[code] OTScanIt logfile created on: 6/3/2008 3:22:04 PM OTScanIt by OldTimer - Version 1.0.15.10 Folder = C:\Documents and Settings\Dennis Bidne\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 503.42 Mb Total Physical Memory | 101.53 Mb Available Physical Memory | 20.17% Memory free 1.20 Gb Paging File | 0.80 Gb Available in Paging File | 66.37% Paging File free Paging file location(s): C:\pagefile.sys 756 1512; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 92.96 Gb Total Space | 80.00 Gb Free Space | 86.06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 3.81 Gb Total Space | 3.81 Gb Free Space | 99.86% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DENNIS Current User Name: Dennis Bidne Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 10/15/2004 1:22:14 PM | Attr = ] s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 10/15/2004 1:24:48 PM | Attr = ] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 12:59:32 AM | Attr = ] appsvc32.exe -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 3:19:28 AM | Attr = ] aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 3:07:32 PM | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 7:27:24 PM | Attr = ] cdac11ba.exe -> %SystemRoot%\system32\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 5/27/2006 8:17:41 PM | Attr = ] cfsvcs.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 41 | Size = 36864 bytes | Modified Date = 11/10/2004 1:14:08 PM | Attr = ] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 12:59:32 AM | Attr = ] dvdramsv.exe -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 4:38:26 PM | Attr = ] zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 9, 0, 1, 51 | Size = 389120 bytes | Modified Date = 10/15/2004 1:27:38 PM | Attr = ] googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 4/6/2008 9:11:03 PM | Attr = ] oprotsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\OProtSvc.exe -> Intel Corporation [Ver = 9, 0, 1, 3 | Size = 98304 bytes | Modified Date = 10/15/2004 1:30:52 PM | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 2:14:36 PM | Attr = ] regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 10/15/2004 1:21:38 PM | Attr = ] smagent.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 6:50:10 PM | Attr = ] swupdtmr.exe -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 53248 bytes | Modified Date = 5/13/2004 4:46:02 PM | Attr = ] tappsrv.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 7M | Size = 34816 bytes | Modified Date = 12/14/2004 10:12:04 PM | Attr = ] 1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> Intel [Ver = 9, 0, 1, 35 | Size = 245760 bytes | Modified Date = 10/15/2004 1:23:12 PM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3929 | Size = 126976 bytes | Modified Date = 10/8/2004 11:27:22 AM | Attr = ] syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.12.4 14Oct04 | Size = 98394 bytes | Modified Date = 10/14/2004 5:28:02 PM | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.12.4 14Oct04 | Size = 688218 bytes | Modified Date = 10/14/2004 5:26:40 PM | Attr = ] thotkey.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\THotkey.exe -> TOSHIBA [Ver = 1.00.0010 | Size = 368640 bytes | Modified Date = 12/14/2004 10:12:36 PM | Attr = ] ndstray.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\NDSTray.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 79 | Size = 929792 bytes | Modified Date = 11/12/2004 11:54:56 PM | Attr = ] ltmoh.exe -> %ProgramFiles%\ltmoh\ltmoh.exe -> Agere Systems [Ver = 1.73 | Size = 184320 bytes | Modified Date = 9/5/2003 8:16:30 PM | Attr = ] agrsmmsg.exe -> %SystemRoot%\agrsmmsg.exe -> Agere Systems [Ver = 2.1.47.6 2.1.47.6 10/28/2004 13:37:38 | Size = 88363 bytes | Modified Date = 10/28/2004 5:37:40 PM | Attr = ] smoothview.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe -> TOSHIBA Corporation [Ver = 2, 0, 0, 18 | Size = 135168 bytes | Modified Date = 9/15/2004 6:03:08 PM | Attr = ] tvstray.exe -> %ProgramFiles%\TOSHIBA\Tvs\TvsTray.exe -> TOSHIBA Corporation [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Modified Date = 11/12/2004 8:57:12 PM | Attr = ] smax4pnp.exe -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe -> Analog Devices, Inc. [Ver = 5, 0, 2, 1 | Size = 1388544 bytes | Modified Date = 7/27/2004 4:48:04 PM | Attr = ] tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 8/3/2004 3:05:00 AM | Attr = ] tfncky.exe -> %ProgramFiles%\TOSHIBA\TOSHIBA Controls\TFncKy.exe -> TOSHIBA Corporation [Ver = 3.14.00 | Size = 114688 bytes | Modified Date = 10/25/2004 6:23:10 PM | Attr = ] tpsmain.exe -> %SystemRoot%\system32\TPSMain.exe -> TOSHIBA Corporation [Ver = 1, 0, 14, 1 | Size = 278528 bytes | Modified Date = 8/27/2004 12:34:20 PM | Attr = ] padexe.exe -> %ProgramFiles%\TOSHIBA\Touch and Launch\PadExe.exe -> TOSHIBA [Ver = 1, 2, 7, 0 | Size = 1077301 bytes | Modified Date = 9/7/2004 5:03:20 PM | Attr = ] tpsbattm.exe -> %SystemRoot%\system32\TPSBattM.exe -> TOSHIBA Corporation [Ver = 1, 0, 2, 0 | Size = 45056 bytes | Modified Date = 6/1/2004 11:43:10 PM | Attr = ] ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 10/15/2004 1:27:56 PM | Attr = ] eouwiz.exe -> %ProgramFiles%\Intel\Wireless\Bin\EOUWiz.exe -> Intel Corporation [Ver = 9, 0, 1, 26 | Size = 356352 bytes | Modified Date = 10/15/2004 1:31:32 PM | Attr = ] realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 11/16/2004 12:29:42 AM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 11/16/2004 12:30:04 AM | Attr = ] apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 2:46:24 AM | Attr = ] ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/10/2007 12:59:52 AM | Attr = ] 3876.exe -> %AppData%\Microsoft\dtsc\3876.exe -> [Ver = | Size = 121856 bytes | Modified Date = 5/24/2008 9:57:14 AM | Attr = ] toscdspd.exe -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 6:24:46 AM | Attr = ] googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1172.2021.beta | Size = 124400 bytes | Modified Date = 4/6/2008 9:10:59 PM | Attr = ] ramasst.exe -> %SystemRoot%\system32\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 3/14/2003 2:38:12 PM | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1251720 bytes | Modified Date = 3/28/2008 7:25:49 PM | Attr = ] lucoms~1.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 7:27:24 PM | Attr = ] aupdate.exe -> %ProgramFiles%\Symantec\LiveUpdate\AUPDATE.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 623984 bytes | Modified Date = 9/12/2007 7:27:24 PM | Attr = ] lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 484720 bytes | Modified Date = 9/12/2007 7:27:24 PM | Attr = ] lucallbackproxy.exe -> %ProgramFiles%\Symantec\LiveUpdate\LuCallbackProxy.