[code] OTScanIt logfile created on: 05/06/2008 09:10:07 OTScanIt by OldTimer - Version 1.0.15.11 Folder = C:\Documents and Settings\Administrator\Desktop\OTScanIt Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation Internet Explorer (Version = 6.0.2800.1106) Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy 510.21 Mb Total Physical Memory | 293.04 Mb Available Physical Memory | 57.43% Memory free 855.73 Mb Paging File | 621.54 Mb Available in Paging File | 72.63% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 7.81 Gb Total Space | 1.37 Gb Free Space | 17.50% Space Free | Partition Type: FAT32 Drive D: | 29.44 Gb Total Space | 19.26 Gb Free Space | 65.41% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: CCCLRL41 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] s24evmon.exe -> %SystemRoot%\system32\S24EvMon.exe -> Intel Corporation [Ver = 7, 1, 3, 0 | Size = 303171 bytes | Modified Date = 11/08/2004 08:17:24 | Attr = ] lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 14/01/2004 14:21:00 | Attr = ] lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 174592 bytes | Modified Date = 14/01/2004 14:21:00 | Attr = ] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 27/05/2008 02:07:12 | Attr = ] avsynmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\Avsynmgr.exe -> [Ver = | Size = 155665 bytes | Modified Date = 26/11/2001 16:51:00 | Attr = ] btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.3500 | Size = 258103 bytes | Modified Date = 12/05/2006 13:27:16 | Attr = ] regsrvc.exe -> %SystemRoot%\system32\RegSrvc.exe -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 122880 bytes | Modified Date = 11/08/2004 08:15:52 | Attr = ] vsstat.exe -> %ProgramFiles%\Network Associates\VirusScan\VsStat.exe -> [Ver = | Size = 98321 bytes | Modified Date = 26/11/2001 16:51:00 | Attr = ] avconsol.exe -> %ProgramFiles%\Network Associates\VirusScan\Avconsol.exe -> [Ver = | Size = 163857 bytes | Modified Date = 26/11/2001 16:51:00 | Attr = ] zcfgsvc.exe -> %SystemRoot%\system32\ZCfgSvc.exe -> Intel Corporation [Ver = 4, 1, 0, 53 | Size = 409664 bytes | Modified Date = 11/08/2004 08:20:54 | Attr = ] 1xconfig.exe -> %SystemRoot%\system32\1XConfig.exe -> Intel [Ver = 4, 1, 0, 3 | Size = 204800 bytes | Modified Date = 11/08/2004 08:17:52 | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3889 | Size = 118784 bytes | Modified Date = 20/08/2004 15:51:14 | Attr = ] createcd50.exe -> %CommonProgramFiles%\Adaptec Shared\CreateCD\CreateCD50.exe -> Roxio [Ver = 5.3.4.21 | Size = 131157 bytes | Modified Date = 17/12/2002 13:14:14 | Attr = ] directcd.exe -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe -> Roxio [Ver = 5.3.4.21 | Size = 684032 bytes | Modified Date = 17/12/2002 12:28:00 | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 17/04/2005 18:45:10 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ] pronomgr.exe -> %ProgramFiles%\Intel\NCS\PROSet\PRONoMgr.exe -> Intel(R) Corporation [Ver = 7.1.3.1 | Size = 86016 bytes | Modified Date = 11/08/2004 13:37:16 | Attr = ] ly43.exe -> %SystemRoot%\system32\ly43.exe -> [Ver = | Size = 16384 bytes | Modified Date = 12/05/2007 19:14:38 | Attr = ] bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 4.0.1.3500 | Size = 581693 bytes | Modified Date = 12/05/2006 13:33:22 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.11 | Size = 397824 bytes | Modified Date = 03/06/2008 18:00:48 | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 27/05/2008 02:07:12 | Attr = ] (AvSynMgr) AVSync Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\Avsynmgr.exe -> [Ver = | Size = 155665 bytes | Modified Date = 26/11/2001 16:51:00 | Attr = ] (btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 4.0.1.3500 | Size = 258103 bytes | Modified Date = 12/05/2006 13:27:16 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> VERITAS Software Corp. [Ver = 2195.6624.297.3 | Size = 147728 bytes | Modified Date = 19/06/2003 12:05:04 | Attr = ] (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 9.41 | Size = 311296 bytes | Modified Date = 14/01/2004 14:21:00 | Attr = ] (McShield) McShield [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Network Associates\McShield\Mcshield.exe -> [Ver = | Size = 225403 bytes | Modified Date = 26/11/2001 16:51:00 | Attr = ] (NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.1.301.0 | Size = 139264 bytes | Modified Date = 29/04/2003 14:29:54 | Attr = ] (RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %SystemRoot%\system32\RegSrvc.exe -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 122880 bytes | Modified Date = 11/08/2004 08:15:52 | Attr = ] (S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\S24EvMon.exe -> Intel Corporation [Ver = 7, 1, 3, 0 | Size = 303171 bytes | Modified Date = 11/08/2004 08:17:24 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AdaptecDirectCD -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe ["C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"] -> Roxio [Ver = 5.3.4.21 | Size = 684032 bytes | Modified Date = 17/12/2002 12:28:00 | Attr = ] CreateCD50 -> %CommonProgramFiles%\Adaptec Shared\CreateCD\CreateCD50.exe ["C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r] -> Roxio [Ver = 5.3.4.21 | Size = 131157 bytes | Modified Date = 17/12/2002 13:14:14 | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINNT\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.3889 | Size = 118784 bytes | Modified Date = 20/08/2004 15:51:14 | Attr = ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINNT\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.3889 | Size = 155648 bytes | Modified Date = 20/08/2004 15:55:14 | Attr = ] ly43 -> %SystemRoot%\system32\ly43.exe [C:\WINNT\system32\ly43.exe] -> [Ver = | Size = 16384 bytes | Modified Date = 12/05/2007 19:14:38 | Attr = ] PRONoMgr.exe -> %ProgramFiles%\Intel\NCS\PROSet\PRONoMgr.exe [C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe] -> Intel(R) Corporation [Ver = 7.1.3.1 | Size = 86016 bytes | Modified Date = 11/08/2004 13:37:16 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 17/04/2005 18:45:10 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 12/07/2007 04:00:36 | Attr = ] ZCfgSvc.exe -> %SystemRoot%\system32\ZCfgSvc.exe [C:\WINNT\system32\ZCfgSvc.exe] -> Intel Corporation [Ver = 4, 1, 0, 53 | Size = 409664 bytes | Modified Date = 11/08/2004 08:20:54 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ly43 -> %SystemRoot%\system32\ly43.exe [C:\WINNT\system32\ly43.exe] -> [Ver = | Size = 16384 bytes | Modified Date = 12/05/2007 19:14:38 | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 4.0.1.3500 | Size = 581693 bytes | Modified Date = 12/05/2006 13:33:22 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 14/12/2004 04:44:06 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3889 | Size = 344064 bytes | Modified Date = 20/08/2004 15:50:54 | Attr = ] Sebring -> %SystemRoot%\system32\LgNotify.dll -> Intel Corporation [Ver = 4, 1, 0, 0 | Size = 180290 bytes | Modified Date = 11/08/2004 08:22:10 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Autorun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\System32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.00.2195.6655 | Size = 27984 bytes | Modified Date = 19/06/2003 12:05:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRom_NEC_DVD+RW_ND-6100A____________________104D____\5&1904f86d&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 18/05/2004 13:24:22 | Attr = H ] < HOSTS File > (734 bytes) -> C:\WINNT\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINNT\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.co.uk/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4496 domain(s) found. -> 35 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4496 domain(s) found. -> 35 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 14/12/2004 01:56:50 | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015] -> File not found {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28/01/2008 11:43:28 | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Send To &Bluetooth -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 29/05/2003 13:53:12 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> {7F2087A1-DE34-4520-8B94-893A4B87E06F} -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1C6C8DF9-5CE7-40A4-B9EB-2D57E5F6A7D2} -> (Intel(R) PRO/Wireless 2200BG Network Connection) -> {336FBA13-6651-4513-9AFF-BB91066A8C00} -> (Intel(R) PRO/100 VE Network Connection) -> {3FA4F46E-45F9-42C4-BC44-855E93437373} -> () -> {556AF252-F3B8-4171-956F-969B4EB34CA9} -> () -> {9E030E41-9D9C-41D0-9D52-682DE94907EC} -> (ZyXEL USB ADSL Modem) -> {ADFFACA1-E977-4741-9DC6-02880D0F5010} -> (Intel(R) PRO/Wireless LAN 2100 3A Mini PCI Adapter) -> {BF6D1CE9-4C63-48E2-8ADC-811517764FF5} -> (ZyXEL USB ADSL Modem) -> < Default Protocols [HKEY_CURRENT_USER\] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value vnd.ms.radio:{3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msdxm.ocx[AsyncPProt Class] -> [Ver = | Size = 844048 bytes | Modified Date = 17/09/2003 11:01:28 | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINNT\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINNT\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/danim.