[code] OTScanIt logfile created on: 6/2/2008 2:24:13 AM OTScanIt by OldTimer - Version 1.0.15.9 Folder = C:\Documents and Settings\Computer\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1014.04 Mb Total Physical Memory | 601.20 Mb Available Physical Memory | 59.29% Memory free 2.38 Gb Paging File | 2.02 Gb Available in Paging File | 84.67% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 53.71 Gb Total Space | 17.79 Gb Free Space | 33.11% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 20.81 Gb Total Space | 9.73 Gb Free Space | 46.76% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COMPAQ Current User Name: Computer Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 5/6/2008 4:50:07 PM | Attr = ] lvprcsrv.exe -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.5.0.1158 | Size = 141848 bytes | Modified Date = 10/19/2007 1:19:22 PM | Attr = ] qlbctrl.exe -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe -> Hewlett-Packard Development Company, L.P. [Ver = 6, 0, 5, 1 | Size = 131072 bytes | Modified Date = 3/23/2006 11:38:38 AM | Attr = ] igfxtray.exe -> %SystemRoot%\system32\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 94208 bytes | Modified Date = 3/23/2006 11:17:04 AM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 77824 bytes | Modified Date = 3/23/2006 11:13:40 AM | Attr = ] igfxpers.exe -> %SystemRoot%\system32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4543 | Size = 118784 bytes | Modified Date = 3/23/2006 11:17:50 AM | Attr = ] pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 5.00.0000 | Size = 32768 bytes | Modified Date = 10/31/2003 7:42:40 PM | Attr = ] hp wireless assistant.exe -> %ProgramFiles%\hpq\HP Wireless Assistant\HP Wireless Assistant.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 5, 1 | Size = 454656 bytes | Modified Date = 2/14/2006 10:49:22 AM | Attr = ] bdmcon.exe -> %ProgramFiles%\Softwin\BitDefender8\bdmcon.exe -> SOFTWIN S.R.L. [Ver = 8.1.0.3 | Size = 421888 bytes | Modified Date = 9/12/2007 8:52:23 PM | Attr = ] bdswitch.exe -> %ProgramFiles%\Softwin\BitDefender8\bdswitch.exe -> [Ver = | Size = 33280 bytes | Modified Date = 9/12/2007 8:52:26 PM | Attr = ] bdnagent.exe -> %ProgramFiles%\Softwin\BitDefender8\bdnagent.exe -> [Ver = | Size = 8192 bytes | Modified Date = 9/12/2007 8:52:20 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3959 | Size = 185896 bytes | Modified Date = 10/14/2007 12:28:19 AM | Attr = ] communications_helper.exe -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper.exe -> [Ver = | Size = 563984 bytes | Modified Date = 10/25/2007 4:33:22 PM | Attr = ] quickcam.exe -> %ProgramFiles%\Logitech\QuickCam\Quickcam.exe -> [Ver = | Size = 2178832 bytes | Modified Date = 10/25/2007 4:37:32 PM | Attr = ] btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.3301 | Size = 258103 bytes | Modified Date = 2/15/2006 4:09:20 PM | Attr = ] lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.5.1158 | Size = 186904 bytes | Modified Date = 10/19/2007 1:17:28 PM | Attr = ] xcommsvr.exe -> %CommonProgramFiles%\Softwin\BitDefender Communicator\xcommsvr.exe -> Softwin [Ver = 1, 7, 0, 6 | Size = 69632 bytes | Modified Date = 2/24/2004 3:36:48 PM | Attr = ] bdss.exe -> %CommonProgramFiles%\Softwin\BitDefender Scan Server\bdss.exe -> [Ver = | Size = 69632 bytes | Modified Date = 9/12/2007 11:57:05 PM | Attr = ] hpqwmiex.exe -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 8 | Size = 135168 bytes | Modified Date = 3/15/2006 3:28:32 PM | Attr = ] vsserv.exe -> %ProgramFiles%\Softwin\BitDefender8\vsserv.exe -> SOFTWIN S.R.L. [Ver = 8, 1, 0, 0 | Size = 90112 bytes | Modified Date = 9/12/2007 8:52:45 PM | Attr = ] lvcomser.exe -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.5.1158 | Size = 186904 bytes | Modified Date = 10/19/2007 1:17:28 PM | Attr = ] cocimanager.exe -> %CommonProgramFiles%\Logishrd\LQCVFX\COCIManager.exe -> Logitech Inc. [Ver = 11.5.0.1169 | Size = 407824 bytes | Modified Date = 10/25/2007 4:32:58 PM | Attr = ] hpqtoa~1.exe -> %SystemDrive%\PROGRA~1\hpq\Shared\HPQTOA~1.EXE -> [Ver = 1, 0, 0, 7 | Size = 491606 bytes | Modified Date = 12/23/2005 1:44:26 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.9 | Size = 373760 bytes | Modified Date = 5/31/2008 2:57:28 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (6to4) IPv6 Helper Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 5/6/2008 4:50:07 PM | Attr = ] (Alerter) Alerter [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (ALG) Application Layer Gateway Service [Win32_Own | On_Demand | Running] -> %SystemRoot%\System32\alg.exe -> File not found (AppMgmt) Application Management [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (AudioSrv) Windows Audio [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (bdss) BitDefender Scan Server [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Scan Server\bdss.exe -> [Ver = | Size = 69632 bytes | Modified Date = 9/12/2007 11:57:05 PM | Attr = ] (BITS) Background Intelligent Transfer Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (Browser) Computer Browser [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.3301 | Size = 258103 bytes | Modified Date = 2/15/2006 4:09:20 PM | Attr = ] (CiSvc) Indexing Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\cisvc.exe -> File not found (ClipSrv) ClipBook [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\clipsrv.exe -> File not found (CryptSvc) Cryptographic Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (DcomLaunch) DCOM Server Process Launcher [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\ -> File not found (Dhcp) DHCP Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> File not found (dmserver) Logical Disk Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (Dnscache) DNS Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (ERSvc) Error Reporting Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (Eventlog) Event Log [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found (FastUserSwitchingCompatibility) Fast User Switching Compatibility [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (HidServ) HID Input Service [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (hpqwmiex) hpqwmiex [Win32_Own | Auto | Running] -> %ProgramFiles%\Hewlett-Packard\Shared\hpqwmiex.exe -> Hewlett-Packard Development Company, L.P. [Ver = 2, 0, 1, 8 | Size = 135168 bytes | Modified Date = 3/15/2006 3:28:32 PM | Attr = ] (HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %systemroot%\system32\imapi.exe -> File not found (lanmanserver) Server [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (lanmanworkstation) Workstation [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (LmHosts) TCP/IP NetBIOS Helper [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (LVCOMSer) LVCOMSer [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVCOMSER\LVComSer.exe -> Logitech Inc. [Ver = 1.0.5.1158 | Size = 186904 bytes | Modified Date = 10/19/2007 1:17:28 PM | Attr = ] (LVPrcSrv) Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LogiShrd\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 11.5.0.1158 | Size = 141848 bytes | Modified Date = 10/19/2007 1:19:22 PM | Attr = ] (LVSrvLauncher) LVSrvLauncher [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\LogiShrd\SrvLnch\SrvLnch.exe -> Logitech Inc. [Ver = 11.5.0.1158 | Size = 141848 bytes | Modified Date = 10/19/2007 1:21:16 PM | Attr = ] (Messenger) Messenger [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (MSIServer) Windows Installer [Win32_Shared | On_Demand | Stopped] -> %systemroot%\system32\msiexec.exe -> File not found (NetDDE) Network DDE [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde.exe -> File not found (NetDDEdsdm) Network DDE DSDM [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\netdde.exe -> File not found (Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found (Netman) Network Connections [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (Nla) Network Location Awareness (NLA) [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found (NtmsSvc) Removable Storage [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found (PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found (ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found (RasAuto) Remote Access Auto Connection Manager [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (RasMan) Remote Access Connection Manager [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (RemoteAccess) Routing and Remote Access [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (RemoteRegistry) Remote Registry [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (RpcLocator) Remote Procedure Call (RPC) Locator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\locator.exe -> File not found (RSVP) QoS RSVP [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\rsvp.exe -> File not found (SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found (SCardSvr) Smart Card [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\SCardSvr.exe -> File not found (Schedule) Task Scheduler [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (seclogon) Secondary Logon [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (SENS) System Event Notification [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (SharedAccess) Windows Firewall/Internet Connection Sharing (ICS) [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (ShellHWDetection) Shell Hardware Detection [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (Spooler) Print Spooler [Win32_Own | Auto | Running] -> %SystemRoot%\system32\spoolsv.exe -> File not found (srservice) System Restore Service [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (SSDPSRV) SSDP Discovery Service [Win32_Shared | On_Demand | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (stisvc) Windows Image Acquisition (WIA) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (SysmonLog) Performance Logs and Alerts [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\smlogsvc.exe -> File not found (TapiSrv) Telephony [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (TermService) Terminal Services [Win32_Shared | On_Demand | Running] -> %SystemRoot%\System32\ -> File not found (Themes) Themes [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (TrkWks) Distributed Link Tracking Client [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (upnphost) Universal Plug and Play Device Host [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\svchost.exe -> File not found (UPS) Uninterruptible Power Supply [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\ups.exe -> File not found (VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vssvc.exe -> File not found (VSSERV) BitDefender Virus Shield [Win32_Own | Auto | Running] -> %ProgramFiles%\Softwin\BitDefender8\vsserv.exe -> SOFTWIN S.R.L. [Ver = 8, 1, 0, 0 | Size = 90112 bytes | Modified Date = 9/12/2007 8:52:45 PM | Attr = ] (W32Time) Windows Time [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (WebClient) WebClient [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\svchost.exe -> File not found (winmgmt) Windows Management Instrumentation [Win32_Shared | Auto | Running] -> %systemroot%\system32\svchost.exe -> File not found (WmdmPmSN) Portable Media Serial Number Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (Wmi) Windows Management Instrumentation Driver Extensions [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found (wscsvc) Security Center [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (wuauserv) Automatic Updates [Win32_Shared | Disabled | Stopped] -> %systemroot%\system32\svchost.exe -> File not found (WZCSVC) Wireless Zero Configuration [Win32_Shared | Auto | Running] -> %SystemRoot%\System32\svchost.exe -> File not found (XCOMM) BitDefender Communicator [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Softwin\BitDefender Communicator\xcommsvr.exe -> Softwin [Ver = 1, 7, 0, 6 | Size = 69632 bytes | Modified Date = 2/24/2004 3:36:48 PM | Attr = ] (xmlprov) Network Provisioning Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\svchost.exe -> File not found [Driver Services - Non-Microsoft Only] (btaudio) Bluetooth Audio Device [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\btaudio.sys -> Broadcom Corporation. [Ver = 4.0.1.3301 | Size = 401664 bytes | Modified Date = 2/15/2006 3:59:52 PM | Attr = ] (BTDriver) Bluetooth Virtual Communications Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\btport.sys -> Broadcom Corporation. [Ver = 4.0.1.3301 | Size = 30363 bytes | Modified Date = 2/15/2006 3:54:46 PM | Attr = ] (BTKRNL) Bluetooth Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\btkrnl.sys -> Broadcom Corporation. [Ver = 4.0.1.3301 | Size = 1342570 bytes | Modified Date = 2/15/2006 3:56:58 PM | Attr = ] (BTWDNDIS) Bluetooth LAN Access Server [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\btwdndis.sys -> Broadcom Corporation. [Ver = 4.0.1.3301 | Size = 148168 bytes | Modified Date = 2/15/2006 3:51:22 PM | Attr = ] (BTWUSB) WIDCOMM USB Bluetooth Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\btwusb.sys -> Broadcom Corporation. [Ver = 4.0.1.3301 | Size = 57096 bytes | Modified Date = 2/15/2006 3:54:10 PM | Attr = ] (catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Computer\LOCALS~1\Temp\catchme.sys -> File not found (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2/28/2006 8:00:00 PM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2/28/2006 8:00:00 PM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2/28/2006 8:00:00 PM | Attr = ] (E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\e100b325.sys -> Intel Corporation [Ver = 8.0.19.0 built by: WinDDK | Size = 157696 bytes | Modified Date = 11/3/2005 8:31:52 AM | Attr = ] (eabfiltr) eabfiltr [Kernel | System | Running] -> %SystemRoot%\System32\DRIVERS\eabfiltr.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.02 | Size = 7808 bytes | Modified Date = 9/19/2005 2:23:52 PM | Attr = ] (eabusb) eabusb [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\eabusb.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.02 | Size = 5760 bytes | Modified Date = 9/19/2005 2:24:20 PM | Attr = ] (FILESpy) FILESpy [Kernel | Auto | Stopped] -> %ProgramFiles%\Softwin\BitDefender8\filespy.sys -> File not found (HBtnKey) HBtnKey [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\cpqbttn.sys -> Hewlett-Packard Development Company, L.P. [Ver = 4.20.02.02 | Size = 9344 bytes | Modified Date = 9/19/2005 2:24:10 PM | Attr = ] (HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\CHDAud.sys -> Conexant Systems Inc. [Ver = 3.30.0.0 built by: WinDDK | Size = 594432 bytes | Modified Date = 8/24/2006 2:05:32 PM | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HDAudBus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr = ] (HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HSFHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.62.00 built by: WinDDK | Size = 209664 bytes | Modified Date = 12/21/2006 7:56:00 PM | Attr = ] (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.62.00 built by: WinDDK | Size = 988800 bytes | Modified Date = 12/21/2006 7:56:44 PM | Attr = ] (ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.4543 | Size = 1166972 bytes | Modified Date = 3/23/2006 11:47:06 AM | Attr = ] (LVcKap) Logitech AEC Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\LVcKap.sys -> Logitech Inc. [Ver = 11.5.0.1158 | Size = 2109976 bytes | Modified Date = 10/19/2007 1:16:30 PM | Attr = ] (LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\LVMVDrv.sys -> Logitech Inc. [Ver = 11.5.0.1145 | Size = 2142488 bytes | Modified