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 484720 bytes | Modified Date = 9/12/2007 7:27:24 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.10 | Size = 373760 bytes | Modified Date = 6/2/2008 12:37:14 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 3:07:32 PM | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 7:27:24 PM | Attr = ] (C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\drivers\CDAC11BA.EXE -> C-Dilla Ltd [Ver = 4.11.050 | Size = 39936 bytes | Modified Date = 5/27/2006 8:17:41 PM | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 12:59:32 AM | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 12:59:32 AM | Attr = ] (CFSvcs) ConfigFree Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\ConfigFree\CFSvcs.exe -> TOSHIBA CORPORATION [Ver = 5, 0, 0, 41 | Size = 36864 bytes | Modified Date = 11/10/2004 1:14:08 PM | Attr = ] (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 12:59:32 AM | Attr = ] (comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 1.2.0.28 | Size = 49248 bytes | Modified Date = 1/12/2007 10:40:58 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] (DVD-RAM_Service) DVD-RAM_Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\DVDRAMSV.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 2, 0, 7, 0 | Size = 106496 bytes | Modified Date = 5/23/2003 4:38:26 PM | Attr = ] (EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 9, 0, 1, 12 | Size = 86016 bytes | Modified Date = 10/15/2004 1:22:14 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 4/6/2008 9:11:03 PM | Attr = ] (ISPwdSvc) Symantec IS Password Validation [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Norton Internet Security\isPwdSvc.exe -> Symantec Corporation [Ver = 10.2.0.50 | Size = 80504 bytes | Modified Date = 1/14/2007 2:11:06 AM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 7:27:24 PM | Attr = ] (LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 106.2.0.21 | Size = 108648 bytes | Modified Date = 1/10/2007 12:59:32 AM | Attr = ] (LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 8:51:10 PM | Attr = ] (OwnershipProtocol) OwnershipProtocol [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\OProtSvc.exe -> Intel Corporation [Ver = 9, 0, 1, 3 | Size = 98304 bytes | Modified Date = 10/15/2004 1:30:52 PM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 2:14:36 PM | Attr = ] (RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 9, 0, 1, 10 | Size = 139264 bytes | Modified Date = 10/15/2004 1:21:38 PM | Attr = ] (S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 9, 0, 1, 41 | Size = 360521 bytes | Modified Date = 10/15/2004 1:24:48 PM | Attr = ] (SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Analog Devices\SoundMAX\SMAgent.exe -> Analog Devices, Inc. [Ver = 3, 2, 6, 0 | Size = 45056 bytes | Modified Date = 9/20/2002 6:50:10 PM | Attr = ] (Swupdtmr) Swupdtmr [Win32_Own | Auto | Running] -> %SystemDrive%\TOSHIBA\IVP\swupdate\swupdtmr.exe -> [Ver = | Size = 53248 bytes | Modified Date = 5/13/2004 4:46:02 PM | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1251720 bytes | Modified Date = 3/28/2008 7:25:49 PM | Attr = ] (SymAppCore) Symantec AppCore Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\AppCore\AppSvc32.exe -> Symantec Corporation [Ver = 1.1.1.2 | Size = 47712 bytes | Modified Date = 1/5/2007 3:19:28 AM | Attr = ] (TAPPSRV) TOSHIBA Application Service [Win32_Own | Auto | Running] -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -> TOSHIBA Corp. [Ver = 1, 0, 0, 7M | Size = 34816 bytes | Modified Date = 12/14/2004 10:12:04 PM | Attr = ] [Driver Services - Non-Microsoft Only] (aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.0.1.8 built by: WinDDK | Size = 129280 bytes | Modified Date = 10/6/2004 11:29:50 AM | Attr = ] (AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.6.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.1.6.0 | Size = 17119 bytes | Modified Date = 6/27/2006 4:11:21 PM | Attr = ] (AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AGRSM.sys -> Agere Systems [Ver = 2.1.47.6 2.1.47.6 10/28/2004 13:37:48 | Size = 1270572 bytes | Modified Date = 10/28/2004 5:37:50 PM | Attr = ] (ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 11/16/2004 12:29:45 AM | Attr = ] (catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found (CdaC15BA) CdaC15BA [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\CDAC15BA.SYS -> [Ver = | Size = 8864 bytes | Modified Date = 5/27/2006 8:17:38 PM | Attr = ] (Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> Roxio [Ver = 6.2.0.132 | Size = 67024 bytes | Modified Date = 10/22/2003 11:15:02 PM | Attr = ] (Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\cdralw2k.sys -> Roxio [Ver = 6.2.0.132 | Size = 24698 bytes | Modified Date = 10/22/2003 11:15:02 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] (drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.94c | Size = 87168 bytes | Modified Date = 8/17/2004 5:21:00 AM | Attr = ] (drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> Sonic Solutions [Ver = 2.56.45a | Size = 40448 bytes | Modified Date = 7/14/2004 4:56:00 AM | Attr = ] (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 385072 bytes | Modified Date = 1/18/2008 4:00:00 AM | Attr = ] (EraserUtilRebootDrv) EraserUtilRebootDrv [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -> Symantec Corporation [Ver = 107.4.1.2 | Size = 109616 bytes | Modified Date = 1/18/2008 4:00:00 AM | Attr = ] (grmnusb) grmnusb [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\grmnusb.sys -> GARMIN Corp. [Ver = 2.1 | Size = 7296 bytes | Modified Date = 9/23/2003 9:42:34 AM | Attr = ] (ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3929 | Size = 752093 bytes | Modified Date = 10/8/2004 11:54:56 AM | Attr = ] (Iviaspi) IVI ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iviaspi.sys -> InterVideo, Inc. [Ver = 1, 0, 0, 0 | Size = 21060 bytes | Modified Date = 9/11/2003 2:36:54 AM | Attr = ] (IWCA) Intel Wireless Connection Agent Miniport for Win XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iwca.sys -> Intel Corporation [Ver = 9.00.0.17 built by: WinDDK | Size = 234496 bytes | Modified Date = 8/12/2004 10:44:04 AM | Attr = ] (meiudf) meiudf [File_System | System | Running] -> %SystemRoot%\system32\drivers\meiudf.sys -> Matsushita Electric Industrial Co.,Ltd. [Ver = 3.1.0.0 | Size = 90480 bytes | Modified Date = 1/30/2004 1:32:32 PM | Attr = ] (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080602.003\NAVENG.SYS -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 82256 bytes | Modified Date = 5/15/2008 5:21:16 PM | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080602.003\NAVEX15.SYS -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 895408 bytes | Modified Date = 5/15/2008 5:21:16 PM | Attr = ] (Netdevio) TOSHIBA Network Device Usermode I/O Protocol [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\Netdevio.sys -> TOSHIBA Corporation. [Ver = Version 5.00.01.00 built by: WinDDK | Size = 12032 bytes | Modified Date = 1/29/2003 4:35:00 PM | Attr = ] (Pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 204 | Size = 21248 bytes | Modified Date = 9/19/2003 5:45:48 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.10a | Size = 20576 bytes | Modified Date = 7/13/2004 5:03:00 AM | Attr = ] (s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 9, 0, 1, 3 | Size = 11354 bytes | Modified Date = 10/15/2004 1:20:04 PM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = ] (smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.5240 | Size = 259648 bytes | Modified Date = 9/1/2004 3:17:46 PM | Attr = ] (SPBBCDrv) SPBBCDrv [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\SPBBC\SPBBCDrv.sys -> Symantec Corporation [Ver = 3.3.1.3 | Size = 418104 bytes | Modified Date = 4/14/2007 2:49:32 AM | Attr = ] (SRTSP) SRTSP [File_System | System | Running] -> %SystemRoot%\system32\drivers\srtsp.