[code] OTScanIt logfile created on: 31/05/2008 17:14:18 OTScanIt by OldTimer - Version 1.0.15.8 Folder = C:\Documents and Settings\Mum\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 511.48 Mb Total Physical Memory | 165.17 Mb Available Physical Memory | 32.29% Memory free 1.22 Gb Paging File | 0.91 Gb Available in Paging File | 74.72% Paging File free Paging file location(s): c:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 141.35 Gb Total Space | 125.55 Gb Free Space | 88.82% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MORDECAI Current User Name: Mum Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] acs.exe -> %SystemRoot%\system32\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 06/04/2005 11:56:22 | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1080 | Size = 1174152 bytes | Modified Date = 23/06/2007 20:46:54 | Attr = ] winlogon.exe -> %UserProfile%\Local Settings\Application Data\winlogon.exe -> [Ver = | Size = 41385 bytes | Modified Date = 15/06/2007 09:34:40 | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.2.0.34 | Size = 257088 bytes | Modified Date = 26/05/2007 12:45:54 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:35 | Attr = ] searchprotection.exe -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 08/06/2007 15:59:38 | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 11/12/2007 11:56:54 | Attr = ] services.exe -> %UserProfile%\Local Settings\Application Data\services.exe -> [Ver = | Size = 41385 bytes | Modified Date = 15/06/2007 09:34:40 | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.34 | Size = 501312 bytes | Modified Date = 26/05/2007 12:45:46 | Attr = ] lsass.exe -> %UserProfile%\Local Settings\Application Data\lsass.exe -> [Ver = | Size = 41385 bytes | Modified Date = 15/06/2007 09:34:40 | Attr = ] ares.exe -> %ProgramFiles%\Ares\Ares.exe -> Ares Development Group [Ver = 2.0.9.3030 | Size = 961536 bytes | Modified Date = 16/07/2007 22:54:38 | Attr = ] quickdcf.exe -> %ProgramFiles%\FinePixViewer\QuickDCF.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 3, 0, 0, 0 | Size = 200704 bytes | Modified Date = 09/01/2002 21:53:14 | Attr = ] wlancfg5.exe -> %ProgramFiles%\NETGEAR\WG311T\wlancfg5.exe -> [Ver = 4, 2, 14, 306 | Size = 1486848 bytes | Modified Date = 22/02/2006 11:59:32 | Attr = ] wpn111.exe -> %ProgramFiles%\NETGEAR\WPN111\wpn111.exe -> NETGEAR [Ver = 1, 1, 0, 8 | Size = 884838 bytes | Modified Date = 26/01/2005 15:15:16 | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.2.0.34 | Size = 257088 bytes | Modified Date = 26/05/2007 12:45:54 | Attr = ] winlogon.exe -> %SystemDrive%\Documents and Settings\NetworkService\Local Settings\Application Data\winlogon.exe -> [Ver = | Size = 41385 bytes | Modified Date = 15/06/2007 09:34:40 | Attr = ] services.exe -> %SystemDrive%\Documents and Settings\NetworkService\Local Settings\Application Data\services.exe -> [Ver = | Size = 41385 bytes | Modified Date = 15/06/2007 09:34:40 | Attr = ] wlancfg5.exe -> %ProgramFiles%\NETGEAR\WG311T\wlancfg5.exe -> [Ver = 4, 2, 14, 306 | Size = 1486848 bytes | Modified Date = 22/02/2006 11:59:32 | Attr = ] lsass.exe -> %SystemDrive%\Documents and Settings\NetworkService\Local Settings\Application Data\lsass.exe -> [Ver = | Size = 41385 bytes | Modified Date = 15/06/2007 09:34:40 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.8 | Size = 375296 bytes | Modified Date = 30/05/2008 22:29:08 | Attr = ] [Win32 Services - Non-Microsoft Only] (ACS) Atheros Configuration Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\acs.exe -> [Ver = | Size = 36864 bytes | Modified Date = 06/04/2005 11:56:22 | Attr = ] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 03/06/2005 01:13:38 | Attr = ] (AresChatServer) Ares Chatroom server [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\Documents and Settings\Morde\My Documents\Dnld\frontpage\Ares\chatServer.exe -> Ares Development Group [Ver = 2.0.7.3029 | Size = 263168 bytes | Modified Date = 20/03/2007 02:19:14 | Attr = ] (DefWatch) DefWatch [Win32_Own | Auto | Stopped] -> %ProgramFiles%\NavNT\defwatch.exe -> File not found (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 00:56:50 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 20/08/2007 02:01:01 | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.34 | Size = 501312 bytes | Modified Date = 26/05/2007 12:45:46 | Attr = ] (Norton AntiVirus Server) Norton AntiVirus Client [Win32_Own | Auto | Stopped] -> %ProgramFiles%\NavNT\rtvscan.exe -> File not found (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> Symantec Corporation [Ver = 1.9.1.1080 | Size = 1174152 bytes | Modified Date = 23/06/2007 20:46:54 | Attr = ] [Driver Services - Non-Microsoft Only] (AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> %SystemRoot%\system32\DRIVERS\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.2.0.3 | Size = 17801 bytes | Modified Date = 24/05/2007 22:41:17 | Attr = ] (AR5211) NETGEAR WG311T V1H3 Wireless