Date = 10/11/2007 6:59:02 PM | Attr = ] (LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\LVPr2Mon.sys -> [Ver = | Size = 25624 bytes | Modified Date = 10/11/2007 6:59:24 PM | Attr = ] (LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 11.5.0.1145 | Size = 41752 bytes | Modified Date = 10/12/2007 10:00:42 AM | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\System32\DRIVERS\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Modified Date = 6/18/2006 10:26:58 PM | Attr = ] (PID_0928) Logitech QuickCam Express(PID_0928) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\LV561AV.SYS -> Logitech Inc. [Ver = 11.5.0.1145 | Size = 490776 bytes | Modified Date = 10/12/2007 9:56:20 AM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2/28/2006 8:00:00 PM | Attr = ] (REGSpy) REGSpy [Kernel | Auto | Stopped] -> %ProgramFiles%\Softwin\BitDefender8\regspy.sys -> File not found (rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\rimmptsk.sys -> REDC [Ver = 1.0.0.9 | Size = 28928 bytes | Modified Date = 11/16/2005 8:28:32 PM | Attr = ] (rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\rimsptsk.sys -> REDC [Ver = 1.00.02.05 | Size = 51840 bytes | Modified Date = 12/22/2005 5:02:22 PM | Attr = ] (rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\rixdptsk.sys -> REDC [Ver = 1.00.02.08 | Size = 308992 bytes | Modified Date = 11/1/2005 6:08:00 PM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 PM | Attr = ] (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr = ] (TestUSB) TestUSB [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\TestUSB.sys -> [Ver = | Size = 6272 bytes | Modified Date = 6/1/2008 10:00:30 PM | Attr = ] (UIUSys) Conexant Setup API [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\UIUSYS.SYS -> File not found (w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\w39n51.sys -> Intel® Corporation [Ver = 10, 1, 1, 3 | Size = 1429632 bytes | Modified Date = 4/21/2006 5:06:26 PM | Attr = ] (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\System32\DRIVERS\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.62.00 built by: WinDDK | Size = 730112 bytes | Modified Date = 12/21/2006 7:55:56 PM | Attr = ] (ZTEusbmdm6k) ZTE Proprietary USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ZTEusbmdm6k.sys -> File not found (ZTEusbnmea) ZTE NMEA Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ZTEusbnmea.sys -> File not found (ZTEusbser6k) ZTE Diagnostic Port [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ZTEusbser6k.sys -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> File not found BDMCon -> %ProgramFiles%\Softwin\BitDefender8\bdmcon [C:\Program Files\Softwin\BitDefender8\\bdmcon.exe] -> File not found BDNewsAgent -> %ProgramFiles%\Softwin\BitDefender8\bdnagent ["C:\Program Files\Softwin\BitDefender8\bdnagent.exe"] -> File not found BDSwitchAgent -> %ProgramFiles%\Softwin\BitDefender8\bdswitch [C:\Program Files\Softwin\BitDefender8\\bdswitch.exe] -> File not found BMef830d90 -> %SystemRoot%\system32\iyluxdis.dll [Rundll32.exe "C:\WINDOWS\system32\iyluxdis.dll",s] -> [Ver = | Size = 126528 bytes | Modified Date = 6/1/2008 6:54:31 PM | Attr = ] ccPrxy.exe -> [ccPrxy.exe] -> File not found ecb03e0c -> %SystemRoot%\system32\mrsneueg.dll [rundll32.exe "C:\WINDOWS\system32\mrsneueg.dll",b] -> [Ver = | Size = 114240 bytes | Modified Date = 6/1/2008 6:57:30 PM | Attr = ] hpWirelessAssistant -> %ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant [C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe] -> File not found igfxhkcmd -> %SystemRoot%\system32\hkcmd [C:\WINDOWS\system32\hkcmd.exe] -> File not found igfxpers -> %SystemRoot%\system32\igfxpers [C:\WINDOWS\system32\igfxpers.exe] -> File not found igfxtray -> %SystemRoot%\system32\igfxtray [C:\WINDOWS\system32\igfxtray.exe] -> File not found IntelliPoint -> %ProgramFiles%\Microsoft IntelliPoint\ipoint ["C:\Program Files\Microsoft IntelliPoint\ipoint.exe"] -> File not found LogitechCommunicationsManager -> %CommonProgramFiles%\LogiShrd\LComMgr\Communications_Helper ["C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"] -> File not found LogitechQuickCamRibbon -> %ProgramFiles%\Logitech\QuickCam\Quickcam ["C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide] -> File not found NeroFilterCheck -> %SystemRoot%\system32\NeroCheck [C:\WINDOWS\system32\NeroCheck.exe] -> File not found QlbCtrl -> %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL [%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start] -> File not found QuickTime Task -> %ProgramFiles%\QuickTime\QTTask ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> File not found RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> File not found SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> File not found TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ctfmon.exe -> %SystemRoot%\system32\ctfmon [C:\WINDOWS\system32\ctfmon.exe] -> File not found MSMSGS -> %ProgramFiles%\Messenger\msmsgs ["C:\Program Files\Messenger\msmsgs.exe" /background] -> File not found Uniblue RegistryBooster 2 -> %ProgramFiles%\Uniblue\RegistryBooster 2\RegistryBooster.exe [C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S] -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop -> File not found < Computer Startup Folder > -> C:\Documents and Settings\Computer\Start Menu\Programs\Startup -> -> %UserProfile%\Start Menu\Programs\Startup\desktop -> File not found < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll -> -> File not found *MultiFile Done* -> -> < IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> Your Image File Name Here without a path -> %SystemRoot%\system32\ntsd [Debugger] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {2AA0726C-95B7-4216-AA43-B5BDD524892F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awtUoooO.dll [] -> [Ver = | Size = 57344 bytes | Modified Date = 5/29/2008 5:24:46 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> %SystemRoot%\explorer -> File not found *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit -> File not found *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui -> File not found *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> __c0099E89 -> %SystemRoot%\system32\__c0099E89 -> File not found __c00F459C -> %SystemRoot%\system32\__c00F459C -> File not found awtUoooO -> %SystemRoot%\system32\awtUoooO.dll -> [Ver = | Size = 57344 bytes | Modified Date = 5/29/2008 5:24:46 PM | Attr = ] igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4543 | Size = 139264 bytes | Modified Date = 3/23/2006 11:12:42 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoFind -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom [system32\DRIVERS\cdrom.sys] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomMATSHITA_DVD-RAM_UJ-850S________________1.05____\5&3c72963&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC [ NTFS ] -> File not found < HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[yaho] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {2AA0726C-95B7-4216-AA43-B5BDD524892F} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awtUoooO.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 57344 bytes | Modified Date = 5/29/2008 5:24:46 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {8C0A4CBE-4374-4CE2-A9A1-3FC56E08930D} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRHxxxV.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 371200 bytes | Modified Date = 5/14/2008 12:39:14 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{461CC20B-FB6E-4f16-8FE8-C29359DB100E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs [Messenger] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL -> File not found Send To &Bluetooth -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {0444B967-BC55-4507-94B1-AF7A128C5367} -> (1394 Net Adapter) -> {31950238-24CA-415D-8924-FBEC1E15F255} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) -> {8B5FC56D-E66A-4170-955D-24E2C73E95EF} -> (Intel(R) PRO/100 VE Network Connection) -> {E6D52B09-1F45-4AEB-AF98-AF198A9B9C55} -> () -> {F7A7816F-E80E-481E-A962-ADC8D8125211} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 2/1/2008 5:22:12 PM | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab[Minesweeper Flags Class] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MineSweeper.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MineSweeper.dll\\.Owner -> {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MineSweeper.dll\\{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2/28/2006 8:00:00 PM | Attr = ] C:\WINDOWS\system32\rqRHxxxV -> %SystemRoot%\system32\rqRHxxxV.dll -> [Ver = | Size = 371200 bytes | Modified Date = 5/14/2008 12:39:14 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/16/2005 1:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2/28/2006 8:00:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 2/28/2006 8:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1112 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2/28/2006 8:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2/28/2006 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 81 53 D2 26 A3 BF F5 91 59 50 61 3C 58 9B A4 60 66 62 37 31 30 36 65 32 00 FD 07 00 D3 42 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 08 90 CE 06 27 A3 71 0B 88 D6 25 FB [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 2B BC 50 DA 32 23 74 D1 78 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 5A 39 9A F3 6E 06 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2/28/2006 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 18 3C DE EE 0C 03 2B 51 A5 86 8E 09 61 6F A6 3B [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 1E 9F 6C 0E B8 9A C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 A0 13 80 5E 3C C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 A0 13 80 5E 3C C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 A0 13 80 5E 3C C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost [%SystemRoot%\System32\svchost.exe -k netsvcs] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 14059 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2/28/2006 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe -> %ProgramFiles%\BitComet\BitComet.exe [C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Counter-Strike 1.6\hl.exe -> %ProgramFiles%\Counter-Strike 1.6\hl [C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\18477:TCP -> 18477:TCP:*:Enabled:BitComet 18477 TCP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\18477:UDP -> 18477:UDP:*:Enabled:BitComet 18477 UDP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost [%systemroot%\system32\svchost.exe -k netsvcs] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2/28/2006 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost [%SystemRoot%\system32\svchost.exe -k LocalService] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2/28/2006 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr [C:\WINDOWS\system32\tlntsvr.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 5/14/2008 12:46:31 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 5/14/2008 1:35:18 AM | Attr = HS] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 352288 bytes | Created Date = 5/29/2008 10:23:21 PM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 6152 bytes | Created Date = 5/29/2008 10:23:21 PM | Attr = HS] fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 11552 bytes | Created Date = 5/29/2008 10:23:21 PM | Attr = HS] fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 3176 bytes | Created Date = 5/29/2008 10:23:21 PM | Attr = HS] klick.dat -> %SystemRoot%\System32\drivers\klick.dat -> [Ver = | Size = 85860 bytes | Created Date = 5/29/2008 10:24:30 PM | Attr = ] klin.dat -> %SystemRoot%\System32\drivers\klin.dat -> [Ver = | Size = 91700 bytes | Created Date = 5/29/2008 10:24:30 PM | Attr = ] TestUSB.sys -> %SystemRoot%\System32\drivers\TestUSB.sys -> [Ver = | Size = 6272 bytes | Created Date = 5/29/2008 5:14:38 PM | Attr = ] awtUoooO.dll -> %SystemRoot%\System32\awtUoooO.dll -> [Ver = | Size = 57344 bytes | Created Date = 5/29/2008 5:24:46 PM | Attr = ] aygvqbda.ini -> %SystemRoot%\System32\aygvqbda.ini -> [Ver = | Size = 1503708 bytes | Created Date = 5/21/2008 4:53:14 AM | Attr = HS] bhmjsamo.dll -> %SystemRoot%\System32\bhmjsamo.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/15/2008 2:18:09 PM | Attr = ] bjreibmp.dll -> %SystemRoot%\System32\bjreibmp.dll -> [Ver = | Size = 127040 bytes | Created Date = 5/31/2008 5:04:26 PM | Attr = ] bvlwtbev.exe -> %SystemRoot%\System32\bvlwtbev.exe -> [Ver = | Size = 2112 bytes | Created Date = 5/19/2008 8:57:20 PM | Attr = ] cqouoknk.dll -> %SystemRoot%\System32\cqouoknk.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/19/2008 6:06:18 PM | Attr = ] ddcAsssP.dll -> %SystemRoot%\System32\ddcAsssP.dll -> [Ver = | Size = 57344 bytes | Created Date = 5/14/2008 1:43:26 AM | Attr = ] dodegruw.dll -> %SystemRoot%\System32\dodegruw.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/19/2008 6:09:19 PM | Attr = ] efcCrOHa.dll -> %SystemRoot%\System32\efcCrOHa.dll -> [Ver = | Size = 57344 bytes | Created Date = 5/14/2008 1:44:49 AM | Attr = ] ehkhhibm.ini -> %SystemRoot%\System32\ehkhhibm.ini -> [Ver = | Size = 1555684 bytes | Created Date = 5/18/2008 5:55:19 PM | Attr = HS] eokfsprk.dll -> %SystemRoot%\System32\eokfsprk.dll -> [Ver = | Size = 127040 bytes | Created Date = 5/21/2008 4:51:36 AM | Attr = ] ffdcwlep.dll -> %SystemRoot%\System32\ffdcwlep.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/19/2008 6:03:18 PM | Attr = ] gahipski.dll -> %SystemRoot%\System32\gahipski.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/19/2008 6:00:19 PM | Attr = ] geuensrm.ini -> %SystemRoot%\System32\geuensrm.ini -> [Ver = | Size = 2670435 bytes | Created Date = 6/1/2008 6:57:31 PM | Attr = HS] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Created Date = 5/29/2008 7:30:17 AM | Attr = H ] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> hgGyabYR.dll -> %SystemRoot%\System32\hgGyabYR.dll -> [Ver = | Size = 57344 bytes | Created Date = 5/14/2008 12:33:54 AM | Attr = ] iekudutp.ini -> %SystemRoot%\System32\iekudutp.ini -> [Ver = | Size = 1502859 bytes | Created Date = 5/19/2008 9:00:12 PM | Attr = HS] ifsnkfbi.exe -> %SystemRoot%\System32\ifsnkfbi.exe -> [Ver = | Size = 2624 bytes | Created Date = 6/1/2008 6:54:40 PM | Attr = ] iqpqanoo.dll -> %SystemRoot%\System32\iqpqanoo.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/19/2008 6:03:17 PM | Attr = ] iuosdwja.ini -> %SystemRoot%\System32\iuosdwja.ini -> [Ver = | Size = 354 bytes | Created Date = 5/19/2008 5:57:28 PM | Attr = HS] ixqtstob.exe -> %SystemRoot%\System32\ixqtstob.exe -> [Ver = | Size = 2112 bytes | Created Date = 5/18/2008 5:52:16 PM | Attr = ] iyluxdis.dll -> %SystemRoot%\System32\iyluxdis.dll -> [Ver = | Size = 126528 bytes | Created Date = 6/1/2008 6:54:29 PM | Attr = ] jkkHBRJc.dll -> %SystemRoot%\System32\jkkHBRJc.dll -> [Ver = | Size = 57344 bytes | Created Date = 5/14/2008 11:44:19 AM | Attr = ] jkkJawxw.dll -> %SystemRoot%\System32\jkkJawxw.dll -> [Ver = | Size = 57344 bytes | Created Date = 5/14/2008 1:41:30 AM | Attr = ] jqhfeull.dll -> %SystemRoot%\System32\jqhfeull.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/18/2008 5:55:22 PM | Attr = ] khfCtrSk.dll -> %SystemRoot%\System32\khfCtrSk.dll -> [Ver = | Size = 57344 bytes | Created Date = 5/14/2008 12:29:50 AM | Attr = ] kowrjxcm.dll -> %SystemRoot%\System32\kowrjxcm.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/19/2008 6:12:17 PM | Attr = ] lbngeoqf.dll -> %SystemRoot%\System32\lbngeoqf.