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 279088 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ] (SRTSPL) SRTSPL [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\srtspl.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 317616 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ] (SRTSPX) SRTSPX [Kernel | System | Running] -> %SystemRoot%\system32\drivers\srtspx.sys -> Symantec Corporation [Ver = 10.2.2.5 | Size = 43696 bytes | Modified Date = 11/30/2007 11:57:12 PM | Attr = ] (sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 5627 bytes | Modified Date = 7/14/2004 1:29:04 PM | Attr = ] (ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> Sonic Solutions [Ver = 1.10.87a | Size = 23545 bytes | Modified Date = 7/14/2004 1:28:50 PM | Attr = ] (SYMDNS) SYMDNS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symdns.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 12984 bytes | Modified Date = 1/9/2007 5:32:13 PM | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Modified Date = 6/2/2008 9:20:29 PM | Attr = ] (SYMFW) SYMFW [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symfw.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 145976 bytes | Modified Date = 1/9/2007 5:32:13 PM | Attr = ] (SYMIDS) SYMIDS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symids.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 40120 bytes | Modified Date = 1/9/2007 5:32:13 PM | Attr = ] (SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\SymcData\idsdefs\20080530.001\SymIDSCo.sys -> Symantec Corporation [Ver = 8.2.1.2 | Size = 240496 bytes | Modified Date = 2/13/2008 11:18:19 AM | Attr = ] (SYMNDIS) SYMNDIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symndis.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 35256 bytes | Modified Date = 1/9/2007 5:32:13 PM | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 27576 bytes | Modified Date = 1/9/2007 5:32:13 PM | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 7.2.0.14 | Size = 191544 bytes | Modified Date = 1/9/2007 5:32:13 PM | Attr = ] (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.12.4 14Oct04 | Size = 185728 bytes | Modified Date = 10/14/2004 5:14:04 PM | Attr = ] (TBiosDrv) TBiosDrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tbiosdrv.sys -> [Ver = | Size = 6867 bytes | Modified Date = 6/11/2003 11:53:22 AM | Attr = ] (tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 25723 bytes | Modified Date = 8/3/2004 3:05:00 AM | Attr = ] (tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 34843 bytes | Modified Date = 8/3/2004 3:05:00 AM | Attr = ] (tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 4123 bytes | Modified Date = 8/3/2004 3:05:00 AM | Attr = ] (tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 2239 bytes | Modified Date = 8/3/2004 3:05:00 AM | Attr = ] (tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 86138 bytes | Modified Date = 8/3/2004 3:05:00 AM | Attr = ] (tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 14715 bytes | Modified Date = 8/3/2004 3:05:00 AM | Attr = ] (tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 6363 bytes | Modified Date = 8/3/2004 3:05:00 AM | Attr = ] (tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 98714 bytes | Modified Date = 8/3/2004 3:05:00 AM | Attr = ] (tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.08a | Size = 100603 bytes | Modified Date = 8/3/2004 3:05:00 AM | Attr = ] (tifm21) tifm21 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tifm21.sys -> Texas Instruments [Ver = 1.0.2.1 | Size = 146304 bytes | Modified Date = 9/13/2004 4:40:56 PM | Attr = ] (TVALD) Toshiba Mobile PC Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NBSMI.sys -> Toshiba Corporation [Ver = 1.0.0.6M built by: WinDDK | Size = 4352 bytes | Modified Date = 7/26/2004 5:28:02 PM | Attr = ] (Tvs) Toshiba Virtual Sound with SRS technologies [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Tvs.sys -> TOSHIBA Corporation [Ver = 1, 0, 0, 4 | Size = 29056 bytes | Modified Date = 11/12/2004 8:57:10 PM | Attr = ] (w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w29n51.sys -> Intel® Corporation [Ver = 9001-9 Driver | Size = 3222784 bytes | Modified Date = 12/8/2004 10:44:56 AM | Attr = ] (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 7:13:04 PM | Attr = ] (ygM41) ygM41 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\Drivers\ygM41.sys -> File not found (yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\yk51x86.sys -> Marvell [Ver = 7.29.4.3 built by: WinDDK | Size = 224000 bytes | Modified Date = 11/26/2004 10:29:00 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/7/2005 2:46:24 AM | Attr = ] AGRSMMSG -> %SystemRoot%\agrsmmsg.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.47.6 2.1.47.6 10/28/2004 13:37:38 | Size = 88363 bytes | Modified Date = 10/28/2004 5:37:40 PM | Attr = ] ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 106.2.0.21 | Size = 115816 bytes | Modified Date = 1/10/2007 12:59:52 AM | Attr = ] dla -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> Sonic Solutions [Ver = 1.04.08a | Size = 122939 bytes | Modified Date = 8/3/2004 3:05:00 AM | Attr = ] EOUApp -> %ProgramFiles%\Intel\Wireless\Bin\EOUWiz.exe [C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe] -> Intel Corporation [Ver = 9, 0, 1, 26 | Size = 356352 bytes | Modified Date = 10/15/2004 1:31:32 PM | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.3929 | Size = 126976 bytes | Modified Date = 10/8/2004 11:27:22 AM | Attr = ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.3929 | Size = 155648 bytes | Modified Date = 10/8/2004 11:31:26 AM | Attr = ] IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe [C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless] -> Intel Corporation [Ver = 9, 0, 1, 19 | Size = 385024 bytes | Modified Date = 10/15/2004 1:27:56 PM | Attr = ] LtMoh -> %ProgramFiles%\ltmoh\ltmoh.exe [C:\Program Files\ltmoh\Ltmoh.exe] -> Agere Systems [Ver = 1.73 | Size = 184320 bytes | Modified Date = 9/5/2003 8:16:30 PM | Attr = ] NDSTray.exe -> [NDSTray.exe] -> File not found osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe ["C:\Program Files\Norton Internet Security\osCheck.exe"] -> Symantec Corporation [Ver = 10.2.0.50 | Size = 771704 bytes | Modified Date = 1/14/2007 2:11:10 AM | Attr = ] PadTouch -> %ProgramFiles%\TOSHIBA\Touch and Launch\PadExe.exe [C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe] -> TOSHIBA [Ver = 1, 2, 7, 0 | Size = 1077301 bytes | Modified Date = 9/7/2004 5:03:20 PM | Attr = ] Pinger -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe [c:\toshiba\ivp\ism\pinger.exe /run] -> TOSHIBA Corporation [Ver = 3.6.0.0 | Size = 147456 bytes | Modified Date = 11/3/2004 2:12:26 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 6.5 | Size = 98304 bytes | Modified Date = 11/16/2004 12:30:04 AM | Attr = ] RealTray -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER] -> RealNetworks, Inc. [Ver = 6.0.9.584 | Size = 26112 bytes | Modified Date = 11/16/2004 12:29:42 AM | Attr = ] SmoothView -> %ProgramFiles%\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe] -> TOSHIBA Corporation [Ver = 2, 0, 0, 18 | Size = 135168 bytes | Modified Date = 9/15/2004 6:03:08 PM | Attr = ] SoundMAXPnP -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4PNP.exe [C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe] -> Analog Devices, Inc. [Ver = 5, 0, 2, 1 | Size = 1388544 bytes | Modified Date = 7/27/2004 4:48:04 PM | Attr = ] Symantec PIF AlertEng -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe ["C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"] -> Symantec Corporation [Ver = 1.4.5.73 | Size = 583048 bytes | Modified Date = 11/28/2007 8:51:10 PM | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.12.4 14Oct04 | Size = 688218 bytes | Modified Date = 10/14/2004 5:26:40 PM | Attr = ] SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.12.4 14Oct04 | Size = 98394 bytes | Modified Date = 10/14/2004 5:28:02 PM | Attr = ] TFncKy -> [TFncKy.exe] -> File not found THotkey -> %ProgramFiles%\TOSHIBA\TOSHIBA Applet\THotkey.exe [C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe] -> TOSHIBA [Ver = 1.00.0010 | Size = 368640 bytes | Modified Date = 12/14/2004 10:12:36 PM | Attr = ] TPSMain -> %SystemRoot%\system32\TPSMain.exe [TPSMain.exe] -> TOSHIBA Corporation [Ver = 1, 0, 14, 1 | Size = 278528 bytes | Modified Date = 8/27/2004 12:34:20 PM | Attr = ] Tvs -> %ProgramFiles%\TOSHIBA\Tvs\TvsTray.exe [C:\Program Files\Toshiba\Tvs\TvsTray.exe] -> TOSHIBA Corporation [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Modified Date = 11/12/2004 8:57:12 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Microsoft Windows Installer -> %AppData%\Microsoft\dtsc\3876.exe [C:\Documents and Settings\Dennis Bidne\Application Data\Microsoft\dtsc\3876.exe] -> [Ver = | Size = 121856 bytes | Modified Date = 5/24/2008 9:57:14 AM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 4/26/2007 5:28:06 PM | Attr = ] TOSCDSPD -> %ProgramFiles%\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] -> TOSHIBA [Ver = 1, 0, 5, 0 | Size = 65536 bytes | Modified Date = 9/5/2003 6:24:46 AM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1172.2021.beta | Size = 124400 bytes | Modified Date = 4/6/2008 9:10:59 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\RAMASST.lnk -> %SystemRoot%\system32\RAMASST.exe -> Matsushita Electric Industrial Co., Ltd. [Ver = 1, 0, 9, 0 | Size = 155648 bytes | Modified Date = 3/14/2003 2:38:12 PM | Attr = ] < Dennis Bidne Startup Folder > -> C:\Documents and Settings\Dennis Bidne\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3929 | Size = 344064 bytes | Modified Date = 10/8/2004 11:27:00 AM | Attr = ] IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> Intel Corporation [Ver = 9, 0, 1, 0 | Size = 110592 bytes | Modified Date = 10/15/2004 1:27:42 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomMATSHITA_DVD-RAM_UJ-830S________________1.00____\5&22345997&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 11/15/2004 9:28:07 PM | Attr = ] < HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 1 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4497 domain(s) found. -> 36 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4496 domain(s) found. -> 35 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {00110011-4b0b-44d5-9718-90c88817369b} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {086ae192-23a6-48d6-96ec-715f53797e85} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {150fa160-130d-451f-b863-b655061432ba} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {1E8A6170-7264-4D0F-BEAE-D42A53123C75} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\1.5\NppBHO.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2007.1.5.29 | Size = 96936 bytes | Modified Date = 1/12/2007 2:04:50 AM | Attr = R ] {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {2d38a51a-23c9-48a1-a33c-48675aa2b494} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {2e9caff6-30c7-4208-8807-e79d4ec6f806} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {5321e378-ffad-4999-8c62-03ca8155f0b3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {587dbf2d-9145-4c9e-92c2-1f953da73773} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.08a | Size = 118842 bytes | Modified Date = 8/3/2004 3:05:00 AM | Attr = ] {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {79369d5c-2903-4b7a-ade2-d5e0dee14d24} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {799a370d-5993-4887-9df7-0a4756a77d00} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {98dbbf16-ca43-4c33-be80-99e6694468a4} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {a55581dc-2cdb-4089-8878-71a080b22342} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 4/4/2008 3:13:16 PM | Attr = ] {b847676d-72ac-4393-bfff-43a1eb979352} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {bc97b254-b2b9-4d40-971d-78e0978f5f26} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {cf021f40-3e14-23a5-cba2-717765721306} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {e2ddf680-9905-4dee-8c64-0a5de7fe133c} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {e7afff2a-1b57-49c7-bf6b-e5123394c970} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {fcaddc14-bd46-408a-9842-cdbe1c6d37eb} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {fd9bc004-8331-4457-b830-4759ff704c22} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 7, 14, 1 | Size = 342600 bytes | Modified Date = 7/19/2005 4:49:10 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 7, 14, 1 | Size = 342600 bytes | Modified Date = 7/19/2005 4:49:10 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0\bin\NPJPI150.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 1.5.0.0 | Size = 69740 bytes | Modified Date = 11/16/2004 12:04:46 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0\bin\NPJPI150.