Adapter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\WG311T13.sys -> Atheros Communications, Inc. [Ver = 4.0.0.167 | Size = 456768 bytes | Modified Date = 20/09/2005 04:05:04 | Attr = R ] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 701440 bytes | Modified Date = 03/08/2004 23:29:28 | Attr = ] (cmuda) C-Media WDM Audio Interface [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\cmuda.sys -> C-Media Inc [Ver = 5.12.01.0038.4 (36) | Size = 754560 bytes | Modified Date = 17/10/2003 04:52:06 | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 03/08/2004 23:07:18 | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 03/08/2004 23:07:18 | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ] (DNINDIS5) DNINDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DNINDIS5.SYS -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.55 | Size = 17149 bytes | Modified Date = 24/07/2003 12:10:34 | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\System32\Drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 19/09/2006 14:44:04 | Attr = ] (hotcore2) hotcore2 [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\hotcore2.sys -> Paragon Software Group [Ver = 5.00.2195.1 | Size = 30808 bytes | Modified Date = 23/08/2006 12:10:10 | Attr = ] (MASPINT) MASPINT [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\MASPINT.SYS -> MicroStaff Co.,Ltd. [Ver = 1.04 | Size = 8096 bytes | Modified Date = 29/03/2000 17:11:20 | Attr = ] (PPJoyBus) Parallel Port Joystick Bus device driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PPJoyBus.sys -> Deon van der Westhuysen [Ver = 0.83.0.000 | Size = 13952 bytes | Modified Date = 24/10/2004 08:11:00 | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 26/07/2007 03:53:30 | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 13/11/2007 11:25:53 | Attr = ] (sfdrv01) StarForce Protection Environment Driver (version 1.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfdrv01.sys -> Protection Technology [Ver = 1.32 | Size = 48640 bytes | Modified Date = 03/03/2005 18:53:57 | Attr = ] (sfhlp02) StarForce Protection Helper Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfhlp02.sys -> Protection Technology [Ver = 2.2 | Size = 6656 bytes | Modified Date = 23/02/2005 16:59:54 | Attr = ] (sfsync02) StarForce Protection Synchronization Driver (version 2.x) [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\sfsync02.sys -> Protection Technology [Ver = 2.7 | Size = 20544 bytes | Modified Date = 03/12/2004 11:20:41 | Attr = ] (SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\sisnic.sys -> SiS Corporation [Ver = 1.16.00.00 built by: WinDDK | Size = 32256 bytes | Modified Date = 10/07/2002 16:39:34 | Attr = R ] (sptd) sptd [Kernel | Boot | Stopped] -> %SystemRoot%\System32\drivers\sptd.sys -> Duplex Secure Ltd. [Ver = 1.50.0.0 built by: WinDDK | Size = 685816 bytes | Modified Date = 30/08/2007 08:32:36 | Attr = ] (symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 23/06/2007 20:30:44 | Attr = ] (WPN111) Wireless USB 2.0 Adapter with RangeMax Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\WPN111.sys -> NETGEAR, Inc. [Ver = 1.5.0.2102 | Size = 362944 bytes | Modified Date = 26/09/2005 16:02:50 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 3cecc874 -> %SystemRoot%\system32\iwjjarve.dll [rundll32.exe "C:\WINDOWS\system32\iwjjarve.dll",b] -> [Ver = | Size = 94272 bytes | Modified Date = 31/05/2008 16:19:12 | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 23:16:38 | Attr = ] BM3fdffbe8 -> %SystemRoot%\system32\pwofurjt.dll [Rundll32.exe "C:\WINDOWS\system32\pwofurjt.dll",s] -> [Ver = | Size = 101952 bytes | Modified Date = 31/05/2008 16:00:36 | Attr = ] Bron-Spizaetus -> %SystemRoot%\ShellNew\bronstab.exe ["C:\WINDOWS\ShellNew\bronstab.exe"] -> [Ver = | Size = 41385 bytes | Modified Date = 15/06/2007 09:34:40 | Attr = H ] Cmaudio -> [RunDll32 cmicnfg.cpl,CMICtrlWnd] -> File not found iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.2.0.34 | Size = 257088 bytes | Modified Date = 26/05/2007 12:45:54 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 11/12/2007 11:56:54 | Attr = ] REGSHAVE -> %ProgramFiles%\REGSHAVE\REGSHAVE.EXE [C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN] -> FUJI PHOTO FILM CO., LTD. [Ver = 3.0.0.4 | Size = 53248 bytes | Modified Date = 04/02/2002 22:32:10 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:35 | Attr = ] UserFaultCheck -> [%systemroot%\system32\dumprep 0 -u] -> File not found YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"] -> Yahoo! Inc. [Ver = 2007, 6, 8, 1 | Size = 224248 bytes | Modified Date = 08/06/2007 15:59:38 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ares -> %ProgramFiles%\Ares\Ares.exe ["C:\Program Files\Ares\Ares.exe" -h] -> Ares Development Group [Ver = 2.0.9.3030 | Size = 961536 bytes | Modified Date = 16/07/2007 22:54:38 | Attr = ] EPSON Stylus DX6000 Series -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU C:\DOCUME~1\Mum\LOCALS~1\Temp\E_S10.tmp [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\DOCUME~1\Mum\LOCALS~1\Temp\E_S10.tmp" /EF "HKCU"] -> File not found QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.3.1 | Size = 286720 bytes | Modified Date = 11/12/2007 11:56:54 | Attr = ] Tok-Cirrhatus -> %UserProfile%\Local Settings\Application Data\smss.exe ["C:\Documents and Settings\Mum\Local Settings\Application Data\smss.exe"] -> [Ver = | Size = 41385 bytes | Modified Date = 15/06/2007 09:34:40 | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Exif Launcher.lnk -> %ProgramFiles%\FinePixViewer\QuickDCF.exe -> FUJI PHOTO FILM CO., LTD. [Ver = 3, 0, 0, 0 | Size = 200704 bytes | Modified Date = 09/01/2002 21:53:14 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR WG311T Smart Wizard.lnk -> %ProgramFiles%\NETGEAR\WG311T\wlancfg5.exe -> [Ver = 4, 2, 14, 306 | Size = 1486848 bytes | Modified Date = 22/02/2006 11:59:32 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\NETGEAR WPN111 Smart Wizard.lnk -> %ProgramFiles%\NETGEAR\WPN111\wpn111.exe -> NETGEAR [Ver = 1, 1, 0, 8 | Size = 884838 bytes | Modified Date = 26/01/2005 15:15:16 | Attr = ] < Mum Startup Folder > -> C:\Documents and Settings\Mum\Start Menu\Programs\Startup -> -> %UserProfile%\Start Menu\Programs\Startup\Empty.pif -> [Ver = | Size = 41385 bytes | Modified Date = 15/06/2007 09:34:40 | Attr = ] < IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> Your Image File Name Here without a path -> [Debugger] -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE] -> [WebCheck] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe "C:\WINDOWS\eksplorasi.exe" -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> NavLogon -> %SystemRoot%\system32\NavLogon.dll -> [Ver = | Size = 45056 bytes | Modified Date = 24/09/2001 08:59:00 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFolderOptions -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD -> 0 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 03/08/2004 22:59:54 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomDVD-ROM_16X_____________________________5.FV____\5&f8519ef&0&0.1.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [pause | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 7 bytes | Modified Date = 31/05/2008 17:08:05 | Attr = HS] Hosts file not found -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 20/11/2007 20:51:20 | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 20/11/2007 20:51:20 | Attr = ] {24E01188-A129-4EBE-983D-FA65A13D46AB} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\Documents and Settings\Morde\Local Settings\Temp\ssqrq.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 323072 bytes | Modified Date = 21/02/2008 23:02:58 | Attr = ] {514A5C49-0C7D-42c3-A71B-38864A269B7A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\prkuygmg.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 92224 bytes | Modified Date = 31/05/2008 16:03:37 | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 31/10/2006 21:33:52 | Attr = ] {6aa6ef62-4486-48b1-b537-02f4ee530301} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\lxqyggyb.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 105024 bytes | Modified Date = 31/05/2008 16:10:03 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:33 | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/08/2007 02:01:00 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 22/08/2007 13:39:19 | Attr = ] {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKEY_LOCAL_MACHINE] -> [EpsonToolBandKicker Class] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/08/2007 02:01:00 | Attr = R ] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> [EPSON Web-To-Page] -> File not found {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 20/11/2007 20:51:20 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 20/08/2007 02:01:00 | Attr = R ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 11, 20, 1 | Size = 878352 bytes | Modified Date = 20/11/2007 20:51:20 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 25/09/2007 01:11:33 | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 31/10/2006 21:33:52 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 25/09/2007 01:11:34 | Attr = ] CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 31/10/2006 21:33:52 | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1C8F8494-BBFB-4EF4-8C81-9D88C68A6D84} -> (NETGEAR 108 Mbps Wireless PCI Adapter WG311T) -> {31AC29DF-2E42-4EAD-BB00-8E8F6237EF56} -> () -> {34EBA892-D4E4-424C-B98B-D298362B719F} -> (SiS 900-Based PCI Fast Ethernet Adapter) -> {44D9842D-4633-4677-9479-3B8B907821B6} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {1239CC52-59EF-4DFA-8C61-90FFA846DF7E}[HKEY_LOCAL_MACHINE] -> http://www.musicnotes.com/download/mnviewer.cab[Musicnotes Viewer] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {1EF9F042-C2EB-4293-8213-474CAEEF531D}[HKEY_LOCAL_MACHINE] -> http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB[TmHcmsX Control] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {924C1588-90C3-4910-B6CA-D57A1C0418FE}[HKEY_LOCAL_MACHINE] -> http://us.bookmarks.yahoo.com/YbConvFav.CAB[YbUploadFavsCtl Class] -> {A8F2B9BD-A6A0-486A-9744-18920D898429}[HKEY_LOCAL_MACHINE] -> http://www.sibelius.com/download/software/win/ActiveXPlugin.cab[ScorchPlugin Class] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\.Owner -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HcmsL10NStr.