Disable adpu160m Not started adpu160m.sys

Script: Quarantine, Delete, BC delete SCSI miniport

aec

Driver: Unload, Delete, Disable Microsoft Kernel Acoustic Echo Canceller Not started C:\windows\system32\drivers\aec.sys

Script: Quarantine, Delete, BC delete

Aha154x

Driver: Unload, Delete, Disable Aha154x Not started Aha154x.sys

Script: Quarantine, Delete, BC delete SCSI miniport

aic78u2

Driver: Unload, Delete, Disable aic78u2 Not started aic78u2.sys

Script: Quarantine, Delete, BC delete SCSI miniport

aic78xx

Driver: Unload, Delete, Disable aic78xx Not started aic78xx.sys

Script: Quarantine, Delete, BC delete SCSI miniport

AliIde

Driver: Unload, Delete, Disable AliIde Not started AliIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

amsint

Driver: Unload, Delete, Disable amsint Not started amsint.sys

Script: Quarantine, Delete, BC delete SCSI miniport

asc

Driver: Unload, Delete, Disable asc Not started asc.sys

Script: Quarantine, Delete, BC delete SCSI miniport

asc3350p

Driver: Unload, Delete, Disable asc3350p Not started asc3350p.sys

Script: Quarantine, Delete, BC delete SCSI miniport

asc3550

Driver: Unload, Delete, Disable asc3550 Not started asc3550.sys

Script: Quarantine, Delete, BC delete SCSI miniport

Atdisk

Driver: Unload, Delete, Disable Atdisk Not started Atdisk.sys

Script: Quarantine, Delete, BC delete Primary disk

catchme

Driver: Unload, Delete, Disable catchme Not started C:\DOCUME~1\user\LOCALS~1\Temp\catchme.sys

Script: Quarantine, Delete, BC delete Base

cd20xrnt

Driver: Unload, Delete, Disable cd20xrnt Not started cd20xrnt.sys

Script: Quarantine, Delete, BC delete SCSI miniport

Changer

Driver: Unload, Delete, Disable Changer Not started Changer.sys

Script: Quarantine, Delete, BC delete Filter

CmdIde

Driver: Unload, Delete, Disable CmdIde Not started CmdIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

Cpqarray

Driver: Unload, Delete, Disable Cpqarray Not started Cpqarray.sys

Script: Quarantine, Delete, BC delete SCSI miniport

dac960nt

Driver: Unload, Delete, Disable dac960nt Not started dac960nt.sys

Script: Quarantine, Delete, BC delete SCSI miniport

dpti2o

Driver: Unload, Delete, Disable dpti2o Not started dpti2o.sys

Script: Quarantine, Delete, BC delete SCSI miniport

FXDRV

Driver: Unload, Delete, Disable FXDRV Not started D:\Fxdrv.sys

Script: Quarantine, Delete, BC delete

hpn

Driver: Unload, Delete, Disable hpn Not started hpn.sys

Script: Quarantine, Delete, BC delete SCSI miniport

i2omgmt

Driver: Unload, Delete, Disable i2omgmt Not started i2omgmt.sys

Script: Quarantine, Delete, BC delete SCSI Class

i2omp

Driver: Unload, Delete, Disable i2omp Not started i2omp.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ini910u

Driver: Unload, Delete, Disable ini910u Not started ini910u.sys

Script: Quarantine, Delete, BC delete SCSI miniport

IntelIde

Driver: Unload, Delete, Disable IntelIde Not started IntelIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

lbrtfdc

Driver: Unload, Delete, Disable lbrtfdc Not started lbrtfdc.sys

Script: Quarantine, Delete, BC delete System Bus Extender

mferkdk

Driver: Unload, Delete, Disable McAfee Inc. Not started C:\windows\system32\drivers\mferkdk.sys

Script: Quarantine, Delete, BC delete

mraid35x

Driver: Unload, Delete, Disable mraid35x Not started mraid35x.sys

Script: Quarantine, Delete, BC delete SCSI miniport

OmniUsb

Driver: Unload, Delete, Disable Ideazon USB Zboard Driver Not started C:\windows\system32\DRIVERS\OmniUsb.sys

Script: Quarantine, Delete, BC delete Keyboard Port

OmniUsbl

Driver: Unload, Delete, Disable Ideazon USBl Zboard Driver Not started C:\windows\system32\DRIVERS\OmniUsbl.sys

Script: Quarantine, Delete, BC delete Keyboard Port

PCIDump

Driver: Unload, Delete, Disable PCIDump Not started PCIDump.sys

Script: Quarantine, Delete, BC delete PCI Configuration

PDCOMP

Driver: Unload, Delete, Disable PDCOMP Not started PDCOMP.sys

Script: Quarantine, Delete, BC delete

PDFRAME

Driver: Unload, Delete, Disable PDFRAME Not started PDFRAME.sys

Script: Quarantine, Delete, BC delete

PDRELI

Driver: Unload, Delete, Disable PDRELI Not started PDRELI.sys

Script: Quarantine, Delete, BC delete

PDRFRAME

Driver: Unload, Delete, Disable PDRFRAME Not started PDRFRAME.sys

Script: Quarantine, Delete, BC delete

perc2

Driver: Unload, Delete, Disable perc2 Not started perc2.sys

Script: Quarantine, Delete, BC delete SCSI miniport

perc2hib

Driver: Unload, Delete, Disable perc2hib Not started perc2hib.sys

Script: Quarantine, Delete, BC delete Filter

ql1080

Driver: Unload, Delete, Disable ql1080 Not started ql1080.sys

Script: Quarantine, Delete, BC delete SCSI miniport

Ql10wnt

Driver: Unload, Delete, Disable Ql10wnt Not started Ql10wnt.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ql12160

Driver: Unload, Delete, Disable ql12160 Not started ql12160.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ql1240

Driver: Unload, Delete, Disable ql1240 Not started ql1240.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ql1280

Driver: Unload, Delete, Disable ql1280 Not started ql1280.sys

Script: Quarantine, Delete, BC delete SCSI miniport

RDPWD

Driver: Unload, Delete, Disable RDPWD Not started C:\windows\system32\Drivers\RDPWD.sys