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/danim.dll\\.Owner -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/danim.dll\\{DC38CC30-4E3B-11d1-9071-0060081840BC} -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/ddrawex.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/ddrawex.dll\\.Owner -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/ddrawex.dll\\{DC38CC30-4E3B-11d1-9071-0060081840BC} -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/ddrawex.dll\\22d6f312-b0f6-11d0-94ab-0080c74c7e95 -> 22d6f312-b0f6-11d0-94ab-0080c74c7e95 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/iuctl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/iuctl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/iuengine.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/iuengine.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\\.Owner -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\\{DC38CC30-4E3B-11d1-9071-0060081840BC} -> {DC38CC30-4E3B-11d1-9071-0060081840BC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\\{4112DF42-0DCB-11d1-8177-00AA00576BAD} -> {4112DF42-0DCB-11d1-8177-00AA00576BAD} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/System32/quartz.dll\\{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> {22d6f312-b0f6-11d0-94ab-0080c74c7e95} -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.00.2195.6897 | Size = 123152 bytes | Modified Date = 11/03/2004 03:37:18 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 5.00.2195.6903 | Size = 210192 bytes | Modified Date = 11/03/2004 03:37:10 | Attr = ] msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.00.2195.6897 | Size = 123152 bytes | Modified Date = 11/03/2004 03:37:18 | Attr = ] schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 5.00.2195.6899 | Size = 143120 bytes | Modified Date = 11/03/2004 03:37:42 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 268 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 5.00.2195.6893 | Size = 111376 bytes | Modified Date = 24/03/2004 03:17:02 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.00.2195.6666 | Size = 102672 bytes | Modified Date = 19/06/2003 12:05:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 56 22 E4 52 C3 35 DB 5E 58 C7 1C B1 DB 69 73 AB 39 62 31 34 63 62 33 33 00 FD 06 00 01 00 00 00 A8 00 00 00 B4 00 00 00 54 FA 06 00 7D 3E 65 76 04 00 00 00 B0 FD 06 00 A8 FD 06 00 98 22 94 05 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 39 A1 A8 2E 9F 55 B9 A6 96 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 20 34 B1 6A BC 56 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\System32\IISSUBA.dll [IISSUBA] -> Microsoft Corporation [Ver = 5.00.0984 | Size = 10000 bytes | Modified Date = 07/12/1999 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 14 E7 C5 DA C4 48 21 31 75 49 5A 06 CD E5 55 24 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 70 D0 03 2F 16 C7 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 B0 6C BD 2B 4F C2 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 60 4E 96 AA 40 BF 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 60 4E 96 AA 40 BF 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 288 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 07/12/1999 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> RasMan; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.00.2195.6902 | Size = 442640 bytes | Modified Date = 24/03/2004 03:17:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k wugroup] -> Microsoft Corporation [Ver = 5.00.2134.1 | Size = 7952 bytes | Modified Date = 07/12/1999 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\System32\wuauserv.dll [C:\WINNT\System32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3630.2554 built by: lab04_n | Size = 9216 bytes | Modified Date = 19/06/2003 12:05:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Allows remote registry manipulation. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\regsvc.exe [%SystemRoot%\system32\regsvc.exe] -> Microsoft Corporation [Ver = 5.00.2195.6701 | Size = 68368 bytes | Modified Date = 19/06/2003 12:05:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RpcSs -> %SystemRoot%\System32\RpcSs.dll -> Microsoft Corporation [Ver = 5.00.2195.7021 | Size = 212240 bytes | Modified Date = 14/01/2005 01:27:10 | Attr = ] TcpIp -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Allows a remote user to log on to the system and run console programs using the command line. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [%SystemRoot%\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.00.99206.1 | Size = 186128 bytes | Modified Date = 19/06/2003 12:05:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> [binary data] -> [Files/Folders - Created Within 30 days] DUKE3D.BAT -> %SystemDrive%\DUKE3D.BAT -> [Ver = | Size = 24 bytes | Created Date = 26/05/2008 22:28:14 | Attr = ] Dell -> %SystemDrive%\Dell -> [Folder | Created Date = 26/05/2008 22:49:02 | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 04/06/2008 11:56:30 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 04/06/2008 15:04:49 | Attr = HS] w70n5.sys -> %SystemRoot%\System32\drivers\w70n5.sys -> Intel® Corporation [Ver = 1.2.3.14 | Size = 2483584 bytes | Created Date = 26/05/2008 22:49:02 | Attr = ] AegisP.sys -> %SystemRoot%\System32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.0.0.7 | Size = 16015 bytes | Created Date = 26/05/2008 22:50:00 | Attr = ] w70n5msg.dll -> %SystemRoot%\System32\w70n5msg.dll -> Intel® Corporation [Ver = 1.0.0.0 | Size = 32768 bytes | Created Date = 26/05/2008 22:49:13 | Attr = R ] W20NCPA.dll -> %SystemRoot%\System32\W20NCPA.dll -> Intel Corporation [Ver = 4, 1, 0, 4 | Size = 426051 bytes | Created Date = 26/05/2008 22:49:02 | Attr = ] W20MLRes.dll -> %SystemRoot%\System32\W20MLRes.dll -> Intel Corporation [Ver = 4, 1, 0, 4 | Size = 983040 bytes | Created Date = 26/05/2008 22:49:02 | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Created Date = 26/05/2008 22:49:44 | Attr = ] 1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ~.exe -> %SystemRoot%\System32\~.exe -> [Ver = | Size = 22016 bytes | Created Date = 03/06/2008 21:21:16 | Attr = ] ciadmint.dll -> %SystemRoot%\System32\ciadmint.dll -> Xngexacxqz Corporation [Ver = 5.1.2600.4803 | Size = 127488 bytes | Created Date = 03/06/2008 21:22:22 | Attr = ] ly43.exe -> %SystemRoot%\System32\ly43.exe -> [Ver = | Size = 16384 bytes | Created Date = 03/06/2008 21:23:05 | Attr = ] Perflib_Perfdata_234.dat -> %SystemRoot%\System32\Perflib_Perfdata_234.dat -> [Ver = | Size = 16384 bytes | Created Date = 05/06/2008 08:51:46 | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2551 bytes | Created Date = 27/05/2008 02:11:55 | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 27/05/2008 02:11:55 | Attr = ] At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 426 bytes | Created Date = 03/06/2008 21:22:26 | Attr = ] At2.job -> %SystemRoot%\tasks\At2.job -> [Ver = | Size = 426 bytes | Created Date = 04/06/2008 12:11:14 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] New Folder -> %UserProfile%\My Documents\New Folder -> [Folder | Created Date = 20/05/2008 22:52:48 | Attr = ] Adobe Media Player.lnk -> %AllUsersProfile%\Desktop\Adobe Media Player.lnk -> [Ver = | Size = 509 bytes | Created Date = 01/06/2008 16:04:53 | Attr = ] Adobe Reader 7.0.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 7.0.lnk -> [Ver = | Size = 1474 bytes | Created Date = 04/06/2008 15:04:57 | Attr = ] gov part essay -> %UserProfile%\Desktop\gov part essay -> [Folder | Created Date = 13/05/2008 21:43:24 | Attr = ] Presentation%20-%20mags[1].ppt -> %UserProfile%\Desktop\Presentation%20-%20mags[1].ppt -> [Ver = | Size = 5310464 bytes | Created Date = 04/06/2008 11:32:20 | Attr = ] Chapter One.doc -> %UserProfile%\Desktop\Chapter One.doc -> [Ver = | Size = 34304 bytes | Created Date = 12/05/2008 22:34:51 | Attr = ] mem sti -> %UserProfile%\Desktop\mem sti -> [Folder | Created Date = 12/05/2008 21:28:51 | Attr = ] Diss reading -> %UserProfile%\Desktop\Diss reading -> [Folder | Created Date = 12/05/2008 22:55:52 | Attr = ] Governance essay.doc -> %UserProfile%\Desktop\Governance essay.doc -> [Ver = | Size = 23040 bytes | Created Date = 13/05/2008 21:43:47 | Attr = ] Essay.doc -> %UserProfile%\Desktop\Essay.doc -> [Ver = | Size = 4189184 bytes | Created Date = 14/05/2008 22:31:10 | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1347 bytes | Created Date = 04/06/2008 11:52:28 | Attr = ] inside new park.bmp -> %UserProfile%\Desktop\inside new park.bmp -> [Ver = | Size = 1741990 bytes | Created Date = 16/05/2008 00:21:46 | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 04/06/2008 11:46:20 | Attr = ] APPLICATION PACK-ENV530EXT-GRADUATE PLANNING OFFICER.doc -> %UserProfile%\Desktop\APPLICATION PACK-ENV530EXT-GRADUATE PLANNING OFFICER.doc -> [Ver = | Size = 130048 bytes | Created Date = 03/06/2008 15:15:50 | Attr = ] Presentation - mags.ppt -> %UserProfile%\Desktop\Presentation - mags.ppt -> [Ver = | Size = 5312000 bytes | Created Date = 04/06/2008 12:02:04 | Attr = ] Weather Croatia.bmp -> %UserProfile%\Desktop\Weather Croatia.bmp -> [Ver = | Size = 705726 bytes | Created Date = 04/06/2008 17:26:21 | Attr = ] Croatia Weather.jpg -> %UserProfile%\Desktop\Croatia Weather.jpg -> [Ver = | Size = 43333 bytes | Created Date = 04/06/2008 17:27:24 | Attr = ] Why.jpg -> %UserProfile%\Desktop\Why.jpg -> [Ver = | Size = 118843 bytes | Created Date = 04/06/2008 17:57:05 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568719 bytes | Created Date = 05/06/2008 09:06:58 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 05/06/2008 09:08:46 | Attr = ] zsnesw151.zip -> %UserProfile%\Desktop\zsnesw151.zip -> [Ver = | Size = 867785 bytes | Created Date = 27/05/2008 03:27:35 | Attr = ] CV.doc -> %UserProfile%\Desktop\CV.doc -> [Ver = | Size = 36864 bytes | Created Date = 02/06/2008 22:57:29 | Attr = ] APPLICATION PACK - ENV530EXT -GRADUATE PLANNING OFFICER.doc -> %UserProfile%\Desktop\APPLICATION PACK - ENV530EXT -GRADUATE PLANNING OFFICER.doc -> [Ver = | Size = 209920 bytes | Created Date = 03/06/2008 13:38:20 | Attr = ] APPLICATION PACK - ENV530EXT -GRADUATE PLANNING OFFICER2.doc -> %UserProfile%\Desktop\APPLICATION PACK - ENV530EXT -GRADUATE PLANNING OFFICER2.doc -> [Ver = | Size = 204800 bytes | Created Date = 03/06/2008 15:00:38 | Attr = ] Adobe Reader Speed Launch.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1490 bytes | Created Date = 04/06/2008 15:04:57 | Attr = ] Adobe AIR -> %CommonProgramFiles%\Adobe AIR -> [Folder | Created Date = 01/06/2008 16:04:49 | Attr = ] Mozilla Shared -> %CommonProgramFiles%\Mozilla Shared -> [Folder | Created Date = 04/06/2008 22:15:12 | Attr = ] Adobe Media Player -> %ProgramFiles%\Adobe Media Player -> [Folder | Created Date = 01/06/2008 16:04:52 | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 04/06/2008 11:46:37 | Attr = ] CCleaner -> %ProgramFiles%\CCleaner -> [Folder | Created Date = 04/06/2008 11:52:28 | Attr = ] [Files/Folders - Modified Within 30 days] DUKE3D.BAT -> %SystemDrive%\DUKE3D.BAT -> [Ver = | Size = 24 bytes | Modified Date = 26/05/2008 22:28:16 | Attr = ] Dell -> %SystemDrive%\Dell -> [Folder | Modified Date = 26/05/2008 22:49:04 | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 04/06/2008 11:56:32 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 04/06/2008 15:04:50 | Attr = HS] AegisP.sys -> %SystemRoot%\System32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.0.0.7 | Size = 16015 bytes | Modified Date = 26/05/2008 22:50:02 | Attr = ] LogFiles -> %SystemRoot%\System32\LogFiles -> [Folder | Modified Date = 26/05/2008 22:49:46 | Attr = ] 1 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [Ver = | Size = 12632 bytes | Modified Date = 27/05/2008 02:08:56 | Attr = ] ~.exe -> %SystemRoot%\System32\~.exe -> [Ver = | Size = 22016 bytes | Modified Date = 03/06/2008 21:21:18 | Attr = ] Perflib_Perfdata_234.dat -> %SystemRoot%\System32\Perflib_Perfdata_234.dat -> [Ver = | Size = 16384 bytes | Modified Date = 05/06/2008 08:51:48 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 992 bytes | Modified Date = 26/05/2008 22:01:54 | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 2551 bytes | Modified Date = 27/05/2008 02:11:56 | Attr = ] ShellIconCache -> %SystemRoot%\ShellIconCache -> [Ver = | Size = 742346 bytes | Modified Date = 04/06/2008 20:48:46 | Attr = H ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 05/06/2008 08:52:00 | Attr = H ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 26/05/2008 22:49:52 | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 27/05/2008 02:07:34 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 05/06/2008 08:51:16 | Attr = H ] At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 426 bytes | Modified Date = 04/06/2008 21:56:04 | Attr = ] At2.job -> %SystemRoot%\tasks\At2.job -> [Ver = | Size = 426 bytes | Modified Date = 04/06/2008 16:21:02 | Attr = ] C:\Documents and Settings\Administrator\Local Settings\Temp\ -> C:\Documents and Settings\Administrator\Local Settings\Temp -> [Folder | Modified Date = 18/05/2004 13:14:36 | Attr = ] FlashPlayerUpdate.