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HcmsL10NStr.ini\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HcmsL10NStr.ini\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mnviewer.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mnviewer.dll\\.Owner -> {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mnviewer.dll\\{1239CC52-59EF-4DFA-8C61-90FFA846DF7E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NPSibelius.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NPSibelius.dll\\.Owner -> {A8F2B9BD-A6A0-486A-9744-18920D898429} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/NPSibelius.dll\\{A8F2B9BD-A6A0-486A-9744-18920D898429} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcms.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcms.ini\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcms.ini\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHCMSMgr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHCMSMgr.dll\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHCMSMgr.dll\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ini\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ini\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ocx\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ocx\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmSvcUrl.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmSvcUrl.ini\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmSvcUrl.ini\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YbConvFav.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YbConvFav.dll\\.Owner -> {924C1588-90C3-4910-B6CA-D57A1C0418FE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/YbConvFav.dll\\{924C1588-90C3-4910-B6CA-D57A1C0418FE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\TommyWalshsDIYGuide -> TommyWalshsDIYGuide -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> TommyWalshsDIYGuide -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\TommyWalshsDIYGuide -> TommyWalshsDIYGuide -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> TommyWalshsDIYGuide -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\TommyWalshsDIYGuide -> TommyWalshsDIYGuide -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> TommyWalshsDIYGuide -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 00:56:44 | Attr = ] C:\DOCUME~1\Morde\LOCALS~1\Temp\ssqrq.dll -> %SystemDrive%\Documents and Settings\Morde\Local Settings\Temp\ssqrq.dll -> [Ver = | Size = 323072 bytes | Modified Date = 21/02/2008 23:02:58 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 18:49:30 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 00:56:44 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 15:21:15 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 04/08/2004 00:56:48 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 604 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 00:56:46 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04/08/2004 00:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 72 0B C7 2E 28 BB 39 1A 99 43 7E DE CF 5D 2A A9 66 35 39 65 61 61 31 34 00 FD 07 00 78 59 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 BD C6 A2 B7 3B 12 9E 49 FB 84 76 F5 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 44 1B 2A BF DC 10 84 7B 97 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 60 2D F4 DB 75 A7 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 23/08/2001 13:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> B5 C8 7E C1 CC 3C 14 18 3E 7B A8 EE B1 81 8B 0B [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> E4 5E E8 F8 4B 9E C7 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 8265 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 00:56:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:54:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 16:10:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\Ares\Ares.exe -> D:\Program Files\Ares\Ares.exe [D:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:54:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 16:10:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Morde\My Documents\Ares\Ares.exe -> %SystemDrive%\Documents and Settings\Morde\My Documents\Ares\Ares.exe [C:\Documents and Settings\Morde\My Documents\Ares\Ares.exe:*:Enabled:Ares p2p for windows] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rtcshare.exe -> %SystemRoot%\system32\rtcshare.exe [C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 