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/15/2008 2:16:06 PM | Attr = ] liwiwhwh.exe -> %SystemRoot%\System32\liwiwhwh.exe -> [Ver = | Size = 2112 bytes | Created Date = 5/15/2008 2:16:36 PM | Attr = ] ljJASjGA.dll -> %SystemRoot%\System32\ljJASjGA.dll -> [Ver = | Size = 57344 bytes | Created Date = 5/14/2008 12:26:24 AM | Attr = ] mbihhkhe.dll -> %SystemRoot%\System32\mbihhkhe.dll -> [Ver = | Size = 117312 bytes | Created Date = 5/18/2008 5:55:15 PM | Attr = ] mrsneueg.dll -> %SystemRoot%\System32\mrsneueg.dll -> [Ver = | Size = 114240 bytes | Created Date = 6/1/2008 6:57:28 PM | Attr = ] nnnkHwxV.dll -> %SystemRoot%\System32\nnnkHwxV.dll -> [Ver = | Size = 57344 bytes | Created Date = 5/14/2008 12:27:38 AM | Attr = ] ocxvnrmj.ini -> %SystemRoot%\System32\ocxvnrmj.ini -> [Ver = | Size = 1667875 bytes | Created Date = 5/24/2008 5:01:56 PM | Attr = HS] piuddetp.dll -> %SystemRoot%\System32\piuddetp.dll -> [Ver = | Size = 124992 bytes | Created Date = 5/18/2008 5:49:16 PM | Attr = ] qakaetjk.dll -> %SystemRoot%\System32\qakaetjk.dll -> [Ver = | Size = 127040 bytes | Created Date = 5/31/2008 5:01:41 PM | Attr = ] qepbalxb.dll -> %SystemRoot%\System32\qepbalxb.dll -> [Ver = | Size = 126528 bytes | Created Date = 5/15/2008 2:12:17 PM | Attr = ] qlvpkpaq.exe -> %SystemRoot%\System32\qlvpkpaq.exe -> [Ver = | Size = 2112 bytes | Created Date = 5/19/2008 5:54:17 PM | Attr = ] qoMEVNeE.dll -> %SystemRoot%\System32\qoMEVNeE.dll -> [Ver = | Size = 57344 bytes | Created Date = 5/14/2008 2:07:22 AM | Attr = ] quhxirhd.dll -> %SystemRoot%\System32\quhxirhd.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/15/2008 2:21:07 PM | Attr = ] rcqjxaxp.dll -> %SystemRoot%\System32\rcqjxaxp.dll -> [Ver = | Size = 124992 bytes | Created Date = 5/19/2008 8:57:10 PM | Attr = ] rkiyekud.ini -> %SystemRoot%\System32\rkiyekud.ini -> [Ver = | Size = 2735448 bytes | Created Date = 5/31/2008 5:07:29 PM | Attr = HS] rqRHxxxV.dll -> %SystemRoot%\System32\rqRHxxxV.dll -> [Ver = | Size = 371200 bytes | Created Date = 5/14/2008 12:37:56 AM | Attr = ] rtejuhpg.dll -> %SystemRoot%\System32\rtejuhpg.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/19/2008 6:15:17 PM | Attr = ] rulqwfhk.dll -> %SystemRoot%\System32\rulqwfhk.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/15/2008 2:18:07 PM | Attr = ] segowqtu.dll -> %SystemRoot%\System32\segowqtu.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/18/2008 5:58:27 PM | Attr = ] tbemwoyi.exe -> %SystemRoot%\System32\tbemwoyi.exe -> [Ver = | Size = 2624 bytes | Created Date = 5/21/2008 4:51:46 AM | Attr = ] thkgirif.exe -> %SystemRoot%\System32\thkgirif.exe -> [Ver = | Size = 2624 bytes | Created Date = 5/24/2008 5:04:42 PM | Attr = ] tuvSkHwU.dll -> %SystemRoot%\System32\tuvSkHwU.dll -> [Ver = | Size = 57344 bytes | Created Date = 5/14/2008 1:35:30 AM | Attr = ] ufcrxvdi.exe -> %SystemRoot%\System32\ufcrxvdi.exe -> [Ver = | Size = 2624 bytes | Created Date = 5/31/2008 5:04:32 PM | Attr = ] uqkgldeh.dll -> %SystemRoot%\System32\uqkgldeh.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/18/2008 5:55:40 PM | Attr = ] uvfnrrio.dll -> %SystemRoot%\System32\uvfnrrio.dll -> [Ver = | Size = 126528 bytes | Created Date = 5/24/2008 4:59:08 PM | Attr = ] vgwxwjdl.dll -> %SystemRoot%\System32\vgwxwjdl.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/19/2008 6:06:17 PM | Attr = ] voralkfu.dll -> %SystemRoot%\System32\voralkfu.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/19/2008 6:12:19 PM | Attr = ] vtivnifc.ini -> %SystemRoot%\System32\vtivnifc.ini -> [Ver = | Size = 2735568 bytes | Created Date = 6/1/2008 5:06:45 AM | Attr = HS] VxxxHRqr.ini -> %SystemRoot%\System32\VxxxHRqr.ini -> [Ver = | Size = 307857 bytes | Created Date = 5/14/2008 1:35:06 AM | Attr = HS] VxxxHRqr.ini2 -> %SystemRoot%\System32\VxxxHRqr.ini2 -> [Ver = | Size = 307841 bytes | Created Date = 5/14/2008 1:35:06 AM | Attr = HS] wnycleiw.dll -> %SystemRoot%\System32\wnycleiw.dll -> [Ver = | Size = 124992 bytes | Created Date = 5/19/2008 5:51:20 PM | Attr = ] xekpcjda.dll -> %SystemRoot%\System32\xekpcjda.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/19/2008 6:09:17 PM | Attr = ] xxyVMdcA.dll -> %SystemRoot%\System32\xxyVMdcA.dll -> [Ver = | Size = 57344 bytes | Created Date = 5/14/2008 1:44:54 AM | Attr = ] yukyjvib.dll -> %SystemRoot%\System32\yukyjvib.dll -> [Ver = | Size = 32320 bytes | Created Date = 5/19/2008 6:00:17 PM | Attr = ] yxqnlbvf.ini -> %SystemRoot%\System32\yxqnlbvf.ini -> [Ver = | Size = 1555684 bytes | Created Date = 5/15/2008 2:16:11 PM | Attr = HS] __c00300A4.dat -> %SystemRoot%\System32\__c00300A4.dat -> [Ver = | Size = 32320 bytes | Created Date = 5/15/2008 2:18:08 PM | Attr = ] __c00387A5.dat -> %SystemRoot%\System32\__c00387A5.dat -> [Ver = | Size = 32320 bytes | Created Date = 5/19/2008 6:00:20 PM | Attr = ] __c0045D10.dat -> %SystemRoot%\System32\__c0045D10.dat -> [Ver = | Size = 32320 bytes | Created Date = 5/15/2008 2:16:31 PM | Attr = ] __c0099E89.dat -> %SystemRoot%\System32\__c0099E89.dat -> [Ver = | Size = 32320 bytes | Created Date = 5/18/2008 5:58:29 PM | Attr = ] __c00E3EA4.dat -> %SystemRoot%\System32\__c00E3EA4.dat -> [Ver = | Size = 32320 bytes | Created Date = 5/19/2008 6:09:19 PM | Attr = ] __c00F459C.dat -> %SystemRoot%\System32\__c00F459C.dat -> [Ver = | Size = 32320 bytes | Created Date = 5/15/2008 2:21:08 PM | Attr = ] __c00F9C09.dat -> %SystemRoot%\System32\__c00F9C09.dat -> [Ver = | Size = 32320 bytes | Created Date = 5/19/2008 6:06:19 PM | Attr = ] BMef830d90.xml -> %SystemRoot%\BMef830d90.xml -> [Ver = | Size = 109807 bytes | Created Date = 5/15/2008 2:15:36 PM | Attr = ] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 204 bytes | Created Date = 5/21/2008 2:55:19 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 5/14/2008 12:45:49 AM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 5/14/2008 12:45:49 AM | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Created Date = 5/15/2008 2:15:36 PM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 5/14/2008 12:45:49 AM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 5/14/2008 12:45:49 AM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 5/14/2008 12:45:49 AM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 5/14/2008 12:45:49 AM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 5/14/2008 12:45:49 AM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 5/14/2008 12:45:49 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 5/29/2008 10:23:18 PM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Created Date = 5/23/2008 1:08:09 PM | Attr = ] Uniblue -> %AppData%\Uniblue -> [Folder | Created Date = 6/1/2008 11:11:23 PM | Attr = ] AdvSysOpt -> %UserProfile%\My Documents\AdvSysOpt -> [Folder | Created Date = 5/21/2008 2:26:13 PM | Attr = ] naruto_399.zip -> %UserProfile%\My Documents\naruto_399.zip -> [Ver = | Size = 1559160 bytes | Created Date = 5/10/2008 2:09:24 AM | Attr = ] naruto_400.zip -> %UserProfile%\My Documents\naruto_400.zip -> [Ver = | Size = 3695840 bytes | Created Date = 5/18/2008 5:51:03 PM | Attr = ] 080516 -> %UserProfile%\Desktop\080516 -> [Folder | Created Date = 5/20/2008 3:15:55 PM | Attr = ] 080517 -> %UserProfile%\Desktop\080517 -> [Folder | Created Date = 5/20/2008 3:16:35 PM | Attr = ] 080518 -> %UserProfile%\Desktop\080518 -> [Folder | Created Date = 5/20/2008 3:03:02 PM | Attr = ] 98.7FM Funny talk.mp3 -> %UserProfile%\Desktop\98.7FM Funny talk.mp3 -> [Ver = | Size = 1130624 bytes | Created Date = 5/19/2008 10:54:25 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\98.7FM Funny talk.mp3:Zone.Identifier ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 6/2/2008 2:12:04 AM | Attr = ] billy joel - honesty.mp3 -> %UserProfile%\Desktop\billy joel - honesty.mp3 -> [Ver = | Size = 3715394 bytes | Created Date = 5/15/2008 1:12:22 AM | Attr = ] GEN3030 -> %UserProfile%\Desktop\GEN3030 -> [Folder | Created Date = 5/14/2008 10:01:39 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 5/24/2008 5:19:47 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 5/24/2008 5:18:29 PM | Attr = ] KASPERSKY -> %UserProfile%\Desktop\KASPERSKY -> [Folder | Created Date = 5/14/2008 12:27:06 AM | Attr = ] Keat Soon's Questions.doc -> %UserProfile%\Desktop\Keat Soon's Questions.doc -> [Ver = | Size = 33792 bytes | Created Date = 5/14/2008 10:27:12 AM | Attr = ] Ma'Daerah (16-18th May 08) - JK -> %UserProfile%\Desktop\Ma'Daerah (16-18th May 08) - JK -> [Folder | Created Date = 5/18/2008 6:29:50 PM | Attr = ] MaDaerah 160508 (Michy) -> %UserProfile%\Desktop\MaDaerah 160508 (Michy) -> [Folder | Created Date = 5/20/2008 2:49:44 PM | Attr = ] nrg2320.pdf -> %UserProfile%\Desktop\nrg2320.pdf -> [Ver = | Size = 740646 bytes | Created Date = 5/16/2008 1:01:17 AM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/2/2008 2:22:30 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 544374 bytes | Created Date = 6/2/2008 2:19:29 AM | Attr = ] P1270179 (Small).JPG -> %UserProfile%\Desktop\P1270179 (Small).JPG -> [Ver = | Size = 33474 bytes | Created Date = 5/15/2008 1:45:26 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\P1270179 (Small).JPG:Zone.Identifier salmon.jpg -> %UserProfile%\Desktop\salmon.jpg -> [Ver = | Size = 52575 bytes | Created Date = 6/1/2008 7:27:02 PM | Attr = ] Sci -> %UserProfile%\Desktop\Sci -> [Folder | Created Date = 5/23/2008 1:10:06 PM | Attr = ] sdifbla -> %UserProfile%\Desktop\sdifbla -> [Folder | Created Date = 5/14/2008 1:14:37 AM | Attr = ] SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [Ver = | Size = 6439960 bytes | Created Date = 6/1/2008 11:22:41 PM | Attr = ] Work -> %UserProfile%\Desktop\Work -> [Folder | Created Date = 5/14/2008 12:43:05 AM | Attr = ] Kaspersky Lab -> %ProgramFiles%\Kaspersky Lab -> [Folder | Created Date = 5/29/2008 10:23:19 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 5/24/2008 5:19:47 PM | Attr = ] [Files/Folders - Modified Within 30 days] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 5/14/2008 12:24:32 AM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/1/2008 11:20:39 PM | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 5/14/2008 1:13:47 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 5/14/2008 1:35:18 AM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/31/2008 4:33:25 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 5/14/2008 1:25:37 AM | Attr = ] HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [Ver = | Size = 686 bytes | Modified Date = 5/14/2008 1:25:37 AM | Attr = ] hosts.msn -> %SystemRoot%\System32\drivers\etc\hosts.msn -> [Ver = | Size = 686 bytes | Modified Date = 5/14/2008 1:25:37 AM | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 352288 bytes | Modified Date = 5/31/2008 4:56:02 PM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 6152 bytes | Modified Date = 5/31/2008 4:56:02 PM | Attr = HS] fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 11552 bytes | Modified Date = 5/31/2008 4:56:02 PM | Attr = HS] fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 3176 bytes | Modified Date = 5/31/2008 4:56:02 PM | Attr = HS] klick.dat -> %SystemRoot%\System32\drivers\klick.dat -> [Ver = | Size = 85860 bytes | Modified Date = 5/29/2008 10:24:30 PM | Attr = ] klin.dat -> %SystemRoot%\System32\drivers\klin.dat -> [Ver = | Size = 91700 bytes | Modified Date = 5/29/2008 10:24:30 PM | Attr = ] TestUSB.sys -> %SystemRoot%\System32\drivers\TestUSB.sys -> [Ver = | Size = 6272 bytes | Modified Date = 6/1/2008 10:00:30 PM | Attr = ] awtUoooO.dll -> %SystemRoot%\System32\awtUoooO.dll -> [Ver = | Size = 57344 bytes | Modified Date = 5/29/2008 5:24:46 PM | Attr = ] aygvqbda.ini -> %SystemRoot%\System32\aygvqbda.ini -> [Ver = | Size = 1503708 bytes | Modified Date = 5/24/2008 4:55:58 PM | Attr = HS] bhmjsamo.dll -> %SystemRoot%\System32\bhmjsamo.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/15/2008 2:18:09 PM | Attr = ] bjreibmp.dll -> %SystemRoot%\System32\bjreibmp.dll -> [Ver = | Size = 127040 bytes | Modified Date = 5/31/2008 5:04:26 PM | Attr = ] bvlwtbev.exe -> %SystemRoot%\System32\bvlwtbev.exe -> [Ver = | Size = 2112 bytes | Modified Date = 5/19/2008 8:57:20 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 5/14/2008 2:08:34 AM | Attr = ] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/1/2008 5:52:38 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 5/31/2008 4:55:59 PM | Attr = ] cqouoknk.dll -> %SystemRoot%\System32\cqouoknk.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/19/2008 6:06:19 PM | Attr = ] ddcAsssP.dll -> %SystemRoot%\System32\ddcAsssP.dll -> [Ver = | Size = 57344 bytes | Modified Date = 5/14/2008 1:43:26 AM | Attr = ] dodegruw.dll -> %SystemRoot%\System32\dodegruw.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/19/2008 6:09:19 PM | Attr = ] driver32 -> %SystemRoot%\System32\driver32 -> [Folder | Modified Date = 5/20/2008 5:33:38 PM | Attr = HS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 6/1/2008 6:21:40 PM | Attr = ] efcCrOHa.dll -> %SystemRoot%\System32\efcCrOHa.dll -> [Ver = | Size = 57344 bytes | Modified Date = 5/14/2008 1:44:49 AM | Attr = ] ehkhhibm.ini -> %SystemRoot%\System32\ehkhhibm.ini -> [Ver = | Size = 1555684 bytes | Modified Date = 5/18/2008 5:43:33 PM | Attr = HS] eokfsprk.dll -> %SystemRoot%\System32\eokfsprk.dll -> [Ver = | Size = 127040 bytes | Modified Date = 5/21/2008 4:51:38 AM | Attr = ] ffdcwlep.dll -> %SystemRoot%\System32\ffdcwlep.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/19/2008 6:03:20 PM | Attr = ] gahipski.dll -> %SystemRoot%\System32\gahipski.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/19/2008 6:00:20 PM | Attr = ] geuensrm.ini -> %SystemRoot%\System32\geuensrm.ini -> [Ver = | Size = 2670435 bytes | Modified Date = 6/1/2008 10:00:46 PM | Attr = HS] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Modified Date = 5/29/2008 7:30:17 AM | Attr = H ] hgGyabYR.dll -> %SystemRoot%\System32\hgGyabYR.dll -> [Ver = | Size = 57344 bytes | Modified Date = 5/14/2008 12:33:54 AM | Attr = ] iekudutp.ini -> %SystemRoot%\System32\iekudutp.ini -> [Ver = | Size = 1502859 bytes | Modified Date = 5/21/2008 4:51:17 AM | Attr = HS] ifsnkfbi.exe -> %SystemRoot%\System32\ifsnkfbi.exe -> [Ver = | Size = 2624 bytes | Modified Date = 6/1/2008 6:54:40 PM | Attr = ] iqpqanoo.dll -> %SystemRoot%\System32\iqpqanoo.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/19/2008 6:03:17 PM | Attr = ] iuosdwja.ini -> %SystemRoot%\System32\iuosdwja.ini -> [Ver = | Size = 354 bytes | Modified Date = 5/19/2008 7:57:18 PM | Attr = HS] ixqtstob.exe -> %SystemRoot%\System32\ixqtstob.exe -> [Ver = | Size = 2112 bytes | Modified Date = 5/18/2008 5:52:16 PM | Attr = ] iyluxdis.dll -> %SystemRoot%\System32\iyluxdis.dll -> [Ver = | Size = 126528 bytes | Modified Date = 6/1/2008 6:54:31 PM | Attr = ] jkkHBRJc.dll -> %SystemRoot%\System32\jkkHBRJc.dll -> [Ver = | Size = 57344 bytes | Modified Date = 5/14/2008 11:44:19 AM | Attr = ] jkkJawxw.dll -> %SystemRoot%\System32\jkkJawxw.dll -> [Ver = | Size = 57344 bytes | Modified Date = 5/14/2008 1:41:30 AM | Attr = ] jqhfeull.dll -> %SystemRoot%\System32\jqhfeull.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/18/2008 5:55:22 PM | Attr = ] khfCtrSk.dll -> %SystemRoot%\System32\khfCtrSk.dll -> [Ver = | Size = 57344 bytes | Modified Date = 5/14/2008 12:29:50 AM | Attr = ] kowrjxcm.dll -> %SystemRoot%\System32\kowrjxcm.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/19/2008 6:12:17 PM | Attr = ] lbngeoqf.dll -> %SystemRoot%\System32\lbngeoqf.