Script: Quarantine, Delete, BC delete

Secdrv

Driver: Unload, Delete, Disable Secdrv Not started C:\windows\system32\DRIVERS\secdrv.sys

Script: Quarantine, Delete, BC delete

Simbad

Driver: Unload, Delete, Disable Simbad Not started Simbad.sys

Script: Quarantine, Delete, BC delete Filter

Sparrow

Driver: Unload, Delete, Disable Sparrow Not started Sparrow.sys

Script: Quarantine, Delete, BC delete SCSI miniport

splitter

Driver: Unload, Delete, Disable Microsoft Kernel Audio Splitter Not started C:\windows\system32\drivers\splitter.sys

Script: Quarantine, Delete, BC delete

sym_hi

Driver: Unload, Delete, Disable sym_hi Not started sym_hi.sys

Script: Quarantine, Delete, BC delete SCSI miniport

sym_u3

Driver: Unload, Delete, Disable sym_u3 Not started sym_u3.sys

Script: Quarantine, Delete, BC delete SCSI miniport

symc810

Driver: Unload, Delete, Disable symc810 Not started symc810.sys

Script: Quarantine, Delete, BC delete SCSI miniport

symc8xx

Driver: Unload, Delete, Disable symc8xx Not started symc8xx.sys

Script: Quarantine, Delete, BC delete SCSI miniport

TosIde

Driver: Unload, Delete, Disable TosIde Not started TosIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

ultra

Driver: Unload, Delete, Disable ultra Not started ultra.sys

Script: Quarantine, Delete, BC delete SCSI miniport

ViaIde

Driver: Unload, Delete, Disable ViaIde Not started ViaIde.sys

Script: Quarantine, Delete, BC delete System Bus Extender

WDICA

Driver: Unload, Delete, Disable WDICA Not started WDICA.sys

Script: Quarantine, Delete, BC delete

WudfPf

Driver: Unload, Delete, Disable Windows Driver Foundation - User-mode Driver Framework Platform Driver Not started C:\windows\system32\DRIVERS\WudfPf.sys

Script: Quarantine, Delete, BC delete base

Detected - 190, recognized as trusted - 113

 

Autoruns

File name Status Startup method Description

C:\Program Files\AOL 9.0b\AOL.EXE

Script: Quarantine, Delete, BC delete Active Registry key HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, AOL Fast Start

C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, hpqSRMon

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, NVMixerTray

C:\Program Files\SPYWAREfighter\spftray.exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Run, spywarefighterguard

C:\Program Files\Windows Media Player\WMPNSCFG.exe

Script: Quarantine, Delete, BC delete Active Registry key HKEY_CURRENT_USER, Software\Microsoft\Windows\CurrentVersion\Run, WMPNSCFG

C:\WINDOWS\system32\WPDShServiceObj.dll

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, WPDShServiceObj

C:\WINDOWS\system32\webcheck.dll

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, WebCheck

C:\windows\system32\SHELL32.dll

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, PostBootReminder

C:\windows\system32\SHELL32.dll

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad, CDBurn

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {438755C2-A8BA-11D1-B96B-00A0C90312E1}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, {8C7461EF-2B13-11d2-BE35-3078302C2030}

C:\windows\system32\dfrg.msc %c:

Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath,

C:\windows\system32\iedkcs32.dll

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}, DLLName

C:\windows\system32\iedkcs32.dll

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}, DLLName

C:\windows\system32\schannel.dll

Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Control\SecurityProviders, SecurityProviders

C:\windows\system32\shell32.dll

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks, {AEB6717E-7E19-11d0-97EE-00C04FD91972}

appmgmts.dll

Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}, DLLName

autocheck autochk *lsdelete

Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager, BootExecute

Autoruns items detected - 61, recognized as trusted - 43

 

Internet Explorer extension modules (BHOs, Toolbars ...)

File name Type Description Manufacturer CLSID

BHO {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

Delete

C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll

Script: Quarantine, Delete, BC delete BHO IntelligentAdvisor © {6548BF73-58FF-71D5-F97D-17C71E323709}

Delete

c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

Script: Quarantine, Delete, BC delete BHO VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. {7DB2D5A0-7241-4E79-B68D-6309F01C5231}

Delete

c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll

Script: Quarantine, Delete, BC delete Extension module VSCore Script Scanner Copyright© 1995-2007 McAfee, Inc. All Rights Reserved. CmdMapping

Delete

C:\windows\Network Diagnostic\xpnetdiag.exe

Script: Quarantine, Delete, BC delete Extension module Network Diagnostic for Windows XP © Microsoft Corporation. All rights reserved. {e2e2dd38-d088-4134-82b7-f2ba38496583}

Delete

C:\Program Files\Messenger\MSMSGS.EXE

Script: Quarantine, Delete, BC delete Extension module Messenger Copyright © Microsoft Corporation 1997-2003 {FB5F1910-F110-11d2-BB9E-00C04F795683}

Delete

Elements detected - 9, recognized as trusted - 3

 

Windows Explorer extension modules

File name Destination Description Manufacturer CLSID

Display Panning CPL Extension {42071714-76d4-11d1-8b24-00a0c9068ff3}

Shell extensions for file compression {764BF0E1-F219-11ce-972D-00AA00A14F56}

Encryption Context Menu {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete Set Program Access and Defaults Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}

C:\WINDOWS\system32\wuaucpl.cpl

Script: Quarantine, Delete, BC delete Auto Update Property Sheet Extension Automatic Updates Control Panel © Microsoft Corporation. All rights reserved. {5F327514-6C5E-4d60-8F16-D07FA08A78ED}