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 1.5.0.0 | Size = 69740 bytes | Modified Date = 11/16/2004 12:04:46 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 4:56:24 PM | Attr = ] < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {107C0E6D-4428-4A90-9596-9C8D7AD673D9} -> (Intel(R) PRO/Wireless 2200BG Network Connection) -> {2DE2C112-5DE5-475A-98D9-B110CCA0B3F9} -> (1394 Net Adapter) -> {A07F7322-01A0-4C5B-8214-F194098DDA8B} -> (Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab[MySpace Uploader Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab[Java Plug-in 1.5.0] -> {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab[Java Plug-in 1.5.0] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\.Owner -> {48DD0448-9209-4F81-9F6D-D83562940134} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\{48DD0448-9209-4F81-9F6D-D83562940134} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{48DD0448-9209-4F81-9F6D-D83562940134} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> %SystemRoot%\y.exe [Y] -> [Ver = | Size = 30464 bytes | Modified Date = 6/3/2008 2:21:59 AM | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1056 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> %SystemRoot%\y.exe [y] -> [Ver = | Size = 30464 bytes | Modified Date = 6/3/2008 2:21:59 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 1D 32 E2 76 65 83 CA 0A 1B 0F D8 31 2C A6 C1 F2 65 64 39 39 61 33 63 35 00 00 00 00 46 73 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 5C D3 6C 58 F5 C0 99 60 54 ED 0B ED [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 13 26 BE 99 40 62 4F 1D 99 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 8C 95 2E 2B 0E 45 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 13 BC 52 BB EC 9F AA 87 C1 B0 89 86 E8 E7 70 D1 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> C0 D6 CE 2A 96 CB C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11483 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> America Online, Inc [Ver = 2.0.20.1.US.1 | Size = 496752 bytes | Modified Date = 4/7/2004 3:07:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 3:07:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> America Online, Inc. [Ver = 9.00.001 | Size = 259184 bytes | Modified Date = 5/24/2004 8:41:38 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\TOSHIBA\ivp\NetInt\Netint.exe -> %SystemDrive%\TOSHIBA\IVP\NetInt\netint.exe [C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine] -> TOSHIBA Corporation [Ver = 3.6.0.0 | Size = 462848 bytes | Modified Date = 11/3/2004 5:06:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\TOSHIBA\Ivp\ISM\pinger.exe -> %SystemDrive%\TOSHIBA\IVP\ISM\pinger.exe [C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger] -> TOSHIBA Corporation [Ver = 3.6.0.0 | Size = 147456 bytes | Modified Date = 11/3/2004 2:12:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> America Online, Inc [Ver = 2.0.20.1.US.1 | Size = 496752 bytes | Modified Date = 4/7/2004 3:07:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 3:07:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> America Online, Inc. [Ver = 9.00.001 | Size = 259184 bytes | Modified Date = 5/24/2004 8:41:38 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe -> %ProgramFiles%\TOSHIBA\ConfigFree\CFXFER.exe [C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Enabled:ConfigFree SUMMIT Engine] -> TOSHIBA CORPORATION [Ver = 2, 0, 0, 60 | Size = 819200 bytes | Modified Date = 11/11/2004 8:25:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 1 -> [Files/Folders - Created Within 30 days] cf -> %SystemDrive%\cf -> [Folder | Created Date = 6/2/2008 5:31:59 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 527941632 bytes | Created Date = 6/2/2008 7:54:07 PM | Attr = HS] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 6/2/2008 5:47:04 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 6/3/2008 3:19:32 PM | Attr = HS] SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 6/2/2008 7:43:33 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 5/27/2008 3:20:43 PM | Attr = ] adsldpp.exe -> %SystemRoot%\System32\adsldpp.exe -> [Ver = | Size = 130048 bytes | Created Date = 5/24/2008 9:57:22 AM | Attr = RHS] dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 6/2/2008 6:42:59 PM | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 6/2/2008 6:43:00 PM | Attr = ] Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 6/2/2008 6:42:59 PM | Attr = ] SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 6/2/2008 6:42:59 PM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 4446 bytes | Created Date = 6/2/2008 7:25:44 PM | Attr = ] VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 6/2/2008 6:42:59 PM | Attr = ] WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 6/2/2008 6:42:59 PM | Attr = ] accesss.exe -> %SystemRoot%\accesss.exe -> [Ver = | Size = 15104 bytes | Created Date = 6/3/2008 2:07:50 AM | Attr = ] astctl32.ocx -> %SystemRoot%\astctl32.ocx -> [Ver = | Size = 18944 bytes | Created Date = 6/3/2008 2:07:50 AM | Attr = ] avpcc.dll -> %SystemRoot%\avpcc.dll -> [Ver = | Size = 12288 bytes | Created Date = 6/3/2008 2:07:50 AM | Attr = ] clrssn.exe -> %SystemRoot%\clrssn.exe -> [Ver = | Size = 26624 bytes | Created Date = 6/3/2008 2:07:50 AM | Attr = ] cpan.dll -> %SystemRoot%\cpan.dll -> [Ver = | Size = 13824 bytes | Created Date = 6/3/2008 2:07:51 AM | Attr = ] ctfmon32.exe -> %SystemRoot%\ctfmon32.exe -> [Ver = | Size = 19712 bytes | Created Date = 6/2/2008 7:58:40 PM | Attr = ] ctrlpan.dll -> %SystemRoot%\ctrlpan.dll -> [Ver = | Size = 29184 bytes | Created Date = 6/2/2008 7:58:41 PM | Attr = ] default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1853 bytes | Created Date = 6/3/2008 2:22:11 AM | Attr = ] directx32.exe -> %SystemRoot%\directx32.exe -> [Ver = | Size = 13568 bytes | Created Date = 6/2/2008 7:58:41 PM | Attr = ] dnsrelay.dll -> %SystemRoot%\dnsrelay.dll -> [Ver = | Size = 27648 bytes | Created Date = 6/2/2008 7:58:41 PM | Attr = ] editpad.exe -> %SystemRoot%\editpad.exe -> [Ver = | Size = 22016 bytes | Created Date = 6/2/2008 7:58:42 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 6/2/2008 5:47:54 PM | Attr = ] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 6/2/2008 7:44:32 PM | Attr = ] explore.exe -> %SystemRoot%\explore.exe -> [Ver = | Size = 21504 bytes | Created Date = 6/3/2008 2:21:58 AM | Attr = ] explorer32.exe -> %SystemRoot%\explorer32.exe -> [Ver = | Size = 24064 bytes | Created Date = 6/2/2008 7:58:42 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 6/2/2008 5:45:20 PM | Attr = ] funniest.exe -> %SystemRoot%\funniest.exe -> [Ver = | Size = 28160 bytes | Created Date = 6/2/2008 7:58:42 PM | Attr = ] funny.exe -> %SystemRoot%\funny.exe -> [Ver = | Size = 32512 bytes | Created Date = 6/2/2008 7:58:43 PM | Attr = ] gfmnaaa.dll -> %SystemRoot%\gfmnaaa.dll -> [Ver = | Size = 18432 bytes | Created Date = 6/2/2008 7:58:43 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 6/2/2008 5:45:20 PM | Attr = ] helpcvs.exe -> %SystemRoot%\helpcvs.exe -> [Ver = | Size = 31488 bytes | Created Date = 6/2/2008 7:58:44 PM | Attr = ] iedll.exe -> %SystemRoot%\iedll.exe -> [Ver = | Size = 26624 bytes | Created Date = 6/3/2008 2:07:51 AM | Attr = ] iexplorer.exe -> %SystemRoot%\iexplorer.exe -> [Ver = | Size = 23040 bytes | Created Date = 6/3/2008 2:21:58 AM | Attr = ] inetinf.exe -> %SystemRoot%\inetinf.exe -> [Ver = | Size = 11264 bytes | Created Date = 6/2/2008 7:58:44 PM | Attr = ] internet.exe -> %SystemRoot%\internet.exe -> [Ver = | Size = 25600 bytes | Created Date = 6/2/2008 7:58:45 PM | Attr = ] loader.exe -> %SystemRoot%\loader.exe -> [Ver = | Size = 20992 bytes | Created Date = 6/3/2008 2:07:52 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 5/27/2008 5:34:45 PM | Attr = ] msconfd.dll -> %SystemRoot%\msconfd.dll -> [Ver = | Size = 21760 bytes | Created Date = 6/2/2008 7:58:46 PM | Attr = ] msspi.dll -> %SystemRoot%\msspi.dll -> [Ver = | Size = 26624 bytes | Created Date = 6/2/2008 7:58:46 PM | Attr = ] mssys.exe -> %SystemRoot%\mssys.exe -> [Ver = | Size = 28160 bytes | Created Date = 6/3/2008 2:07:52 AM | Attr = ] msupdate.exe -> %SystemRoot%\msupdate.exe -> [Ver = | Size = 26112 bytes | Created Date = 6/3/2008 2:07:52 AM | Attr = ] mswsc10.dll -> %SystemRoot%\mswsc10.dll -> [Ver = | Size = 8448 bytes | Created Date = 6/2/2008 7:58:47 PM | Attr = ] mswsc20.dll -> %SystemRoot%\mswsc20.dll -> [Ver = | Size = 23296 bytes | Created Date = 6/2/2008 7:58:47 PM | Attr = ] mtwirl32.dll -> %SystemRoot%\mtwirl32.dll -> [Ver = | Size = 18176 bytes | Created Date = 6/3/2008 2:07:53 AM | Attr = ] nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 6/2/2008 5:32:04 PM | Attr = ] notepad32.exe -> %SystemRoot%\notepad32.exe -> [Ver = | Size = 8192 bytes | Created Date = 6/3/2008 2:07:53 AM | Attr = ] olehelp.exe -> %SystemRoot%\olehelp.exe -> [Ver = | Size = 26112 bytes | Created Date = 6/3/2008 2:07:54 AM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 6/2/2008 3:37:42 PM | Attr = ] qttasks.exe -> %SystemRoot%\qttasks.exe -> [Ver = | Size = 19456 bytes | Created Date = 6/2/2008 7:58:48 PM | Attr = ] quicken.exe -> %SystemRoot%\quicken.exe -> [Ver = | Size = 11008 bytes | Created Date = 6/2/2008 7:58:48 PM | Attr = ] rundll16.exe -> %SystemRoot%\rundll16.exe -> [Ver = | Size = 20992 bytes | Created Date = 6/2/2008 7:58:49 PM | Attr = ] rundll32.vbe -> %SystemRoot%\rundll32.vbe -> [Ver = | Size = 8960 bytes | Created Date = 6/2/2008 7:58:49 PM | Attr = ] searchword.dll -> %SystemRoot%\searchword.dll -> [Ver = | Size = 32512 bytes | Created Date = 6/2/2008 7:58:49 PM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 6/2/2008 5:46:50 PM | Attr = ] sistem.exe -> %SystemRoot%\sistem.exe -> [Ver = | Size = 24320 bytes | Created Date = 6/2/2008 7:58:50 PM | Attr = ] svchost32.exe -> %SystemRoot%\svchost32.exe -> [Ver = | Size = 25088 bytes | Created Date = 6/2/2008 7:58:50 PM | Attr = ] svcinit.exe -> %SystemRoot%\svcinit.exe -> [Ver = | Size = 9984 bytes | Created Date = 6/2/2008 7:58:50 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 6/2/2008 5:46:50 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 6/2/2008 5:46:49 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/2/2008 5:46:49 PM | Attr = ] systeem.exe -> %SystemRoot%\systeem.exe -> [Ver = | Size = 14848 bytes | Created Date = 6/3/2008 2:07:54 AM | Attr = ] systemcritical.exe -> %SystemRoot%\systemcritical.exe -> [Ver = | Size = 26112 bytes | Created Date = 6/3/2008 2:07:54 AM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 6/3/2008 2:22:41 AM | Attr = ] time.exe -> %SystemRoot%\time.exe -> [Ver = | Size = 9728 bytes | Created Date = 6/2/2008 7:58:51 PM | Attr = ] users32.exe -> %SystemRoot%\users32.exe -> [Ver = | Size = 17408 bytes | Created Date = 6/3/2008 2:07:54 AM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 6/2/2008 5:46:49 PM | Attr = ] waol.exe -> %SystemRoot%\waol.exe -> [Ver = | Size = 27648 bytes | Created Date = 6/3/2008 2:07:55 AM | Attr = ] win32e.exe -> %SystemRoot%\win32e.exe -> [Ver = | Size = 17920 bytes | Created Date = 6/3/2008 2:07:55 AM | Attr = ] win64.exe -> %SystemRoot%\win64.exe -> [Ver = | Size = 22528 bytes | Created Date = 6/3/2008 2:07:55 AM | Attr = ] winajbm.dll -> %SystemRoot%\winajbm.dll -> [Ver = | Size = 14336 bytes | Created Date = 6/3/2008 2:07:55 AM | Attr = ] window.exe -> %SystemRoot%\window.exe -> [Ver = | Size = 18944 bytes | Created Date = 6/3/2008 2:07:56 AM | Attr = ] winmgnt.exe -> %SystemRoot%\winmgnt.exe -> [Ver = | Size = 27648 bytes | Created Date = 6/3/2008 2:07:56 AM | Attr = ] x.exe -> %SystemRoot%\x.exe -> [Ver = | Size = 27136 bytes | Created Date = 6/3/2008 2:21:59 AM | Attr = ] xplugin.dll -> %SystemRoot%\xplugin.dll -> [Ver = | Size = 21504 bytes | Created Date = 6/3/2008 2:07:56 AM | Attr = ] xxxvideo.hta -> %SystemRoot%\xxxvideo.hta -> [Ver = | Size = 12288 bytes | Created Date = 6/3/2008 2:07:56 AM | Attr = ] y.exe -> %SystemRoot%\y.exe -> [Ver = | Size = 30464 bytes | Created Date = 6/3/2008 2:21:59 AM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 6/2/2008 5:46:50 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 5/27/2008 3:28:18 PM | Attr = ] 051208.xls -> %UserProfile%\My Documents\051208.xls -> [Ver = | Size = 23040 bytes | Created Date = 5/11/2008 8:15:53 PM | Attr = ] 051908.xls -> %UserProfile%\My Documents\051908.xls -> [Ver = | Size = 23040 bytes | Created Date = 5/18/2008 8:31:53 PM | Attr = ] April08.xls -> %UserProfile%\My Documents\April08.xls -> [Ver = | Size = 111104 bytes | Created Date = 5/8/2008 9:55:24 PM | Attr = ] Feb08.xls -> %UserProfile%\My Documents\Feb08.xls -> [Ver = | Size = 110592 bytes | Created Date = 5/8/2008 6:54:54 PM | Attr = ] mar08.xls -> %UserProfile%\My Documents\mar08.xls -> [Ver = | Size = 110592 bytes | Created Date = 5/8/2008 9:14:40 PM | Attr = ] May 08.xls -> %UserProfile%\My Documents\May 08.xls -> [Ver = | Size = 110080 bytes | Created Date = 5/23/2008 3:23:31 PM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 6/3/2008 3:19:19 PM | Attr = ] backups -> %UserProfile%\Desktop\backups -> [Folder | Created Date = 6/2/2008 9:05:43 PM | Attr = ] combo.exe -> %UserProfile%\Desktop\combo.exe -> [Ver = | Size = 1950874 bytes | Created Date = 6/2/2008 5:41:40 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1950874 bytes | Created Date = 6/2/2008 8:01:20 PM | Attr = ] cwshredder.exe -> %UserProfile%\Desktop\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Created Date = 6/3/2008 2:12:06 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\cwshredder.exe:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1742 bytes | Created Date = 6/2/2008 9:18:57 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 6/2/2008 9:18:30 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/3/2008 3:20:41 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 544627 bytes | Created Date = 6/3/2008 3:19:24 PM | Attr = ] SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [Folder | Created Date = 6/2/2008 6:42:56 PM | Attr = ] SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> [Ver = | Size = 1130674 bytes | Created Date = 6/2/2008 6:42:49 PM | Attr = ] smitRem -> %UserProfile%\Desktop\smitRem -> [Folder | Created Date = 6/2/2008 6:43:15 PM | Attr = ] smitRem.exe -> %UserProfile%\Desktop\smitRem.exe -> [Ver = | Size = 383836 bytes | Created Date = 6/2/2008 6:42:53 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 971 bytes | Created Date = 5/27/2008 3:28:37 PM | Attr = ] Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [Folder | Created Date = 5/27/2008 3:28:18 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 6/2/2008 9:18:56 PM | Attr = ] uTorrent -> %ProgramFiles%\uTorrent -> [Folder | Created Date = 5/24/2008 9:50:01 AM | Attr = ] [Files/Folders - Modified Within 30 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 6/2/2008 3:51:44 PM | Attr = RHS] cf -> %SystemDrive%\cf -> [Folder | Modified Date = 6/2/2008 5:32:08 PM | Attr = ] DOCS -> %SystemDrive%\DOCS -> [Folder | Modified Date = 5/27/2008 7:41:05 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 5/27/2008 3:33:29 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 527941632 bytes | Modified Date = 6/3/2008 3:14:25 PM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/2/2008 9:18:56 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 6/3/2008 2:22:15 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 6/3/2008 3:19:32 PM | Attr = HS] SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 6/2/2008 7:59:43 PM | Attr = ] TEMP -> %SystemDrive%\TEMP -> [Folder | Modified Date = 6/2/2008 5:52:28 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 5/27/2008 3:20:43 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/3/2008 3:15:29 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 6/2/2008 7:49:47 PM | Attr = ] HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [Ver = | Size = 686 bytes | Modified Date = 6/2/2008 7:49:47 PM | Attr = ] SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10671 bytes | Modified Date = 6/2/2008 9:20:29 PM | Attr = ] SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 6/2/2008 9:20:29 PM | Attr = ] SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Modified Date = 6/2/2008 9:20:29 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/3/2008 3:18:50 PM | Attr = ] 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 6/2/2008 6:18:49 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 6/3/2008 2:47:30 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 6/3/2008 2:17:51 AM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 5/22/2008 3:09:08 PM | Attr = ] S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.4.2 | Size = 60800 bytes | Modified Date = 6/2/2008 9:20:29 PM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 4446 bytes | Modified Date = 6/2/2008 7:25:44 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 6/3/2008 3:16:37 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/2/2008 9:09:07 PM | Attr = H ] accesss.exe -> %SystemRoot%\accesss.exe -> [Ver = | Size = 15104 bytes | Modified Date = 6/3/2008 2:07:50 AM | Attr = ] astctl32.ocx -> %SystemRoot%\astctl32.ocx -> [Ver = | Size = 18944 bytes | Modified Date = 6/3/2008 2:07:50 AM | Attr = ] avpcc.dll -> %SystemRoot%\avpcc.dll -> [Ver = | Size = 12288 bytes | Modified Date = 6/3/2008 2:13:53 AM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/3/2008 3:14:34 PM | Attr = S] clrssn.exe -> %SystemRoot%\clrssn.exe -> [Ver = | Size = 26624 bytes | Modified Date = 6/3/2008 2:07:50 AM | Attr = ] cpan.dll -> %SystemRoot%\cpan.dll -> [Ver = | Size = 13824 bytes | Modified Date = 6/3/2008 2:07:51 AM | Attr = ] ctfmon32.exe -> %SystemRoot%\ctfmon32.exe -> [Ver = | Size = 19712 bytes | Modified Date = 6/2/2008 7:58:40 PM | Attr = ] ctrlpan.dll -> %SystemRoot%\ctrlpan.dll -> [Ver = | Size = 29184 bytes | Modified Date = 6/3/2008 2:13:54 AM | Attr = ] default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1853 bytes | Modified Date = 6/3/2008 2:41:32 AM | Attr = ] directx32.exe -> %SystemRoot%\directx32.exe -> [Ver = | Size = 13568 bytes | Modified Date = 6/2/2008 7:58:41 PM | Attr = ] dnsrelay.dll -> %SystemRoot%\dnsrelay.dll -> [Ver = | Size = 27648 bytes | Modified Date = 6/2/2008 7:58:41 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/21/2008 1:12:31 PM | Attr = S] editpad.exe -> %SystemRoot%\editpad.exe -> [Ver = | Size = 22016 bytes | Modified Date = 6/2/2008 7:58:42 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 6/2/2008 6:17:58 PM | Attr = ] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 6/2/2008 7:44:48 PM | Attr = ] explore.exe -> %SystemRoot%\explore.exe -> [Ver = | Size = 21504 bytes | Modified Date = 6/3/2008 2:21:58 AM | Attr = ] explorer32.exe -> %SystemRoot%\explorer32.exe -> [Ver = | Size = 24064 bytes | Modified Date = 6/2/2008 7:58:42 PM | Attr = ] funniest.exe -> %SystemRoot%\funniest.exe -> [Ver = | Size = 28160 bytes | Modified Date = 6/2/2008 7:58:42 PM | Attr = ] funny.exe -> %SystemRoot%\funny.exe -> [Ver = | Size = 32512 bytes | Modified Date = 6/2/2008 7:58:43 PM | Attr = ] gfmnaaa.dll -> %SystemRoot%\gfmnaaa.dll -> [Ver = | Size = 18432 bytes | Modified Date = 6/2/2008 7:58:43 PM | Attr = ] helpcvs.exe -> %SystemRoot%\helpcvs.exe -> [Ver = | Size = 31488 bytes | Modified Date = 6/2/2008 7:58:44 PM | Attr = ] iedll.exe -> %SystemRoot%\iedll.exe -> [Ver = | Size = 26624 bytes | Modified Date = 6/3/2008 2:07:51 AM | Attr = ] iexplorer.exe -> %SystemRoot%\iexplorer.exe -> [Ver = | Size = 23040 bytes | Modified Date = 6/3/2008 2:21:58 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 5/13/2008 4:03:49 PM | Attr = ] inetinf.exe -> %SystemRoot%\inetinf.exe -> [Ver = | Size = 11264 bytes | Modified Date = 6/2/2008 7:58:44 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/3/2008 2:47:58 AM | Attr = H ] internet.exe -> %SystemRoot%\internet.exe -> [Ver = | Size = 25600 bytes | Modified Date = 6/2/2008 7:58:45 PM | Attr = ] loader.exe -> %SystemRoot%\loader.exe -> [Ver = | Size = 20992 bytes | Modified Date = 6/3/2008 2:07:52 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 6/2/2008 5:20:35 PM | Attr = ] msconfd.dll -> %SystemRoot%\msconfd.dll -> [Ver = | Size = 21760 bytes | Modified Date = 6/2/2008 7:58:46 PM | Attr = ] msspi.dll -> %SystemRoot%\msspi.dll -> [Ver = | Size = 26624 bytes | Modified Date = 6/2/2008 7:58:46 PM | Attr = ] mssys.exe -> %SystemRoot%\mssys.exe -> [Ver = | Size = 28160 bytes | Modified Date = 6/3/2008 2:07:52 AM | Attr = ] msupdate.exe -> %SystemRoot%\msupdate.exe -> [Ver = | Size = 26112 bytes | Modified Date = 6/3/2008 2:07:52 AM | Attr = ] mswsc10.dll -> %SystemRoot%\mswsc10.dll -> [Ver = | Size = 8448 bytes | Modified Date = 6/2/2008 7:58:47 PM | Attr = ] mswsc20.dll -> %SystemRoot%\mswsc20.dll -> [Ver = | Size = 23296 bytes | Modified Date = 6/2/2008 7:58:47 PM | Attr = ] mtwirl32.dll -> %SystemRoot%\mtwirl32.dll -> [Ver = | Size = 18176 bytes | Modified Date = 6/3/2008 2:13:55 AM | Attr = ] notepad32.exe -> %SystemRoot%\notepad32.exe -> [Ver = | Size = 8192 bytes | Modified Date = 6/3/2008 2:13:55 AM | Attr = ] olehelp.exe -> %SystemRoot%\olehelp.exe -> [Ver = | Size = 26112 bytes | Modified Date = 6/3/2008 2:07:54 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/3/2008 3:19:32 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 6/2/2008 3:51:41 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 5/24/2008 9:38:56 AM | Attr = H ] qttasks.exe -> %SystemRoot%\qttasks.exe -> [Ver = | Size = 19456 bytes | Modified Date = 6/2/2008 