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/15/2008 2:16:31 PM | Attr = ] liwiwhwh.exe -> %SystemRoot%\System32\liwiwhwh.exe -> [Ver = | Size = 2112 bytes | Modified Date = 5/15/2008 2:16:36 PM | Attr = ] ljJASjGA.dll -> %SystemRoot%\System32\ljJASjGA.dll -> [Ver = | Size = 57344 bytes | Modified Date = 5/14/2008 12:26:24 AM | Attr = ] mbihhkhe.dll -> %SystemRoot%\System32\mbihhkhe.dll -> [Ver = | Size = 117312 bytes | Modified Date = 5/18/2008 5:55:19 PM | Attr = ] mrsneueg.dll -> %SystemRoot%\System32\mrsneueg.dll -> [Ver = | Size = 114240 bytes | Modified Date = 6/1/2008 6:57:30 PM | Attr = ] nnnkHwxV.dll -> %SystemRoot%\System32\nnnkHwxV.dll -> [Ver = | Size = 57344 bytes | Modified Date = 5/14/2008 12:27:38 AM | Attr = ] ocxvnrmj.ini -> %SystemRoot%\System32\ocxvnrmj.ini -> [Ver = | Size = 1667875 bytes | Modified Date = 5/31/2008 5:00:49 PM | Attr = HS] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 41238 bytes | Modified Date = 5/21/2008 11:33:36 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 315076 bytes | Modified Date = 5/21/2008 11:33:36 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 360124 bytes | Modified Date = 5/21/2008 11:33:35 AM | Attr = ] piuddetp.dll -> %SystemRoot%\System32\piuddetp.dll -> [Ver = | Size = 124992 bytes | Modified Date = 5/18/2008 5:49:18 PM | Attr = ] qakaetjk.dll -> %SystemRoot%\System32\qakaetjk.dll -> [Ver = | Size = 127040 bytes | Modified Date = 5/31/2008 5:01:41 PM | Attr = ] qepbalxb.dll -> %SystemRoot%\System32\qepbalxb.dll -> [Ver = | Size = 126528 bytes | Modified Date = 5/15/2008 2:15:35 PM | Attr = ] qlvpkpaq.exe -> %SystemRoot%\System32\qlvpkpaq.exe -> [Ver = | Size = 2112 bytes | Modified Date = 5/19/2008 5:54:17 PM | Attr = ] qoMEVNeE.dll -> %SystemRoot%\System32\qoMEVNeE.dll -> [Ver = | Size = 57344 bytes | Modified Date = 5/14/2008 2:07:22 AM | Attr = ] quhxirhd.dll -> %SystemRoot%\System32\quhxirhd.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/15/2008 2:21:08 PM | Attr = ] rcqjxaxp.dll -> %SystemRoot%\System32\rcqjxaxp.dll -> [Ver = | Size = 124992 bytes | Modified Date = 5/19/2008 8:57:12 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 5/31/2008 4:54:42 PM | Attr = ] rkiyekud.ini -> %SystemRoot%\System32\rkiyekud.ini -> [Ver = | Size = 2735448 bytes | Modified Date = 6/1/2008 5:01:05 AM | Attr = HS] ROAAE8.bac -> %SystemRoot%\System32\ROAAE8.bac -> [Ver = | Size = 45056 bytes | Modified Date = 5/21/2008 2:45:47 PM | Attr = ] ROAAEB.bac -> %SystemRoot%\System32\ROAAEB.bac -> [Ver = | Size = 20742144 bytes | Modified Date = 5/21/2008 2:45:47 PM | Attr = ] ROAAF0.bac -> %SystemRoot%\System32\ROAAF0.bac -> [Ver = | Size = 5767168 bytes | Modified Date = 5/21/2008 2:45:47 PM | Attr = ] ROAAF3.bac -> %SystemRoot%\System32\ROAAF3.bac -> [Ver = | Size = 278528 bytes | Modified Date = 5/21/2008 2:45:47 PM | Attr = ] ROAAF8.bac -> %SystemRoot%\System32\ROAAF8.bac -> [Ver = | Size = 24576 bytes | Modified Date = 5/21/2008 2:45:47 PM | Attr = ] ROAAFB.bac -> %SystemRoot%\System32\ROAAFB.bac -> [Ver = | Size = 225280 bytes | Modified Date = 5/21/2008 2:45:47 PM | Attr = H ] ROAB03.bac -> %SystemRoot%\System32\ROAB03.bac -> [Ver = | Size = 6553600 bytes | Modified Date = 5/21/2008 2:45:39 PM | Attr = H ] ROAB08.bac -> %SystemRoot%\System32\ROAB08.bac -> [Ver = | Size = 262144 bytes | Modified Date = 5/21/2008 2:45:47 PM | Attr = H ] ROAB0B.bac -> %SystemRoot%\System32\ROAB0B.bac -> [Ver = | Size = 262144 bytes | Modified Date = 5/21/2008 11:47:45 AM | Attr = H ] rqRHxxxV.dll -> %SystemRoot%\System32\rqRHxxxV.dll -> [Ver = | Size = 371200 bytes | Modified Date = 5/14/2008 12:39:14 AM | Attr = ] rtejuhpg.dll -> %SystemRoot%\System32\rtejuhpg.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/19/2008 6:15:17 PM | Attr = ] rulqwfhk.dll -> %SystemRoot%\System32\rulqwfhk.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/15/2008 2:18:08 PM | Attr = ] segowqtu.dll -> %SystemRoot%\System32\segowqtu.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/18/2008 5:58:29 PM | Attr = ] tbemwoyi.exe -> %SystemRoot%\System32\tbemwoyi.exe -> [Ver = | Size = 2624 bytes | Modified Date = 5/21/2008 4:51:47 AM | Attr = ] thkgirif.exe -> %SystemRoot%\System32\thkgirif.exe -> [Ver = | Size = 2624 bytes | Modified Date = 5/24/2008 5:04:42 PM | Attr = ] tuvSkHwU.dll -> %SystemRoot%\System32\tuvSkHwU.dll -> [Ver = | Size = 57344 bytes | Modified Date = 5/14/2008 1:35:30 AM | Attr = ] ufcrxvdi.exe -> %SystemRoot%\System32\ufcrxvdi.exe -> [Ver = | Size = 2624 bytes | Modified Date = 5/31/2008 5:04:32 PM | Attr = ] uqkgldeh.dll -> %SystemRoot%\System32\uqkgldeh.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/18/2008 5:55:41 PM | Attr = ] uvfnrrio.dll -> %SystemRoot%\System32\uvfnrrio.dll -> [Ver = | Size = 126528 bytes | Modified Date = 5/24/2008 4:59:18 PM | Attr = ] vgwxwjdl.dll -> %SystemRoot%\System32\vgwxwjdl.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/19/2008 6:06:17 PM | Attr = ] voralkfu.dll -> %SystemRoot%\System32\voralkfu.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/19/2008 6:12:19 PM | Attr = ] vtivnifc.ini -> %SystemRoot%\System32\vtivnifc.ini -> [Ver = | Size = 2735568 bytes | Modified Date = 6/1/2008 5:51:49 PM | Attr = HS] VxxxHRqr.ini -> %SystemRoot%\System32\VxxxHRqr.ini -> [Ver = | Size = 307857 bytes | Modified Date = 6/2/2008 2:24:17 AM | Attr = HS] VxxxHRqr.ini2 -> %SystemRoot%\System32\VxxxHRqr.ini2 -> [Ver = | Size = 307841 bytes | Modified Date = 6/2/2008 2:22:54 AM | Attr = HS] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 5/31/2008 4:55:42 PM | Attr = ] wnycleiw.dll -> %SystemRoot%\System32\wnycleiw.dll -> [Ver = | Size = 124992 bytes | Modified Date = 5/19/2008 5:51:20 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 6/1/2008 10:00:16 PM | Attr = ] xekpcjda.dll -> %SystemRoot%\System32\xekpcjda.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/19/2008 6:09:19 PM | Attr = ] xxyVMdcA.dll -> %SystemRoot%\System32\xxyVMdcA.dll -> [Ver = | Size = 57344 bytes | Modified Date = 5/14/2008 1:44:54 AM | Attr = ] yukyjvib.dll -> %SystemRoot%\System32\yukyjvib.dll -> [Ver = | Size = 32320 bytes | Modified Date = 5/19/2008 6:00:17 PM | Attr = ] yxqnlbvf.ini -> %SystemRoot%\System32\yxqnlbvf.ini -> [Ver = | Size = 1555684 bytes | Modified Date = 5/18/2008 5:43:33 PM | Attr = HS] __c00300A4.dat -> %SystemRoot%\System32\__c00300A4.dat -> [Ver = | Size = 32320 bytes | Modified Date = 5/15/2008 2:18:08 PM | Attr = ] __c00387A5.dat -> %SystemRoot%\System32\__c00387A5.dat -> [Ver = | Size = 32320 bytes | Modified Date = 5/19/2008 6:00:20 PM | Attr = ] __c0045D10.dat -> %SystemRoot%\System32\__c0045D10.dat -> [Ver = | Size = 32320 bytes | Modified Date = 5/15/2008 2:16:31 PM | Attr = ] __c0099E89.dat -> %SystemRoot%\System32\__c0099E89.dat -> [Ver = | Size = 32320 bytes | Modified Date = 5/18/2008 5:58:29 PM | Attr = ] __c00E3EA4.dat -> %SystemRoot%\System32\__c00E3EA4.dat -> [Ver = | Size = 32320 bytes | Modified Date = 5/19/2008 6:09:19 PM | Attr = ] __c00F459C.dat -> %SystemRoot%\System32\__c00F459C.dat -> [Ver = | Size = 32320 bytes | Modified Date = 5/15/2008 2:21:08 PM | Attr = ] __c00F9C09.dat -> %SystemRoot%\System32\__c00F9C09.dat -> [Ver = | Size = 32320 bytes | Modified Date = 5/19/2008 6:06:19 PM | Attr = ] BMef830d90.xml -> %SystemRoot%\BMef830d90.xml -> [Ver = | Size = 109807 bytes | Modified Date = 6/1/2008 5:51:38 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/1/2008 10:00:01 PM | Attr = S] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 204 bytes | Modified Date = 6/1/2008 7:32:31 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 5/14/2008 1:06:47 AM | Attr = ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/1/2008 6:21:40 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/31/2008 4:55:26 PM | Attr = HS] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 6/1/2008 5:02:49 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/2/2008 2:12:56 AM | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 6/1/2008 10:00:33 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 5/21/2008 2:31:26 PM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/31/2008 4:55:41 PM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 5/21/2008 11:47:51 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 5/14/2008 1:10:24 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 6/1/2008 10:00:46 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/2/2008 2:12:42 AM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 5/29/2008 7:03:01 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/1/2008 10:00:18 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 9/11/2007 9:23:21 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0 -> [Ver = | Size = 7886 bytes | Modified Date = 5/14/2008 5:38:54 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1 -> [Ver = | Size = 7886 bytes | Modified Date = 5/14/2008 5:38:54 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 9/10/2007 6:58:04 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11 -> [Ver = | Size = 8206 bytes | Modified Date = 9/11/2007 9:27:36 AM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 6/2/2008 2:12:42 AM | Attr = ] Perflib_Perfdata_e80.