Taskbar and Start Menu {0DF44EAA-FF21-4412-828E-260A8728E7F1}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete Search Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete Help and Support Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete Help and Support Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete Run... Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete Internet Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete E-mail Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete Fonts Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {D20EA4E1-3957-11d2-A40B-0C5020524152}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete Administrative Tools Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {D20EA4E1-3957-11d2-A40B-0C5020524153}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Microsoft Internet Toolbar Shell Browser UI Library © Microsoft Corporation. All rights reserved. {5E6AB780-7743-11CF-A12B-00AA004AE837}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Download Status Shell Browser UI Library © Microsoft Corporation. All rights reserved. {22BF0C20-6DA7-11D0-B373-00A0C9034938}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Augmented Shell Folder Shell Browser UI Library © Microsoft Corporation. All rights reserved. {91EA3F8B-C99B-11d0-9815-00C04FD91972}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Augmented Shell Folder 2 Shell Browser UI Library © Microsoft Corporation. All rights reserved. {6413BA2C-B461-11d1-A18A-080036B11A03}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete BandProxy Shell Browser UI Library © Microsoft Corporation. All rights reserved. {F61FFEC1-754F-11d0-80CA-00AA005B4383}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Microsoft BrowserBand Shell Browser UI Library © Microsoft Corporation. All rights reserved. {7BA4C742-9E81-11CF-99D3-00AA004AE837}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Search Band Internet Explorer © Microsoft Corporation. All rights reserved. {30D02401-6A81-11d0-8274-00C04FD5AE38}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete In-pane search Shell Browser UI Library © Microsoft Corporation. All rights reserved. {169A0691-8DF9-11d1-A1C4-00C04FD75D13}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Web Search Shell Browser UI Library © Microsoft Corporation. All rights reserved. {07798131-AF23-11d1-9111-00A0C98BA67D}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Registry Tree Options Utility Shell Browser UI Library © Microsoft Corporation. All rights reserved. {AF4F6510-F982-11d0-8595-00AA004CD6D8}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete &Address Shell Browser UI Library © Microsoft Corporation. All rights reserved. {01E04581-4EEE-11d0-BFE9-00AA005B4383}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Address EditBox Shell Browser UI Library © Microsoft Corporation. All rights reserved. {A08C11D2-A228-11d0-825B-00AA005B4383}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Microsoft AutoComplete Shell Browser UI Library © Microsoft Corporation. All rights reserved. {00BB2763-6A77-11D0-A535-00C04FD7D062}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete TridentImageExtractor Shell Browser UI Library © Microsoft Corporation. All rights reserved. {7376D660-C583-11d0-A3A5-00C04FD706EC}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete MRU AutoComplete List Shell Browser UI Library © Microsoft Corporation. All rights reserved. {6756A641-DE71-11d0-831B-00AA005B4383}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Custom MRU AutoCompleted List Shell Browser UI Library © Microsoft Corporation. All rights reserved. {6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Accessible Shell Browser UI Library © Microsoft Corporation. All rights reserved. {7e653215-fa25-46bd-a339-34a2790f3cb7}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Track Popup Bar Shell Browser UI Library © Microsoft Corporation. All rights reserved. {acf35015-526e-4230-9596-becbe19f0ac9}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Microsoft History AutoComplete List Shell Browser UI Library © Microsoft Corporation. All rights reserved. {00BB2764-6A77-11D0-A535-00C04FD7D062}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Microsoft Shell Folder AutoComplete List Shell Browser UI Library © Microsoft Corporation. All rights reserved. {03C036F1-A186-11D0-824A-00AA005B4383}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Microsoft Multiple AutoComplete List Container Shell Browser UI Library © Microsoft Corporation. All rights reserved. {00BB2765-6A77-11D0-A535-00C04FD7D062}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Shell Band Site Menu Shell Browser UI Library © Microsoft Corporation. All rights reserved. {ECD4FC4E-521C-11D0-B792-00A0C90312E1}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Shell DeskBarApp Shell Browser UI Library © Microsoft Corporation. All rights reserved. {3CCF8A41-5C85-11d0-9796-00AA00B90ADF}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Shell DeskBar Shell Browser UI Library © Microsoft Corporation. All rights reserved. {ECD4FC4C-521C-11D0-B792-00A0C90312E1}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Shell Rebar BandSite Shell Browser UI Library © Microsoft Corporation. All rights reserved. {ECD4FC4D-521C-11D0-B792-00A0C90312E1}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete User Assist Shell Browser UI Library © Microsoft Corporation. All rights reserved. {DD313E04-FEFF-11d1-8ECD-0000F87A470C}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Global Folder Settings Shell Browser UI Library © Microsoft Corporation. All rights reserved. {EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete Favorites Band Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {EFA24E61-B078-11d0-89E4-00C04FC9E26E}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete Shell Automation Inproc Service Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {0A89A860-D7B1-11CE-8350-444553540000}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete Shell DocObject Viewer Internet Explorer © Microsoft Corporation. All rights reserved. {E7E4BC40-E76A-11CE-A9BB-00AA004AE837}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete Microsoft Browser Architecture Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {A5E46E3A-8849-11D1-9D8C-00C04FC99D61}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete InternetShortcut Internet Explorer © Microsoft Corporation. All rights reserved. {FBF23B40-E3F0-101B-8488-00AA003E56F8}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete Microsoft Url History Service Internet Explorer © Microsoft Corporation. All rights reserved. {3C374A40-BAE4-11CF-BF7D-00AA006946EE}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete History Internet Explorer © Microsoft Corporation. All rights reserved. {FF393560-C2A7-11CF-BFF4-444553540000}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete Temporary Internet Files Internet Explorer © Microsoft Corporation. All rights reserved. {7BD29E00-76C1-11CF-9DD0-00A0C9034933}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete Temporary Internet Files Internet Explorer © Microsoft Corporation. All rights reserved. {7BD29E01-76C1-11CF-9DD0-00A0C9034933}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete Microsoft Url Search Hook Internet Explorer © Microsoft Corporation. All rights reserved. {CFBFAE00-17A6-11D0-99CB-00C04FD64497}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete IE4 Suite Splash Screen Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete CDF Extension Copy Hook Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {67EA19A0-CCEF-11d0-8024-00C04FD75D13}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete ISFBand OC Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {131A6951-7F78-11D0-A979-00C04FD705A2}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete Search Assistant OC Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {9461b922-3c5a-11d2-bf8b-00c04fb93661}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete The Internet Internet Explorer © Microsoft Corporation. All rights reserved. {3DC7A020-0ACD-11CF-A9BB-00AA004AE837}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete Internet Name Space Internet Explorer © Microsoft Corporation. All rights reserved. {871C5380-42A0-1069-A2EA-08002B30309D}