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\FlashPlayerUpdate.exe -> Adobe Systems Incorporated [Ver = 1.0.17 | Size = 1214672 bytes | Modified Date = 12/05/2007 19:14:38 | Attr = ] 25 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0 -> [Folder | Modified Date = 08/03/2008 21:59:20 | Attr = ] Inst.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\Inst.exe -> [Ver = 4.0.1.350 | Size = 253952 bytes | Modified Date = 17/07/2006 01:04:46 | Attr = ] instmsia.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\instmsia.exe -> Microsoft Corporation [Ver = 2.0.2600.2 | Size = 1708856 bytes | Modified Date = 17/07/2006 01:04:46 | Attr = ] instmsiw.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\instmsiw.exe -> Microsoft Corporation [Ver = 2.0.2600.2 | Size = 1822520 bytes | Modified Date = 17/07/2006 01:04:46 | Attr = ] setup.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\setup.exe -> Broadcom Corporation. [Ver = 4.0.1.3500 | Size = 81920 bytes | Modified Date = 17/07/2006 01:04:46 | Attr = ] Spylite.exe -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\Spylite.exe -> Broadcom Corporation. [Ver = 4.0.1.3500 | Size = 360448 bytes | Modified Date = 17/07/2006 01:04:52 | Attr = ] C:\Documents and Settings\Administrator\Local Settings\Temp\ -> C:\Documents and Settings\Administrator\Local Settings\Temp -> [Folder | Modified Date = 18/05/2004 13:14:36 | Attr = ] 3.3.61.28-EasyShrx.Dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\3.3.61.28-EasyShrx.Dll -> Eastman Kodak Company [Ver = 1.0.9.3 | Size = 94208 bytes | Modified Date = 17/04/2005 18:42:38 | Attr = ] SIntf16.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\SIntf16.dll -> [Ver = | Size = 12305 bytes | Modified Date = 09/10/2007 15:50:12 | Attr = ] CmdLineExt03.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\CmdLineExt03.dll -> [Ver = | Size = 40448 bytes | Modified Date = 09/10/2007 15:50:12 | Attr = ] SIntf32.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\SIntf32.dll -> [Ver = | Size = 17320 bytes | Modified Date = 09/10/2007 15:50:12 | Attr = ] SIntfNT.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\SIntfNT.dll -> [Ver = | Size = 22068 bytes | Modified Date = 09/10/2007 15:50:12 | Attr = ] 25 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Administrator\Local Settings\Temp\isp15.tmp\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\isp15.tmp\ -> [Folder | Modified Date = 03/07/2005 22:50:18 | Attr = ] _Setup.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\isp15.tmp\_Setup.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1201 | Size = 155648 bytes | Modified Date = 03/07/2005 22:50:18 | Attr = ] C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0 -> [Folder | Modified Date = 08/03/2008 21:59:20 | Attr = ] BBalloon.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\BBalloon.dll -> Broadcom Corporation. [Ver = 4.0.1.3500 | Size = 49152 bytes | Modified Date = 17/07/2006 01:04:52 | Attr = ] BtSetup.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\BtSetup.dll -> Broadcom Corporation. [Ver = 4.0.1.3500 | Size = 163840 bytes | Modified Date = 17/07/2006 01:04:30 | Attr = ] btw_ci.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\btw_ci.dll -> Broadcom Corporation. [Ver = 4.0.1.3500 | Size = 77824 bytes | Modified Date = 17/07/2006 01:04:30 | Attr = ] MSVCP60.DLL -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\MSVCP60.DLL -> Microsoft Corporation [Ver = 6.00.8972.0 | Size = 401462 bytes | Modified Date = 17/07/2006 01:04:46 | Attr = ] C:\Documents and Settings\Administrator\Local Settings\Temp\SigmaTel\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\SigmaTel -> [Folder | Modified Date = 18/05/2004 14:22:54 | Attr = ] STFNDCSD.dll -> C:\Documents and Settings\Administrator\Local Settings\Temp\SigmaTel\STFNDCSD.dll -> [Ver = | Size = 3568 bytes | Modified Date = 30/04/2002 17:38:32 | Attr = ] C:\Documents and Settings\Administrator\Local Settings\Temp\ -> C:\Documents and Settings\Administrator\Local Settings\Temp -> [Folder | Modified Date = 18/05/2004 13:14:36 | Attr = ] _vdmstmsnd_.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\_vdmstmsnd_.dat -> [Ver = | Size = 0 bytes | Modified Date = 03/06/2008 21:21:14 | Attr = ] 25 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0 -> [Folder | Modified Date = 08/03/2008 21:59:20 | Attr = ] license.dat -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\license.dat -> [Ver = | Size = 176 bytes | Modified Date = 16/01/2007 14:04:48 | Attr = ] C:\Documents and Settings\Administrator\Local Settings\Temp\ -> C:\Documents and Settings\Administrator\Local Settings\Temp -> [Folder | Modified Date = 18/05/2004 13:14:36 | Attr = ] fjrrchqq.