77312 bytes | Modified Date = 04/08/2004 00:56:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetMeeting\conf.exe -> %ProgramFiles%\NetMeeting\conf.exe [C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®] -> Microsoft Corporation [Ver = 5.1.2600.2180 | Size = 1032192 bytes | Modified Date = 04/08/2004 00:56:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Morde\My Documents\voeh\VeohClient.exe -> %SystemDrive%\Documents and Settings\Morde\My Documents\voeh\VeohClient.exe [C:\Documents and Settings\Morde\My Documents\voeh\VeohClient.exe:*:Enabled:Veoh Client] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 13/10/2004 17:24:37 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares\Ares.exe -> %ProgramFiles%\Ares\Ares.exe [C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows] -> Ares Development Group [Ver = 2.0.9.3030 | Size = 961536 bytes | Modified Date = 16/07/2007 22:54:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 30/08/2007 18:43:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 30/08/2007 18:43:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Mike\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe -> %SystemDrive%\Documents and Settings\Mike\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe [C:\Documents and Settings\Mike\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Disabled:PowerSoccer] -> [Ver = | Size = 3424256 bytes | Modified Date = 29/04/2008 16:52:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.2.0.34 | Size = 14774336 bytes | Modified Date = 26/05/2007 12:45:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 00:56:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 05:39:49 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe -k LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 04/08/2004 00:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 05:39:49 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Created Date = 30/05/2008 18:26:21 | Attr = HS] elelxbdx.ini -> %SystemRoot%\System32\elelxbdx.ini -> [Ver = | Size = 2600270 bytes | Created Date = 30/05/2008 15:29:47 | Attr = HS] esmvhyjv.exe -> %SystemRoot%\System32\esmvhyjv.exe -> [Ver = | Size = 2624 bytes | Created Date = 30/05/2008 15:27:26 | Attr = ] evrajjwi.ini -> %SystemRoot%\System32\evrajjwi.ini -> [Ver = | Size = 5279834 bytes | Created Date = 31/05/2008 16:19:12 | Attr = HS] gqkdenei.dll -> %SystemRoot%\System32\gqkdenei.dll -> [Ver = | Size = 103488 bytes | Created Date = 30/05/2008 15:27:27 | Attr = ] hvftxtgf.dll -> %SystemRoot%\System32\hvftxtgf.dll -> [Ver = | Size = 92224 bytes | Created Date = 30/05/2008 15:25:23 | Attr = ] ihhmbuqr.exe -> %SystemRoot%\System32\ihhmbuqr.exe -> [Ver = | Size = 2624 bytes | Created Date = 31/05/2008 16:12:36 | Attr = ] iwjjarve.dll -> %SystemRoot%\System32\iwjjarve.dll -> [Ver = | Size = 94272 bytes | Created Date = 31/05/2008 16:19:12 | Attr = ] lxqyggyb.dll -> %SystemRoot%\System32\lxqyggyb.dll -> [Ver = | Size = 105024 bytes | Created Date = 31/05/2008 16:10:02 | Attr = ] mxlheswh.dll -> %SystemRoot%\System32\mxlheswh.dll -> [Ver = | Size = 101952 bytes | Created Date = 30/05/2008 15:25:41 | Attr = ] prkuygmg.dll -> %SystemRoot%\System32\prkuygmg.dll -> [Ver = | Size = 92224 bytes | Created Date = 31/05/2008 16:03:36 | Attr = ] pwofurjt.dll -> %SystemRoot%\System32\pwofurjt.dll -> [Ver = | Size = 101952 bytes | Created Date = 31/05/2008 16:00:36 | Attr = ] BM3fdffbe8.xml -> %SystemRoot%\BM3fdffbe8.xml -> [Ver = | Size = 109816 bytes | Created Date = 30/05/2008 15:24:03 | Attr = ] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 122 bytes | Created Date = 31/05/2008 16:08:00 | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Created Date = 30/05/2008 15:24:03 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 31/05/2008 13:28:34 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 31/05/2008 13:28:34 | Attr = H ] W?nSxS -> %SystemRoot%\WіnSxS -> [Folder | Modified Date = 25/06/2007 06:19:39 | Attr = ] 9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 314 bytes | Created Date = 30/05/2008 18:29:21 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Apple Computer -> %AppData%\Apple Computer -> [Folder | Created Date = 30/05/2008 11:11:39 | Attr = ] NetMedia Providers -> %AppData%\NetMedia Providers -> [Folder | Created Date = 30/05/2008 20:16:26 | Attr = ] Propellerhead Software -> %AppData%\Propellerhead Software -> [Folder | Created Date = 30/05/2008 20:11:04 | Attr = ] Publish Providers -> %AppData%\Publish Providers -> [Folder | Created Date = 30/05/2008 20:16:26 | Attr = ] Sony -> %AppData%\Sony -> [Folder | Created Date = 30/05/2008 20:16:22 | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Created Date = 21/05/2008 12:14:05 | Attr = ] Ares -> %UserProfile%\Local Settings\Application Data\Ares -> [Folder | Created Date = 22/05/2008 07:47:30 | Attr = ] Bron.tok-9-20 -> %UserProfile%\Local Settings\Application Data\Bron.tok-9-20 -> [Folder | Created