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_e80 -> [Ver = | Size = 16384 bytes | Modified Date = 5/28/2008 5:19:58 PM | Attr = ] 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [Folder | Modified Date = 5/15/2008 3:37:09 PM | Attr = S] index.dat -> C:\WINDOWS\Temp\Cookies\index -> [Ver = | Size = 16384 bytes | Modified Date = 6/1/2008 10:01:16 PM | Attr = ] C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 5/15/2008 3:37:09 PM | Attr = S] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index -> [Ver = | Size = 16384 bytes | Modified Date = 6/1/2008 10:01:16 PM | Attr = ] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 5/15/2008 3:37:09 PM | Attr = S] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index -> [Ver = | Size = 32768 bytes | Modified Date = 6/1/2008 10:01:16 PM | Attr = ] C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 5/15/2008 3:37:09 PM | Attr = S] desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop -> [Ver = | Size = 113 bytes | Modified Date = 5/15/2008 3:37:09 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 5/15/2008 3:37:09 PM | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop -> [Ver = | Size = 67 bytes | Modified Date = 5/15/2008 3:37:09 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2JMZENWD\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2JMZENWD -> [Folder | Modified Date = 5/15/2008 3:37:09 PM | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\2JMZENWD\desktop -> [Ver = | Size = 67 bytes | Modified Date = 5/15/2008 3:37:09 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\A3W1OH85\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\A3W1OH85 -> [Folder | Modified Date = 5/15/2008 3:37:09 PM | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\A3W1OH85\desktop -> [Ver = | Size = 67 bytes | Modified Date = 5/15/2008 3:37:09 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CT0ZGRK3\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CT0ZGRK3 -> [Folder | Modified Date = 5/15/2008 3:37:09 PM | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CT0ZGRK3\desktop -> [Ver = | Size = 67 bytes | Modified Date = 5/15/2008 3:37:09 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YJ87QB8P\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YJ87QB8P -> [Folder | Modified Date = 5/15/2008 3:37:09 PM | Attr = S] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YJ87QB8P\desktop -> [Ver = | Size = 67 bytes | Modified Date = 5/15/2008 3:37:09 PM | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 5/31/2008 4:34:56 PM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Modified Date = 5/23/2008 1:10:17 PM | Attr = ] Uniblue -> %AppData%\Uniblue -> [Folder | Modified Date = 6/1/2008 11:11:23 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 164352 bytes | Modified Date = 5/31/2008 5:29:59 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 7443520 bytes | Modified Date = 6/1/2008 8:44:14 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 6/1/2008 7:10:45 PM | Attr = ] AdvSysOpt -> %UserProfile%\My Documents\AdvSysOpt -> [Folder | Modified Date = 5/21/2008 2:26:13 PM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 5/29/2008 8:10:30 AM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 565 bytes | Modified Date = 6/2/2008 1:28:59 AM | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 5/10/2008 2:41:59 PM | Attr = R ] naruto_399.zip -> %UserProfile%\My Documents\naruto_399.zip -> [Ver = | Size = 1559160 bytes | Modified Date = 5/10/2008 2:09:56 AM | Attr = ] naruto_400.zip -> %UserProfile%\My Documents\naruto_400.zip -> [Ver = | Size = 3695840 bytes | Modified Date = 5/18/2008 5:52:09 PM | Attr = ] 080516 -> %UserProfile%\Desktop\080516 -> [Folder | Modified Date = 5/20/2008 3:16:35 PM | Attr = ] 080517 -> %UserProfile%\Desktop\080517 -> [Folder | Modified Date = 5/20/2008 3:18:18 PM | Attr = ] 080518 -> %UserProfile%\Desktop\080518 -> [Folder | Modified Date = 5/20/2008 4:15:59 PM | Attr = ] 98.7FM Funny talk.mp3 -> %UserProfile%\Desktop\98.7FM Funny talk.mp3 -> [Ver = | Size = 1130624 bytes | Modified Date = 5/19/2008 10:55:39 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\98.7FM Funny talk.mp3:Zone.Identifier ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 6/2/2008 2:12:04 AM | Attr = ] billy joel - honesty.mp3 -> %UserProfile%\Desktop\billy joel - honesty.mp3 -> [Ver = | Size = 3715394 bytes | Modified Date = 5/15/2008 1:26:12 AM | Attr = ] GEN3030 -> %UserProfile%\Desktop\GEN3030 -> [Folder | Modified Date = 5/21/2008 6:51:38 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 5/24/2008 5:19:47 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 5/24/2008 5:18:42 PM | Attr = ] KASPERSKY -> %UserProfile%\Desktop\KASPERSKY -> [Folder | Modified Date = 5/14/2008 12:27:28 AM | Attr = ] Keat Soon's Questions.doc -> %UserProfile%\Desktop\Keat Soon's Questions.doc -> [Ver = | Size = 33792 bytes | Modified Date = 5/20/2008 4:07:12 PM | Attr = ] Ma'Daerah (16-18th May 08) - JK -> %UserProfile%\Desktop\Ma'Daerah (16-18th May 08) - JK -> [Folder | Modified Date = 5/20/2008 3:12:17 PM | Attr = ] MaDaerah 160508 (Michy) -> %UserProfile%\Desktop\MaDaerah 160508 (Michy) -> [Folder | Modified Date = 5/20/2008 2:51:17 PM | Attr = ] Media -> %UserProfile%\Desktop\Media -> [Folder | Modified Date = 5/30/2008 12:12:32 AM | Attr = ] nrg2320.pdf -> %UserProfile%\Desktop\nrg2320.pdf -> [Ver = | Size = 740646 bytes | Modified Date = 5/16/2008 1:01:17 AM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 6/2/2008 2:22:30 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 544374 bytes | Modified Date = 6/2/2008 2:20:31 AM | Attr = ] P1270179 (Small).JPG -> %UserProfile%\Desktop\P1270179 (Small).JPG -> [Ver = | Size = 33474 bytes | Modified Date = 5/15/2008 1:45:39 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\P1270179 (Small).JPG:Zone.Identifier salmon.jpg -> %UserProfile%\Desktop\salmon.jpg -> [Ver = | Size = 52575 bytes | Modified Date = 6/1/2008 7:52:55 PM | Attr = ] Sci -> %UserProfile%\Desktop\Sci -> [Folder | Modified Date = 5/23/2008 1:10:09 PM | Attr = ] sdifbla -> %UserProfile%\Desktop\sdifbla -> [Folder | Modified Date = 5/31/2008 4:31:50 PM | Attr = ] Sparks -> %UserProfile%\Desktop\Sparks -> [Folder | Modified Date = 5/10/2008 2:55:54 PM | Attr = ] SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [Ver = | Size = 6439960 bytes | Modified Date = 6/1/2008 11:25:07 PM | Attr = ] Work -> %UserProfile%\Desktop\Work -> [Folder | Modified Date = 5/16/2008 12:52:55 AM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 5/29/2008 5:14:12 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 6/1/2008 11:31:11 PM | Attr = ] < End of report > [/code]