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\fjrrchqq.ini -> [Ver = | Size = 4 bytes | Modified Date = 05/06/2008 08:59:14 | Attr = ] _isdelet.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\_isdelet.ini -> [Ver = | Size = 231 bytes | Modified Date = 03/07/2005 23:06:24 | Attr = ] 25 C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Administrator\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Administrator\Local Settings\Temp\pft47~tmp\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\pft47~tmp -> [Folder | Modified Date = 18/05/2004 14:20:00 | Attr = ] SetupBD.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\pft47~tmp\SetupBD.ini -> [Ver = | Size = 399 bytes | Modified Date = 24/09/2003 15:49:42 | Attr = R ] C:\Documents and Settings\Administrator\Local Settings\Temp\pftC~tmp\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\pftC~tmp -> [Folder | Modified Date = 20/08/2004 10:16:48 | Attr = ] SetupBD.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\pftC~tmp\SetupBD.ini -> [Ver = | Size = 337 bytes | Modified Date = 02/12/2002 14:39:58 | Attr = R ] C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0 -> [Folder | Modified Date = 08/03/2008 21:59:20 | Attr = ] 0x0409.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x0409.ini -> [Ver = | Size = 5491 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] 0x0410.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x0410.ini -> [Ver = | Size = 6160 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] 0x0411.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x0411.ini -> [Ver = | Size = 5887 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] 0x0412.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x0412.ini -> [Ver = | Size = 5045 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] 0x0413.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x0413.ini -> [Ver = | Size = 6087 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] 0x0414.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x0414.ini -> [Ver = | Size = 5695 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] 0x0415.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x0415.ini -> [Ver = | Size = 5863 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] 0x0416.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x0416.ini -> [Ver = | Size = 5900 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] 0x0419.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x0419.ini -> [Ver = | Size = 5780 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] 0x0804.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x0804.ini -> [Ver = | Size = 3841 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] Setup.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\Setup.ini -> [Ver = | Size = 2036 bytes | Modified Date = 17/07/2006 01:04:50 | Attr = ] 0x040a.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x040a.ini -> [Ver = | Size = 6265 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] 0x040b.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x040b.ini -> [Ver = | Size = 5586 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] 0x040c.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x040c.ini -> [Ver = | Size = 6394 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] 0x041d.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x041d.ini -> [Ver = | Size = 5485 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] 0x0404.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x0404.ini -> [Ver = | Size = 3771 bytes | Modified Date = 17/07/2006 01:04:24 | Attr = ] 0x0406.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x0406.ini -> [Ver = | Size = 5722 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] 0x0407.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\0x0407.ini -> [Ver = | Size = 6265 bytes | Modified Date = 17/07/2006 01:04:26 | Attr = ] C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\svcpack\ -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\svcpack -> [Folder | Modified Date = 28/09/2007 10:04:30 | Attr = ] SvcPack.