7:58:48 PM | Attr = ] quicken.exe -> %SystemRoot%\quicken.exe -> [Ver = | Size = 11008 bytes | Modified Date = 6/2/2008 7:58:48 PM | Attr = ] rundll16.exe -> %SystemRoot%\rundll16.exe -> [Ver = | Size = 20992 bytes | Modified Date = 6/2/2008 7:58:49 PM | Attr = ] rundll32.vbe -> %SystemRoot%\rundll32.vbe -> [Ver = | Size = 8960 bytes | Modified Date = 6/2/2008 7:58:49 PM | Attr = ] searchword.dll -> %SystemRoot%\searchword.dll -> [Ver = | Size = 32512 bytes | Modified Date = 6/2/2008 7:58:49 PM | Attr = ] sistem.exe -> %SystemRoot%\sistem.exe -> [Ver = | Size = 24320 bytes | Modified Date = 6/3/2008 2:13:56 AM | Attr = ] svchost32.exe -> %SystemRoot%\svchost32.exe -> [Ver = | Size = 25088 bytes | Modified Date = 6/2/2008 7:58:50 PM | Attr = ] svcinit.exe -> %SystemRoot%\svcinit.exe -> [Ver = | Size = 9984 bytes | Modified Date = 6/2/2008 7:58:50 PM | Attr = ] systeem.exe -> %SystemRoot%\systeem.exe -> [Ver = | Size = 14848 bytes | Modified Date = 6/3/2008 2:07:54 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 6/3/2008 2:21:21 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 6/3/2008 3:24:32 PM | Attr = ] systemcritical.exe -> %SystemRoot%\systemcritical.exe -> [Ver = | Size = 26112 bytes | Modified Date = 6/3/2008 2:07:54 AM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 6/3/2008 3:25:57 PM | Attr = ] time.exe -> %SystemRoot%\time.exe -> [Ver = | Size = 9728 bytes | Modified Date = 6/2/2008 7:58:51 PM | Attr = ] users32.exe -> %SystemRoot%\users32.exe -> [Ver = | Size = 17408 bytes | Modified Date = 6/3/2008 2:07:54 AM | Attr = ] waol.exe -> %SystemRoot%\waol.exe -> [Ver = | Size = 27648 bytes | Modified Date = 6/3/2008 2:07:55 AM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 779 bytes | Modified Date = 6/2/2008 3:51:44 PM | Attr = ] win32e.exe -> %SystemRoot%\win32e.exe -> [Ver = | Size = 17920 bytes | Modified Date = 6/3/2008 2:07:55 AM | Attr = ] win64.exe -> %SystemRoot%\win64.exe -> [Ver = | Size = 22528 bytes | Modified Date = 6/3/2008 2:07:55 AM | Attr = ] winajbm.dll -> %SystemRoot%\winajbm.dll -> [Ver = | Size = 14336 bytes | Modified Date = 6/3/2008 2:07:55 AM | Attr = ] window.exe -> %SystemRoot%\window.exe -> [Ver = | Size = 18944 bytes | Modified Date = 6/3/2008 2:07:56 AM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 507 bytes | Modified Date = 5/29/2008 3:08:00 AM | Attr = ] winmgnt.exe -> %SystemRoot%\winmgnt.exe -> [Ver = | Size = 27648 bytes | Modified Date = 6/3/2008 2:07:56 AM | Attr = ] x.exe -> %SystemRoot%\x.exe -> [Ver = | Size = 27136 bytes | Modified Date = 6/3/2008 2:21:59 AM | Attr = ] xplugin.dll -> %SystemRoot%\xplugin.dll -> [Ver = | Size = 21504 bytes | Modified Date = 6/3/2008 2:07:56 AM | Attr = ] xxxvideo.hta -> %SystemRoot%\xxxvideo.hta -> [Ver = | Size = 12288 bytes | Modified Date = 6/3/2008 2:07:56 AM | Attr = ] y.exe -> %SystemRoot%\y.exe -> [Ver = | Size = 30464 bytes | Modified Date = 6/3/2008 2:21:59 AM | Attr = ] Norton Internet Security - Run Full System Scan - Dennis Bidne.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Dennis Bidne.job -> [Ver = | Size = 636 bytes | Modified Date = 6/2/2008 8:00:17 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/3/2008 3:14:50 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 6/2/2008 6:21:48 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 6/2/2008 9:09:20 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 6/2/2008 9:09:20 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 8/27/2005 10:44:22 AM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11102 bytes | Modified Date = 10/22/2005 7:32:37 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 12/7/2007 10:22:02 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/29/2005 6:57:16 PM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 162451 bytes | Modified Date = 8/29/2005 7:15:13 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [Folder | Modified Date = 6/3/2008 3:25:03 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 5/27/2008 7:15:55 PM | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Modified Date = 6/3/2008 2:26:15 AM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 5/24/2008 9:39:47 AM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 5/24/2008 9:40:42 AM | Attr = S] U3 -> %AppData%\U3 -> [Folder | Modified Date = 5/18/2008 10:11:40 AM | Attr = ] 051208.xls -> %UserProfile%\My Documents\051208.xls -> [Ver = | Size = 23040 bytes | Modified Date = 5/11/2008 9:48:15 PM | Attr = ] 051908.xls -> %UserProfile%\My Documents\051908.xls -> [Ver = | Size = 23040 bytes | Modified Date = 5/18/2008 9:56:21 PM | Attr = ] April08.xls -> %UserProfile%\My Documents\April08.xls -> [Ver = | Size = 111104 bytes | Modified Date = 5/23/2008 3:45:54 PM | Attr = ] Feb08.xls -> %UserProfile%\My Documents\Feb08.xls -> [Ver = | Size = 110592 bytes | Modified Date = 5/8/2008 9:34:28 PM | Attr = ] mar08.xls -> %UserProfile%\My Documents\mar08.xls -> [Ver = | Size = 110592 bytes | Modified Date = 5/8/2008 9:32:07 PM | Attr = ] May 08.xls -> %UserProfile%\My Documents\May 08.xls -> [Ver = | Size = 110080 bytes | Modified Date = 5/23/2008 3:43:41 PM | Attr = ] Miller Action plan.doc -> %UserProfile%\My Documents\Miller Action plan.doc -> [Ver = | Size = 25600 bytes | Modified Date = 5/11/2008 7:50:15 PM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 6/3/2008 3:14:28 PM | Attr = ] backups -> %UserProfile%\Desktop\backups -> [Folder | Modified Date = 6/2/2008 9:05:44 PM | Attr = ] combo.exe -> %UserProfile%\Desktop\combo.exe -> [Ver = | Size = 1950874 bytes | Modified Date = 6/2/2008 5:40:02 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1950874 bytes | Modified Date = 6/2/2008 5:40:02 PM | Attr = ] Copy of Microsoft Office Word 2003.lnk -> %UserProfile%\Desktop\Copy of Microsoft Office Word 2003.lnk -> [Ver = | Size = 2497 bytes | Modified Date = 5/11/2008 1:01:14 PM | Attr = ] cwshredder.exe -> %UserProfile%\Desktop\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 6/3/2008 2:12:07 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\cwshredder.exe:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1742 bytes | Modified Date = 6/2/2008 9:18:57 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 6/2/2008 9:18:32 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier Launch Google Earth.lnk -> %UserProfile%\Desktop\Launch Google Earth.lnk -> [Ver = | Size = 2523 bytes | Modified Date = 5/21/2008 6:15:46 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 6/3/2008 3:20:42 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 544627 bytes | Modified Date = 6/3/2008 3:14:38 PM | Attr = ] SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [Folder | Modified Date = 6/2/2008 7:29:26 PM | Attr = ] smitRem -> %UserProfile%\Desktop\smitRem -> [Folder | Modified Date = 6/2/2008 6:43:50 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 971 bytes | Modified Date = 5/29/2008 2:35:54 AM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 6/3/2008 3:25:58 PM | Attr = ] < End of report > [/code]