C:\windows\system32\shdocvw.dll

Script: Quarantine, Delete, BC delete Explorer Band Shell Doc Object and Control Library © Microsoft Corporation. All rights reserved. {EFA24E64-B078-11d0-89E4-00C04FC9E26E}

C:\WINDOWS\system32\occache.dll

Script: Quarantine, Delete, BC delete ActiveX Cache Folder Object Control Viewer © Microsoft Corporation. All rights reserved. {88C6C381-2E85-11D0-94DE-444553540000}

C:\WINDOWS\system32\webcheck.dll

Script: Quarantine, Delete, BC delete WebCheck Web Site Monitor © Microsoft Corporation. All rights reserved. {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

C:\WINDOWS\system32\webcheck.dll

Script: Quarantine, Delete, BC delete Subscription Mgr Web Site Monitor © Microsoft Corporation. All rights reserved. {ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}

C:\WINDOWS\system32\webcheck.dll

Script: Quarantine, Delete, BC delete Subscription Folder Web Site Monitor © Microsoft Corporation. All rights reserved. {F5175861-2688-11d0-9C5E-00AA00A45957}

C:\WINDOWS\system32\webcheck.dll

Script: Quarantine, Delete, BC delete WebCheckWebCrawler Web Site Monitor © Microsoft Corporation. All rights reserved. {08165EA0-E946-11CF-9C87-00AA005127ED}

C:\windows\system32\webcheck.dll

Script: Quarantine, Delete, BC delete WebCheckChannelAgent Web Site Monitor © Microsoft Corporation. All rights reserved. {E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}

C:\windows\system32\webcheck.dll

Script: Quarantine, Delete, BC delete TrayAgent Web Site Monitor © Microsoft Corporation. All rights reserved. {E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}

C:\WINDOWS\system32\webcheck.dll

Script: Quarantine, Delete, BC delete Code Download Agent Web Site Monitor © Microsoft Corporation. All rights reserved. {7D559C10-9FE9-11d0-93F7-00AA0059CE02}

C:\windows\system32\webcheck.dll

Script: Quarantine, Delete, BC delete ConnectionAgent Web Site Monitor © Microsoft Corporation. All rights reserved. {E6CC6978-6B6E-11D0-BECA-00C04FD940BE}

C:\windows\system32\webcheck.dll

Script: Quarantine, Delete, BC delete PostAgent Web Site Monitor © Microsoft Corporation. All rights reserved. {D8BD2030-6FC9-11D0-864F-00AA006809D9}

C:\WINDOWS\system32\webcheck.dll

Script: Quarantine, Delete, BC delete WebCheck SyncMgr Handler Web Site Monitor © Microsoft Corporation. All rights reserved. {7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}

rundll32.exe C:\windows\system32\shimgvw.dll,ImageView_COMServer {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}

Script: Quarantine, Delete, BC delete Autoplay for SlideShow {00E7B358-F65B-4dcf-83DF-CD026B94BFD4}

User Accounts {7A9D77BD-5403-11d2-8785-2E0420524153}

C:\WINDOWS\system32\extmgr.dll

Script: Quarantine, Delete, BC delete Extensions Manager Folder Extensions Manager © Microsoft Corporation. All rights reserved. {692F0339-CBAA-47e6-B5B5-3B84DB604E87}

C:\WINDOWS\system32\wmpshell.dll

Script: Quarantine, Delete, BC delete Windows Media Player Burn Audio CD Context Menu Handler Windows Media Player Launcher © Microsoft Corporation. All rights reserved. {8DD448E6-C188-4aed-AF92-44956194EB1F}

C:\WINDOWS\system32\wmpshell.dll

Script: Quarantine, Delete, BC delete Windows Media Player Play as Playlist Context Menu Handler Windows Media Player Launcher © Microsoft Corporation. All rights reserved. {CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}

C:\WINDOWS\system32\wmpshell.dll

Script: Quarantine, Delete, BC delete Windows Media Player Add to Playlist Context Menu Handler Windows Media Player Launcher © Microsoft Corporation. All rights reserved. {F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}

C:\windows\system32\browseui.dll

Script: Quarantine, Delete, BC delete Shell Search Band Shell Browser UI Library © Microsoft Corporation. All rights reserved. {21569614-B795-46b1-85F4-E737A8DC09AD}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Microsoft BrowserBand Internet Explorer © Microsoft Corporation. All rights reserved. {07C45BB1-4A8C-4642-A1F5-237E7215FF66}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Fade Task Internet Explorer © Microsoft Corporation. All rights reserved. {1C1EDB47-CE22-4bbb-B608-77B48F83C823}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Menu Desk Bar Internet Explorer © Microsoft Corporation. All rights reserved. {205D7A97-F16D-4691-86EF-F3075DCCA57D}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE AutoComplete Internet Explorer © Microsoft Corporation. All rights reserved. {3028902F-6374-48b2-8DC6-9725E775B926}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Navigation Bar Internet Explorer © Microsoft Corporation. All rights reserved. {43886CD5-6529-41c4-A707-7B3C92C05E68}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Menu Site Internet Explorer © Microsoft Corporation. All rights reserved. {44C76ECD-F7FA-411c-9929-1B77BA77F524}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Menu Band Internet Explorer © Microsoft Corporation. All rights reserved. {4B78D326-D922-44f9-AF2A-07805C2A3560}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Microsoft History AutoComplete List Internet Explorer © Microsoft Corporation. All rights reserved. {6038EF75-ABFC-4e59-AB6F-12D397F6568D}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Tracking Shell Menu Internet Explorer © Microsoft Corporation. All rights reserved. {6B4ECC4F-16D1-4474-94AB-5A763F2A54AE}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE IShellFolderBand Internet Explorer © Microsoft Corporation. All rights reserved. {6CF48EF8-44CD-45d2-8832-A16EA016311B}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE BandProxy Internet Explorer © Microsoft Corporation. All rights reserved. {73CFD649-CD48-4fd8-A272-2070EA56526B}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE MRU AutoComplete List Internet Explorer © Microsoft Corporation. All rights reserved. {98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE RSS Feeder Folder Internet Explorer © Microsoft Corporation. All rights reserved. {9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Microsoft Shell Folder AutoComplete List Internet Explorer © Microsoft Corporation. All rights reserved. {9D958C62-3954-4b44-8FAB-C4670C1DB4C2}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Microsoft Multiple AutoComplete List Container Internet Explorer © Microsoft Corporation. All rights reserved. {B31C5FAE-961F-415b-BAF0-E697A5178B94}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete Microsoft Browser Architecture Internet Explorer © Microsoft Corporation. All rights reserved. {BC476F4C-D9D7-4100-8D4E-E043F6DEC409}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Shell Rebar BandSite Internet Explorer © Microsoft Corporation. All rights reserved. {BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Shell Band Site Menu Internet Explorer © Microsoft Corporation. All rights reserved. {E6EE9AAC-F76B-4947-8260-A9F136138E11}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete &Links Internet Explorer © Microsoft Corporation. All rights reserved. {F2CF5485-4E02-4f68-819C-B92DE9277049}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Registry Tree Options Utility Internet Explorer © Microsoft Corporation. All rights reserved. {F83DAC1C-9BB9-4f2b-B619-09819DA81B0E}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE User Assist Internet Explorer © Microsoft Corporation. All rights reserved. {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75}