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\RarSFX0\svcpack\SvcPack.ini -> [Ver = | Size = 2567 bytes | Modified Date = 17/07/2006 01:04:48 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] New Folder -> %UserProfile%\My Documents\New Folder -> [Folder | Modified Date = 20/05/2008 22:52:50 | Attr = ] Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk -> [Ver = | Size = 1544 bytes | Modified Date = 27/05/2008 10:36:56 | Attr = ] Adobe Media Player.lnk -> %AllUsersProfile%\Desktop\Adobe Media Player.lnk -> [Ver = | Size = 509 bytes | Modified Date = 01/06/2008 16:04:54 | Attr = ] Adobe Reader 7.0.lnk -> %AllUsersProfile%\Desktop\Adobe Reader 7.0.lnk -> [Ver = | Size = 1474 bytes | Modified Date = 04/06/2008 15:04:58 | Attr = ] Microsoft Word.lnk -> %UserProfile%\Desktop\Microsoft Word.lnk -> [Ver = | Size = 2394 bytes | Modified Date = 02/06/2008 23:00:08 | Attr = ] gov part essay -> %UserProfile%\Desktop\gov part essay -> [Folder | Modified Date = 13/05/2008 21:43:26 | Attr = ] DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [Ver = | Size = 1328 bytes | Modified Date = 13/05/2008 00:27:18 | Attr = ] LimeWire 4.14.10.lnk -> %UserProfile%\Desktop\LimeWire 4.14.10.lnk -> [Ver = | Size = 1381 bytes | Modified Date = 13/05/2008 00:26:34 | Attr = ] Presentation%20-%20mags[1].ppt -> %UserProfile%\Desktop\Presentation%20-%20mags[1].ppt -> [Ver = | Size = 5310464 bytes | Modified Date = 04/06/2008 11:32:22 | Attr = ] Hijackthis.lnk -> %UserProfile%\Desktop\Hijackthis.lnk -> [Ver = | Size = 1494 bytes | Modified Date = 04/06/2008 11:46:38 | Attr = ] Chapter One.doc -> %UserProfile%\Desktop\Chapter One.doc -> [Ver = | Size = 34304 bytes | Modified Date = 12/05/2008 22:34:52 | Attr = ] mem sti -> %UserProfile%\Desktop\mem sti -> [Folder | Modified Date = 12/05/2008 21:28:52 | Attr = ] Diss reading -> %UserProfile%\Desktop\Diss reading -> [Folder | Modified Date = 12/05/2008 22:55:54 | Attr = ] Governance essay.doc -> %UserProfile%\Desktop\Governance essay.doc -> [Ver = | Size = 23040 bytes | Modified Date = 13/05/2008 23:06:18 | Attr = ] CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk -> [Ver = | Size = 1347 bytes | Modified Date = 04/06/2008 11:52:30 | Attr = ] inside new park.bmp -> %UserProfile%\Desktop\inside new park.bmp -> [Ver = | Size = 1741990 bytes | Modified Date = 16/05/2008 00:23:26 | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 04/06/2008 11:46:32 | Attr = ] APPLICATION PACK-ENV530EXT-GRADUATE PLANNING OFFICER.doc -> %UserProfile%\Desktop\APPLICATION PACK-ENV530EXT-GRADUATE PLANNING OFFICER.doc -> [Ver = | Size = 130048 bytes | Modified Date = 03/06/2008 15:15:52 | Attr = ] Presentation - mags.ppt -> %UserProfile%\Desktop\Presentation - mags.ppt -> [Ver = | Size = 5312000 bytes | Modified Date = 04/06/2008 12:02:06 | Attr = ] Weather Croatia.bmp -> %UserProfile%\Desktop\Weather Croatia.bmp -> [Ver = | Size = 705726 bytes | Modified Date = 04/06/2008 17:26:22 | Attr = ] Croatia Weather.jpg -> %UserProfile%\Desktop\Croatia Weather.jpg -> [Ver = | Size = 43333 bytes | Modified Date = 04/06/2008 17:27:26 | Attr = ] Why.jpg -> %UserProfile%\Desktop\Why.jpg -> [Ver = | Size = 118843 bytes | Modified Date = 04/06/2008 17:57:06 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568719 bytes | Modified Date = 05/06/2008 09:07:04 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 05/06/2008 09:08:48 | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 715 bytes | Modified Date = 04/06/2008 13:50:20 | Attr = ] zsnesw151.zip -> %UserProfile%\Desktop\zsnesw151.zip -> [Ver = | Size = 867785 bytes | Modified Date = 27/05/2008 03:27:40 | Attr = ] CV.doc -> %UserProfile%\Desktop\CV.doc -> [Ver = | Size = 36864 bytes | Modified Date = 03/06/2008 14:37:28 | Attr = ] APPLICATION PACK - ENV530EXT -GRADUATE PLANNING OFFICER.doc -> %UserProfile%\Desktop\APPLICATION PACK - ENV530EXT -GRADUATE PLANNING OFFICER.doc -> [Ver = | Size = 209920 bytes | Modified Date = 03/06/2008 14:55:52 | Attr = ] APPLICATION PACK - ENV530EXT -GRADUATE PLANNING OFFICER2.doc -> %UserProfile%\Desktop\APPLICATION PACK - ENV530EXT -GRADUATE PLANNING OFFICER2.doc -> [Ver = | Size = 204800 bytes | Modified Date = 03/06/2008 15:00:40 | Attr = ] Adobe Reader Speed Launch.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> [Ver = | Size = 1490 bytes | Modified Date = 04/06/2008 15:04:58 | Attr = ] Adobe AIR -> %CommonProgramFiles%\Adobe AIR -> [Folder | Modified Date = 01/06/2008 16:04:50 | Attr = ] Mozilla Shared -> %CommonProgramFiles%\Mozilla Shared -> [Folder | Modified Date = 04/06/2008 22:15:14 | Attr = ] < End of report > [/code]