Date = 20/05/2008 18:29:32 | Attr = ] Bron.tok-9-21 -> %UserProfile%\Local Settings\Application Data\Bron.tok-9-21 -> [Folder | Created Date = 21/05/2008 12:12:02 | Attr = ] Bron.tok-9-27 -> %UserProfile%\Local Settings\Application Data\Bron.tok-9-27 -> [Folder | Created Date = 27/05/2008 13:38:52 | Attr = ] Bron.tok-9-31 -> %UserProfile%\Local Settings\Application Data\Bron.tok-9-31 -> [Folder | Created Date = 31/05/2008 10:43:10 | Attr = ] Bron.tok.A9.em.bin -> %UserProfile%\Local Settings\Application Data\Bron.tok.A9.em.bin -> [Ver = | Size = 3544 bytes | Created Date = 31/05/2008 16:49:04 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 3584 bytes | Created Date = 31/05/2008 13:46:30 | Attr = ] AlbumArtSmall.jpg -> %AllUsersProfile%\Documents\AlbumArtSmall.jpg -> [Ver = | Size = 2909 bytes | Created Date = 15/05/2008 10:39:29 | Attr = HS] AlbumArt_{64D745A1-45C7-46E3-8532-413ADBF93855}_Large.jpg -> %AllUsersProfile%\Documents\AlbumArt_{64D745A1-45C7-46E3-8532-413ADBF93855}_Large.jpg -> [Ver = | Size = 10334 bytes | Created Date = 15/05/2008 10:39:29 | Attr = HS] AlbumArt_{64D745A1-45C7-46E3-8532-413ADBF93855}_Small.jpg -> %AllUsersProfile%\Documents\AlbumArt_{64D745A1-45C7-46E3-8532-413ADBF93855}_Small.jpg -> [Ver = | Size = 2909 bytes | Created Date = 15/05/2008 10:39:29 | Attr = HS] Day 26 - 01- Day 26 - I'm The Reason.mp3 -> %AllUsersProfile%\Documents\Day 26 - 01- Day 26 - I'm The Reason.mp3 -> [Ver = | Size = 3806244 bytes | Created Date = 15/05/2008 11:44:28 | Attr = ] @Alternate Data Stream - 26 bytes -> %AllUsersProfile%\Documents\Day 26 - 01- Day 26 - I'm The Reason.mp3:Zone.Identifier Day 26 - Pushing Beauty.mp3 -> %AllUsersProfile%\Documents\Day 26 - Pushing Beauty.mp3 -> [Ver = | Size = 11294686 bytes | Created Date = 15/05/2008 11:39:25 | Attr = ] @Alternate Data Stream - 26 bytes -> %AllUsersProfile%\Documents\Day 26 - Pushing Beauty.mp3:Zone.Identifier Day 26-Co Star.mp3 -> %AllUsersProfile%\Documents\Day 26-Co Star.mp3 -> [Ver = | Size = 6133177 bytes | Created Date = 15/05/2008 10:36:14 | Attr = ] Day 26-If It Wasn't For You.mp3 -> %AllUsersProfile%\Documents\Day 26-If It Wasn't For You.mp3 -> [Ver = | Size = 5054809 bytes | Created Date = 15/05/2008 11:51:33 | Attr = ] @Alternate Data Stream - 26 bytes -> %AllUsersProfile%\Documents\Day 26-If It Wasn't For You.mp3:Zone.Identifier Folder.jpg -> %AllUsersProfile%\Documents\Folder.jpg -> [Ver = | Size = 10334 bytes | Created Date = 15/05/2008 10:39:29 | Attr = HS] Midnight chords.doc -> %AllUsersProfile%\Documents\Midnight chords.doc -> [Ver = | Size = 26112 bytes | Created Date = 27/05/2008 13:46:55 | Attr = ] My Shared Folder -> %AllUsersProfile%\Documents\My Shared Folder -> [Folder | Created Date = 26/05/2008 11:29:35 | Attr = R ] ~$dnight chords.doc -> %AllUsersProfile%\Documents\~$dnight chords.doc -> [Ver = | Size = 162 bytes | Created Date = 27/05/2008 13:46:57 | Attr = ] Come to me (remix).mp3 -> %UserProfile%\My Documents\Come to me (remix).mp3 -> [Ver = | Size = 5221982 bytes | Created Date = 30/05/2008 20:20:09 | Attr = ] Come to me (remix).mp3.sfk -> %UserProfile%\My Documents\Come to me (remix).mp3.sfk -> [Ver = | Size = 224960 bytes | Created Date = 31/05/2008 13:27:39 | Attr = ] diddy.sfk -> %UserProfile%\My Documents\diddy.sfk -> [Ver = | Size = 225112 bytes | Created Date = 30/05/2008 20:16:44 | Attr = ] diddy.wav -> %UserProfile%\My Documents\diddy.wav -> [Ver = | Size = 28806024 bytes | Created Date = 30/05/2008 20:15:43 | Attr = ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Created Date = 17/05/2008 14:35:26 | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 557 bytes | Created Date = 17/05/2008 14:36:33 | Attr = ] My Web Sites -> %UserProfile%\My Documents\My Web Sites -> [Folder | Created Date = 17/05/2008 13:58:39 | Attr = S] Untitled.wmv -> %UserProfile%\My Documents\Untitled.wmv -> [Ver = | Size = 3195858 bytes | Created Date = 31/05/2008 13:29:33 | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2341 bytes | Created Date = 01/05/2008 23:03:58 | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 31/05/2008 16:27:44 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 31/05/2008 16:38:25 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 545664 bytes | Created Date = 31/05/2008 16:35:30 | Attr = ] ?racle -> %CommonProgramFiles%\Оracle -> [Folder | Modified Date = 25/06/2007 06:19:39 | Attr = ] [Files/Folders - Modified Within 30 days] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 7 bytes | Modified Date = 31/05/2008 17:08:05 | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536399872 bytes | Modified Date = 31/05/2008 16:36:47 | Attr = HS] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 31/05/2008 16:31:02 | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 31/05/2008 16:08:00 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 30/05/2008 15:56:30 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 31/05/2008 10:45:00 | Attr = ] 