C:\WINDOWS\system32\ieframe.dll

Script: Quarantine, Delete, BC delete IE Custom MRU AutoCompleted List Internet Explorer © Microsoft Corporation. All rights reserved. {FDE7673D-2E19-4145-8376-BBD58C4BC7BA}

C:\windows\system32\wpdshext.dll

Script: Quarantine, Delete, BC delete Portable Devices Portable Devices Shell Extension © Microsoft Corporation. All rights reserved. {35786D3C-B075-49b9-88DD-029876E11C01}

C:\windows\system32\wpdshext.dll

Script: Quarantine, Delete, BC delete Portable Devices Menu Portable Devices Shell Extension © Microsoft Corporation. All rights reserved. {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}

C:\windows\system32\Audiodev.dll

Script: Quarantine, Delete, BC delete Portable Media Devices Portable Media Devices Shell Extension Copyright © Microsoft Corporation. All rights reserved. {640167b4-59b0-47a6-b335-a6b3c0695aea}

C:\WINDOWS\system32\mscoree.dll

Script: Quarantine, Delete, BC delete Fusion Cache Microsoft .NET Runtime Execution Engine © Microsoft Corporation. All rights reserved. {1D2680C9-0E2A-469d-B787-065558BC7D43}

Elements detected - 204, recognized as trusted - 102

 

Print system extensions (print monitors, providers)

File name Type Name Description Manufacturer

C:\windows\system32\hpz3l463.dll

Script: Quarantine, Delete, BC delete Monitor PCL hpz3l463 LanguageMonitor Copyright © 1999

C:\windows\system32\hpz3l4pi.dll

Script: Quarantine, Delete, BC delete Monitor PCL hpz3l4pi LanguageMonitor Copyright © 1999

Elements detected - 9, recognized as trusted - 7

 

Task Scheduler jobs

File name Job name Job status Description Manufacturer

c:\PROGRA~1\mcafee\mqc\QcConsol.exe

Script: Quarantine, Delete, BC delete McDefragTask.job The task is ready to run at its next scheduled time. QuickClean Console Application Copyright © 2006 McAfee, Inc.

c:\PROGRA~1\mcafee\mqc\QcConsol.exe

Script: Quarantine, Delete, BC delete McQcTask.job The task has not yet run. QuickClean Console Application Copyright © 2006 McAfee, Inc.

C:\Program Files\RegCure\RegCure.exe

Script: Quarantine, Delete, BC delete RegCure Program Check.job The task is ready to run at its next scheduled time. RegCure Application Copyright © 2006

C:\Program Files\RegCure\RegCure.exe

Script: Quarantine, Delete, BC delete RegCure.job The task is ready to run at its next scheduled time. RegCure Application Copyright © 2006

C:\Program Files\SpywareBot\SpywareBot.exe

Script: Quarantine, Delete, BC delete SpywareBot Scheduled Scan.job The task has not yet run.

Elements detected - 5, recognized as trusted - 0

 

SPI/LSP settings

Namespace providers (NSP) Manufacturer Status Exe file Description GUID

Detected - 3, recognized as trusted - 3

Transport protocol providers (TSP, LSP) Manufacturer Exe file Description

Detected - 21, recognized as trusted - 21

Automatic SPI settings check results LSP settings checked. No errors detected

 

 

TCP/UDP ports

Port Status Remote Host Remote Port Application Notes

TCP ports

135 LISTENING 0.0.0.0 22715 [1076] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

139 LISTENING 0.0.0.0 26854 [4] System

Script: Quarantine, Delete, BC delete, Terminate

445 LISTENING 0.0.0.0 38948 [4] System

Script: Quarantine, Delete, BC delete, Terminate

1033 LISTENING 0.0.0.0 2112 [2932] c:\windows\system32\alg.exe

Script: Quarantine, Delete, BC delete, Terminate

6646 LISTENING 0.0.0.0 14552 [124] c:\progra~1\common~1\mcafee\mna\mcnasvc.exe

Script: Quarantine, Delete, BC delete, Terminate

UDP ports

123 LISTENING -- -- [1112] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

123 LISTENING -- -- [1112] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

137 LISTENING -- -- [4] System

Script: Quarantine, Delete, BC delete, Terminate

138 LISTENING -- -- [4] System

Script: Quarantine, Delete, BC delete, Terminate

445 LISTENING -- -- [4] System

Script: Quarantine, Delete, BC delete, Terminate

500 LISTENING -- -- [848] c:\windows\system32\lsass.exe

Script: Quarantine, Delete, BC delete, Terminate

1026 LISTENING -- -- [1160] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

1056 LISTENING -- -- [1812] c:\program files\common files\aol\acs\aolacsd.exe

Script: Quarantine, Delete, BC delete, Terminate

1900 LISTENING -- -- [1304] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

1900 LISTENING -- -- [1304] c:\windows\system32\svchost.exe

Script: Quarantine, Delete, BC delete, Terminate

4500 LISTENING -- -- [848] c:\windows\system32\lsass.exe

Script: Quarantine, Delete, BC delete, Terminate

6646 LISTENING -- -- [124] c:\progra~1\common~1\mcafee\mna\mcnasvc.exe

Script: Quarantine, Delete, BC delete, Terminate

 

Downloaded Program Files (DPF)

File name Description Manufacturer CLSID Source URL

C:\WINDOWS\Downloaded Program Files\fscax.dll

Script: Quarantine, Delete, BC delete fscax module © 2005-2006 F-Secure Corporation. All rights reserved. {0B79F48A-E8D6-11DB-9283-E25056D89593}

Delete http://support.f-secure.com/ols/fscax.cab

Elements detected - 5, recognized as trusted - 4

 

Control Panel Applets (CPL)

File name Description Manufacturer

C:\windows\system32\inetcpl.cpl

Script: Quarantine, Delete, BC delete Internet Control Panel © Microsoft Corporation. All rights reserved.

C:\windows\system32\wuaucpl.cpl

Script: Quarantine, Delete, BC delete Automatic Updates Control Panel © Microsoft Corporation. All rights reserved.

Elements detected - 25, recognized as trusted - 23

 

Active Setup

File name Description Manufacturer CLSID

C:\WINDOWS\system32\ieudinit.exe

Script: Quarantine, Delete, BC delete IE Per User Active Setup Uninstall Utility © Microsoft Corporation. All rights reserved. <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}

C:\WINDOWS\inf\unregmp2.exe

Script: Quarantine, Delete, BC delete Microsoft Windows Media Player Setup Utility © Microsoft Corporation. All rights reserved. >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}

C:\WINDOWS\system32\ie4uinit.exe

Script: Quarantine, Delete, BC delete IE Per-User Initialization Utility © Microsoft Corporation. All rights reserved. >{26923b43-4d38-484f-9b9e-de460746276c}

C:\windows\system32\IEDKCS32.DLL

Script: Quarantine, Delete, BC delete IEAK branding © Microsoft Corporation. All rights reserved. >{60B49E34-C7CC-11D0-8953-00A0C90347FF}

C:\windows\system32\IEDKCS32.DLL

Script: Quarantine, Delete, BC delete IEAK branding © Microsoft Corporation. All rights reserved. >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS

C:\windows\system32\advpack.dll

Script: Quarantine, Delete, BC delete ADVPACK © Microsoft Corporation. All rights reserved. {44BBA842-CC51-11CF-AAFA-00AA00B6015B}

C:\windows\system32\advpack.dll

Script: Quarantine, Delete, BC delete ADVPACK © Microsoft Corporation. All rights reserved. {5945c046-1e7d-11d1-bc44-00c04fd912be}

C:\windows\system32\advpack.dll

Script: Quarantine, Delete, BC delete ADVPACK © Microsoft Corporation. All rights reserved. {6BF52A52-394A-11d3-B153-00C04F79FAA6}

C:\WINDOWS\system32\ie4uinit.exe

Script: Quarantine, Delete, BC delete IE Per-User Initialization Utility © Microsoft Corporation. All rights reserved. {89820200-ECBD-11cf-8B85-00AA005B4383}

Elements detected - 15, recognized as trusted - 6

 

HOSTS file

Hosts file record

127.0.0.1 localhost

 

 

 

Protocols and handlers

File name Type Description Manufacturer CLSID

mscoree.dll

Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

mscoree.dll

Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

mscoree.dll

Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}

C:\windows\system32\urlmon.dll

Script: Quarantine, Delete, BC delete Protocol OLE32 Extensions for Win32 (AP Class Install Handler filter) © Microsoft Corporation. All rights reserved. {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}

C:\windows\system32\urlmon.dll

Script: Quarantine, Delete, BC delete Protocol OLE32 Extensions for Win32 (AP Deflate Encoding/Decoding Filter) © Microsoft Corporation. All rights reserved. {8f6b0360-b80d-11d0-a9b3-006097942311}

C:\windows\system32\urlmon.dll

Script: Quarantine, Delete, BC delete Protocol OLE32 Extensions for Win32 (AP GZIP Encoding/Decoding Filter) © Microsoft Corporation. All rights reserved. {8f6b0360-b80d-11d0-a9b3-006097942311}

C:\windows\system32\urlmon.dll

Script: Quarantine, Delete, BC delete Protocol OLE32 Extensions for Win32 (AP lzdhtml encoding/decoding Filter) © Microsoft Corporation. All rights reserved. {8f6b0360-b80d-11d0-a9b3-006097942311}

C:\windows\system32\SHELL32.dll

Script: Quarantine, Delete, BC delete Protocol Windows Shell Common Dll (WebView MIME Filter) © Microsoft Corporation. All rights reserved. {733AC4CB-F1A4-11d0-B951-00A0C90312E1}

C:\WINDOWS\system32\mshtml.dll

Script: Quarantine, Delete, BC delete Handler Microsoft ® HTML Viewer () © Microsoft Corporation. All rights reserved. {3050F406-98B5-11CF-BB82-00AA00BDCE0B}

C:\windows\system32\urlmon.dll

Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (CDL: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {3dd53d40-7b8b-11D0-b013-00aa0059ce02}

C:\windows\system32\urlmon.dll

Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (file:, local: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {79eac9e7-baf9-11ce-8c82-00aa004ba90b}

C:\windows\system32\urlmon.dll

Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (ftp: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {79eac9e3-baf9-11ce-8c82-00aa004ba90b}

C:\windows\system32\urlmon.dll

Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (gopher: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {79eac9e4-baf9-11ce-8c82-00aa004ba90b}

C:\windows\system32\urlmon.dll

Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (http: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {79eac9e2-baf9-11ce-8c82-00aa004ba90b}

C:\windows\system32\urlmon.dll

Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (https: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {79eac9e5-baf9-11ce-8c82-00aa004ba90b}

C:\WINDOWS\system32\mshtml.dll

Script: Quarantine, Delete, BC delete Handler Microsoft ® HTML Viewer () © Microsoft Corporation. All rights reserved. {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}

C:\windows\system32\urlmon.dll

Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (file:, local: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {79eac9e7-baf9-11ce-8c82-00aa004ba90b}