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> elelxbdx.ini -> %SystemRoot%\System32\elelxbdx.ini -> [Ver = | Size = 2600270 bytes | Modified Date = 31/05/2008 16:16:29 | Attr = HS] esmvhyjv.exe -> %SystemRoot%\System32\esmvhyjv.exe -> [Ver = | Size = 2624 bytes | Modified Date = 30/05/2008 15:27:26 | Attr = ] evrajjwi.ini -> %SystemRoot%\System32\evrajjwi.ini -> [Ver = | Size = 5279834 bytes | Modified Date = 31/05/2008 17:09:31 | Attr = HS] gqkdenei.dll -> %SystemRoot%\System32\gqkdenei.dll -> [Ver = | Size = 103488 bytes | Modified Date = 30/05/2008 15:27:27 | Attr = ] hvftxtgf.dll -> %SystemRoot%\System32\hvftxtgf.dll -> [Ver = | Size = 92224 bytes | Modified Date = 30/05/2008 15:25:23 | Attr = ] ihhmbuqr.exe -> %SystemRoot%\System32\ihhmbuqr.exe -> [Ver = | Size = 2624 bytes | Modified Date = 31/05/2008 16:12:36 | Attr = ] iwjjarve.dll -> %SystemRoot%\System32\iwjjarve.dll -> [Ver = | Size = 94272 bytes | Modified Date = 31/05/2008 16:19:12 | Attr = ] lxqyggyb.dll -> %SystemRoot%\System32\lxqyggyb.dll -> [Ver = | Size = 105024 bytes | Modified Date = 31/05/2008 16:10:03 | Attr = ] mxlheswh.dll -> %SystemRoot%\System32\mxlheswh.dll -> [Ver = | Size = 101952 bytes | Modified Date = 30/05/2008 15:25:41 | Attr = ] prkuygmg.dll -> %SystemRoot%\System32\prkuygmg.dll -> [Ver = | Size = 92224 bytes | Modified Date = 31/05/2008 16:03:37 | Attr = ] pwofurjt.dll -> %SystemRoot%\System32\pwofurjt.dll -> [Ver = | Size = 101952 bytes | Modified Date = 31/05/2008 16:00:36 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 29/05/2008 14:08:09 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 14/05/2008 12:19:16 | Attr = H ] 9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> BM3fdffbe8.xml -> %SystemRoot%\BM3fdffbe8.xml -> [Ver = | Size = 109816 bytes | Modified Date = 31/05/2008 16:22:07 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 31/05/2008 16:36:52 | Attr = S] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 122 bytes | Modified Date = 31/05/2008 16:08:01 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 31/05/2008 10:45:33 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 30/05/2008 11:12:36 | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 31/05/2008 17:08:25 | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 31/05/2008 17:08:11 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 31/05/2008 13:28:34 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 31/05/2008 13:28:34 | Attr = H ] ShellNew -> %SystemRoot%\ShellNew -> [Folder | Modified Date = 30/05/2008 18:24:17 | Attr = H ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 31/05/2008 17:09:31 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 31/05/2008 17:08:11 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 31/05/2008 17:13:13 | Attr = ] W?nSxS -> %SystemRoot%\WіnSxS -> [Folder | Modified Date = 25/06/2007 06:19:39 | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 21/05/2008 12:14:05 | Attr = ] At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 314 bytes | Modified Date = 31/05/2008 17:08:15 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 31/05/2008 16:37:09 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 24/06/2007 10:28:43 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 7013 bytes | Modified Date = 31/05/2008 16:38:26 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 7013 bytes | Modified Date = 31/05/2008 16:38:26 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 29/05/2007 21:25:04 | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 31/05/2005 22:33:13 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 30/05/2005 16:16:55 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 17/05/2008 15:54:59 | Attr = ] Apple Computer -> %AppData%\Apple Computer -> [Folder | Modified Date = 30/05/2008 11:11:39 | Attr = ] GDIPFONTCACHEV1.DAT -> %AppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 80656 bytes | Modified Date = 27/05/2008 14:05:46 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 22/05/2008 09:09:46 | Attr = S] NetMedia Providers -> %AppData%\NetMedia Providers -> [Folder | Modified Date = 30/05/2008 20:16:26 | Attr = ] Propellerhead Software -> %AppData%\Propellerhead Software -> [Folder | Modified Date = 30/05/2008 20:11:24 | Attr = ] Publish Providers -> %AppData%\Publish Providers -> [Folder | Modified Date = 30/05/2008 20:16:26 | Attr = ] Sony -> %AppData%\Sony -> [Folder | Modified Date = 30/05/2008 20:20:07 | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 17/05/2008 16:06:52 | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Modified Date = 21/05/2008 12:14:05 | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Modified Date = 30/05/2008 11:11:39 | Attr = ] Ares -> %UserProfile%\Local Settings\Application Data\Ares -> [Folder | Modified Date = 22/05/2008 07:47:32 | Attr = ] Bron.tok-9-20 -> %UserProfile%\Local Settings\Application Data\Bron.tok-9-20 -> [Folder | Modified Date = 20/05/2008 18:29:32 | Attr = ] Bron.tok-9-21 -> %UserProfile%\Local Settings\Application Data\Bron.tok-9-21 -> [Folder | Modified Date = 21/05/2008 12:12:02 | Attr = ] Bron.tok-9-27 -> %UserProfile%\Local Settings\Application Data\Bron.tok-9-27 -> [Folder | Modified Date = 27/05/2008 13:38:52 | Attr = ] Bron.tok-9-31 -> %UserProfile%\Local Settings\Application Data\Bron.tok-9-31 -> [Folder | Modified Date = 31/05/2008 10:43:10 | Attr = ] Bron.tok.A9.em.bin -> %UserProfile%\Local Settings\Application Data\Bron.tok.A9.em.bin -> [Ver = | Size = 3544 bytes | Modified Date = 31/05/2008 16:49:04 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 3584 bytes | Modified Date = 31/05/2008 13:46:31 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 80656 bytes | Modified Date = 17/05/2008 13:58:42 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4317052 bytes | Modified Date = 23/05/2008 12:34:32 | Attr = H ] Loc.Mail.Bron.Tok -> %UserProfile%\Local Settings\Application Data\Loc.Mail.Bron.Tok -> [Folder | Modified Date = 31/05/2008 11:16:51 | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 17/05/2008 14:35:42 | Attr = ] AlbumArtSmall.jpg -> %AllUsersProfile%\Documents\AlbumArtSmall.jpg -> [Ver = | Size = 2909 bytes | Modified Date = 15/05/2008 10:39:28 | Attr = HS] AlbumArt_{64D745A1-45C7-46E3-8532-413ADBF93855}_Large.jpg -> %AllUsersProfile%\Documents\AlbumArt_{64D745A1-45C7-46E3-8532-413ADBF93855}_Large.jpg -> [Ver = | Size = 10334 bytes | Modified Date = 15/05/2008 10:39:28 | Attr = HS] AlbumArt_{64D745A1-45C7-46E3-8532-413ADBF93855}_Small.jpg -> %AllUsersProfile%\Documents\AlbumArt_{64D745A1-45C7-46E3-8532-413ADBF93855}_Small.jpg -> [Ver = | Size = 2909 bytes | Modified Date = 15/05/2008 10:39:28 | Attr = HS] Day 26 - 01- Day 26 - I'm The Reason.mp3 -> %AllUsersProfile%\Documents\Day 26 - 01- Day 26 - I'm The Reason.mp3 -> [Ver = | Size = 3806244 bytes | Modified Date = 15/05/2008 11:59:20 | Attr = ] @Alternate Data Stream - 26 bytes -> %AllUsersProfile%\Documents\Day 26 - 01- Day 26 - I'm The Reason.mp3:Zone.Identifier Day 26 - Pushing Beauty.mp3 -> %AllUsersProfile%\Documents\Day 26 - Pushing Beauty.mp3 -> [Ver = | Size = 11294686 bytes | Modified Date = 15/05/2008 11:43:42 | Attr = ] @Alternate Data Stream - 26 bytes -> %AllUsersProfile%\Documents\Day 26 - Pushing Beauty.mp3:Zone.Identifier Day 26-Co Star.mp3 -> %AllUsersProfile%\Documents\Day 26-Co Star.mp3 -> [Ver = | Size = 6133177 bytes | Modified Date = 15/05/2008 20:49:56 | Attr = ] Day 26-If It Wasn't For You.mp3 -> %AllUsersProfile%\Documents\Day 26-If It Wasn't For You.mp3 -> [Ver = | Size = 5054809 bytes | Modified Date = 15/05/2008 20:53:08 | Attr = ] @Alternate Data Stream - 26 bytes -> %AllUsersProfile%\Documents\Day 26-If It Wasn't For You.mp3:Zone.Identifier Folder.jpg -> %AllUsersProfile%\Documents\Folder.jpg -> [Ver = | Size = 10334 bytes | Modified Date = 15/05/2008 10:39:28 | Attr = HS] Midnight chords.doc -> %AllUsersProfile%\Documents\Midnight chords.doc -> [Ver = | Size = 26112 bytes | Modified Date = 27/05/2008 13:46:57 | Attr = ] My Shared Folder -> %AllUsersProfile%\Documents\My Shared Folder -> [Folder | Modified Date = 31/05/2008 16:43:10 | Attr = R ] ~$dnight chords.doc -> %AllUsersProfile%\Documents\~$dnight chords.doc -> [Ver = | Size = 162 bytes | Modified Date = 27/05/2008 13:46:57 | Attr = ] Come to me (remix).mp3 -> %UserProfile%\My Documents\Come to me (remix).mp3 -> [Ver = | Size = 5221982 bytes | Modified Date = 30/05/2008 20:22:11 | Attr = ] Come to me (remix).mp3.sfk -> %UserProfile%\My Documents\Come to me (remix).mp3.sfk -> [Ver = | Size = 224960 bytes | Modified Date = 31/05/2008 13:43:26 | Attr = ] diddy.sfk -> %UserProfile%\My Documents\diddy.sfk -> [Ver = | Size = 225112 bytes | Modified Date = 30/05/2008 20:16:52 | Attr = ] diddy.wav -> %UserProfile%\My Documents\diddy.wav -> [Ver = | Size = 28806024 bytes | Modified Date = 30/05/2008 20:16:21 | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 30/05/2008 11:11:57 | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 30/05/2008 20:33:49 | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 557 bytes | Modified Date = 31/05/2008 15:59:44 | Attr = ] My Web Sites -> %UserProfile%\My Documents\My Web Sites -> [Folder | Modified Date = 17/05/2008 14:02:59 | Attr = S] Untitled.wmv -> %UserProfile%\My Documents\Untitled.wmv -> [Ver = | Size = 3195858 bytes | Modified Date = 31/05/2008 13:40:57 | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2341 bytes | Modified Date = 30/05/2008 11:12:34 | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 31/05/2008 16:27:44 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 31/05/2008 16:40:27 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 545664 bytes | Modified Date = 31/05/2008 16:35:31 | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Modified Date = 17/05/2008 13:57:40 | Attr = ] ?racle -> %CommonProgramFiles%\Оracle -> [Folder | Modified Date = 25/06/2007 06:19:39 | Attr = ] < End of report > [/code]