C:\WINDOWS\system32\mshtml.dll

Script: Quarantine, Delete, BC delete Handler Microsoft ® HTML Viewer () © Microsoft Corporation. All rights reserved. {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}

C:\windows\system32\inetcomm.dll

Script: Quarantine, Delete, BC delete Handler Microsoft Internet Messaging API (MHTML Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {05300401-BCBC-11d0-85E3-00C04FD85AB4}

C:\windows\system32\urlmon.dll

Script: Quarantine, Delete, BC delete Handler OLE32 Extensions for Win32 (mk: Asychronous Pluggable Protocol Handler) © Microsoft Corporation. All rights reserved. {79eac9e6-baf9-11ce-8c82-00aa004ba90b}

C:\WINDOWS\system32\mshtml.dll

Script: Quarantine, Delete, BC delete Handler Microsoft ® HTML Viewer () © Microsoft Corporation. All rights reserved. {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}

C:\windows\system32\mshtml.dll

Script: Quarantine, Delete, BC delete Handler Microsoft ® HTML Viewer () © Microsoft Corporation. All rights reserved. {76E67A63-06E9-11D2-A840-006008059382}

C:\WINDOWS\system32\mshtml.dll

Script: Quarantine, Delete, BC delete Handler Microsoft ® HTML Viewer () © Microsoft Corporation. All rights reserved. {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}

Elements detected - 28, recognized as trusted - 5

 

Suspicious objects

File Description Type

C:\windows\system32\drivers\mfehidk.sys

Script: Quarantine, Delete, BC delete Suspicion for Rootkit Kernel-mode hook

C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe

Script: Quarantine, Delete, BC delete Suspicion by File scanner Suspicion for Backdoor.Win32.JustJoke.26.a ( 07EF7DDB 05203645 00241305 0018D5B8 466944)

C:\windows\system32\iertutil.dll

Script: Quarantine, Delete, BC delete Suspicion for Keylogger Suspicion for a Keylogger or Trojan DLL

 

 

--------------------------------------------------------------------------------

 

AVZ Antiviral Toolkit log; AVZ version is 4.29

Scanning started at 12/24/2007 10:07:50 PM

Database loaded: signatures - 140626, NN profile(s) - 2, microprograms of healing - 55, signature database released 23.12.2007 19:45

Heuristic microprograms loaded: 371

SPV microprograms loaded: 9

Digital signatures of system files loaded: 68055

Heuristic analyzer mode: Maximum heuristics level

Healing mode: enabled

Windows version: 5.1.2600, Service Pack 2 ; AVZ is launched with administrator rights

System Recovery: enabled

1. Searching for Rootkits and programs intercepting API functions

1.1 Searching for user-mode API hooks

Analysis: kernel32.dll, export table found in section .text

Analysis: ntdll.dll, export table found in section .text

Analysis: user32.dll, export table found in section .text

Analysis: advapi32.dll, export table found in section .text

Analysis: ws2_32.dll, export table found in section .text

Analysis: wininet.dll, export table found in section .text

Analysis: rasapi32.dll, export table found in section .text

Analysis: urlmon.dll, export table found in section .text

Analysis: netapi32.dll, export table found in section .text

1.2 Searching for kernel-mode API hooks

Driver loaded successfully

SDT found (RVA=07B380)

Kernel ntkrnlpa.exe found in memory at address 804D7000

SDT = 80552380

KiST = 805011FC (284)

Function NtCreateFile (25) - machine code modification Method of JmpTo. jmp B9D1F7CF\SystemRoot\system32\drivers\mfehidk.sys

>>> Function recovered successfully !

Function NtCreateKey (29) - machine code modification Method of JmpTo. jmp B9D1F74F\SystemRoot\system32\drivers\mfehidk.sys

>>> Function recovered successfully !

Function NtCreateProcess (2F) - machine code modification Method of JmpTo. jmp B9D1F7F9\SystemRoot\system32\drivers\mfehidk.sys

>>> Function recovered successfully !

Function NtDeleteKey (3F) - machine code modification Method of JmpTo. jmp B9D1F763\SystemRoot\system32\drivers\mfehidk.sys

>>> Function recovered successfully !

Function NtDeleteValueKey (41) - machine code modification Method of JmpTo. jmp B9D1F78F\SystemRoot\system32\drivers\mfehidk.sys

>>> Function recovered successfully !

Function NtMapViewOfSection (6C) - machine code modification Method of JmpTo. jmp B9D1F823\SystemRoot\system32\drivers\mfehidk.sys

>>> Function recovered successfully !

Function NtOpenKey (77) - machine code modification Method of JmpTo. jmp B9D1F73B\SystemRoot\system32\drivers\mfehidk.sys

>>> Function recovered successfully !

Function NtProtectVirtualMemory (89) - machine code modification Method of JmpTo. jmp B9D1F7E3\SystemRoot\system32\drivers\mfehidk.sys

>>> Function recovered successfully !

Function NtRenameKey (C0) - machine code modification Method of JmpTo. jmp B9D1F779\SystemRoot\system32\drivers\mfehidk.sys

>>> Function recovered successfully !

Function NtSetValueKey (F7) - machine code modification Method of JmpTo. jmp B9D1F7A5\SystemRoot\system32\drivers\mfehidk.sys

>>> Function recovered successfully !

Function NtTerminateProcess (101) - machine code modification Method of JmpTo. jmp B9D1F7BB\SystemRoot\system32\drivers\mfehidk.sys

>>> Function recovered successfully !

Function NtUnmapViewOfSection (10B) - machine code modification Method of JmpTo. jmp B9D1F839\SystemRoot\system32\drivers\mfehidk.sys

>>> Function recovered successfully !

Function NtYieldExecution (116) - machine code modification Method of JmpTo. jmp B9D1F80D\SystemRoot\system32\drivers\mfehidk.sys

>>> Function recovered successfully !

Functions checked: 284, intercepted: 0, restored: 13

1.3 Checking IDT and SYSENTER

Analysis for CPU 1

Checking IDT and SYSENTER - complete

1.4 Searching for masking processes and drivers

Checking not performed: the extended monitoring driver (AVZPM) is not installed

2. Scanning memory

Number of processes found: 46

Analyzer - the process under analysis is 1812 C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer - the process under analysis is 1952 C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer - the process under analysis is 2028 C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 188 C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 204 C:\PROGRA~1\McAfee\MSC\mcpromgr.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 228 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 312 c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe

[ES]:Application has no visible windows

Analyzer - the process under analysis is 408 C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 492 C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 620 C:\Program Files\McAfee\MPF\MPFSrv.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 1476 c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 2312 C:\PROGRA~1\McAfee\MPS\mps.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

Analyzer - the process under analysis is 2632 C:\Program Files\SPYWAREfighter\spftray.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer - the process under analysis is 2648 C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe

[ES]:Application has no visible windows

[ES]:Registered in autoruns !!

Analyzer - the process under analysis is 3500 C:\Program Files\McAfee\MPS\mpsevh.exe

[ES]:Application has no visible windows

Analyzer - the process under analysis is 2936 C:\Program Files\SPYWAREfighter\spfprc.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer - the process under analysis is 3140 C:\Program Files\Common Files\AOL\1175982866\ee\aolsoftware.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Analyzer - the process under analysis is 1436 C:\Program Files\AOL 9.0b\waol.exe

[ES]:Contains network functionality

[ES]:Application has no visible windows

[ES]:Loads RASAPI DLL - may use dialing ?

Process c:\program files\aol 9.0b\waol.exe Contains network functionality (comm.dll)

Analyzer - the process under analysis is 3320 C:\Program Files\AOL 9.0b\shellmon.exe

[ES]:Application has no visible windows

Number of modules loaded: 399

Memory checking - complete

3. Scanning disks

Direct reading C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp

C:\Program Files\IC\Card Reader Driver v1.9e\Disk_Monitor.exe >>> suspicion for Backdoor.Win32.JustJoke.26.a ( 07EF7DDB 05203645 00241305 0018D5B8 466944)

4. Checking Winsock Layered Service Provider (SPI/LSP)

LSP settings checked. No errors detected

5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)

C:\windows\system32\iertutil.dll --> Suspicion for a Keylogger or Trojan DLL

C:\windows\system32\iertutil.dll>>> Behavioral analysis:

Behaviour typical for keyloggers not detected

Note: Do NOT delete suspicious files, send them for analysis (see FAQ for more details), because there are lots of useful hooking DLLs

6. Searching for opened TCP/UDP ports used by malicious programs

Checking disabled by user

7. Heuristic system check

Checking complete

8. Searching for vulnerabilities

>> Services: potentially dangerous service allowed TermService (Terminal Services)

>> Services: potentially dangerous service allowed SSDPSRV (SSDP Discovery Service)

>> Services: potentially dangerous service allowed Schedule (Task Scheduler)

>> Services: potentially dangerous service allowed mnmsrvc (NetMeeting Remote Desktop Sharing)

>> Services: potentially dangerous service allowed RDSessMgr (Remote Desktop Help Session Manager)

> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!

>> Security: disk drives' autorun is enabled

>> Security: administrative shares (C$, D$ ...) are enabled

>> Security: anonymous user access is enabled

>> Security: sending Remote Assistant queries is enabled

Checking complete

9. Troubleshooting wizard

Checking complete

Files scanned: 70165, extracted from archives: 45500, malicious programs found 0, suspicions - 1

Scanning finished at 12/24/2007 10:30:06 PM

!!! Attention !!! Recovered 13 KiST functions during Anti-Rootkit operation

This may affect execution of several programs, so it is strongly recommended to reboot

Time of scanning: 00:22:19

If you have a suspicion on presence of viruses or questions on the suspected objects,

you can address http://virusinfo.info conference

Creating archive of files from Quarantine

Creating archive of files from Quarantine - complete

System Analysis in progress

 

Script commands

Add commands to script:Blocking hooks using Anti-RootkitEnable AVZGuardBootCleaner - import list of deleted filesRegistry cleanup after deleting filesBootCleaner - activateRebootInsert template for QuarantineFile() - quarantining fileInsert template for BC_QrFile() - quarantining file via

BootCleanerInsert template for DeleteFile() - deleting fileInsert template for DelCLSID() - deleting CLSID item from the registryAdditional operations:Performance tweaking: disable service TermService (Terminal Services)Performance tweaking: disable service SSDPSRV (SSDP Discovery Service)Performance tweaking: disable service Schedule (Task Scheduler)Performance tweaking: disable service mnmsrvc (NetMeeting Remote Desktop Sharing)Performance tweaking: disable service RDSessMgr (Remote Desktop Help Session Manager)Security tweaking: disable disk drives' autorunSecurity tweaking: disable administrative sharesSecurity tweaking: disable anonymous user accessSecurity: disable sending Remote Assistant queries--------------------------------------------------------------------------------

File list

Edited by LS CalamityJane
invalid url removed

Share this post


Link to post
Share on other sites

Hi.justjoy

 

Hm not much here and still with the pop-ups.

 

Now download The Avenger

by Swandog46, and save it to your Desktop.

 

Extract avenger.exe from the Zip file and save it to your desktop

Run avenger.exe by double-clicking on it.

Check the 'Input script manually' box.

Click on the magnifying glass icon.

Copy everything in the Quote box below, and paste it in the box that opens:

 

Files to delete:

C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp

 

Now click the 'Done' button.

Click on the traffic light icon and OK the prompt.

You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it yourself.

A log file from Avenger will be produced at C:\avenger.txt

 

============================

 

Are be looking up some info see what this thing is.

 

Gogo :blink:

Share this post


Link to post
Share on other sites

Hello,

On reboot I got a DOS error message....C:\windows\system32\cnd.exe could not find c:\avenger\*.reg

 

and a windows error of no disk

exception processing message c0000013 parameters 75b6bf9c 4....

 

here is the txt file

 

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\vgiqqltu

 

*******************

 

Script file located at: \??\C:\jhujuidt.txt

Script file opened successfully.

 

Script file read successfully

 

Backups directory opened successfully at C:\Avenger

 

*******************

 

Beginning to process script file:

 

File C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR2.tmp deleted successfully.

 

Completed script processing.

 

*******************

 

Finished! Terminate.

 

Joy

Share this post


Link to post
Share on other sites
Sign in to follow this