[code] OTScanIt logfile created on: 2008-07-13 08:07:53 OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Doug Daly.CIR-Q-TEK\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd 1022.07 Mb Total Physical Memory | 549.98 Mb Available Physical Memory | 53.81% Memory free 2.40 Gb Paging File | 2.04 Gb Available in Paging File | 84.79% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.79 Gb Total Space | 96.23 Gb Free Space | 86.08% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DOUGSPC Current User Name: doug daly Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] wltrysvc.exe -> %SystemRoot%\system32\WLTRYSVC.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 2007-03-16 18:10:54 | Attr = ] bcmwltry.exe -> %SystemRoot%\system32\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.100.15.8 | Size = 1253376 bytes | Modified Date = 2007-03-16 18:10:52 | Attr = ] frameworkservice.exe -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 104000 bytes | Modified Date = 2006-11-17 13:37:44 | Attr = ] mcshield.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 144960 bytes | Modified Date = 2006-11-30 09:50:00 | Attr = ] vstskmgr.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> McAfee, Inc. [Ver = 8.5.0.781 | Size = 54872 bytes | Modified Date = 2006-11-30 09:50:00 | Attr = ] naprdmgr.exe -> %ProgramFiles%\McAfee\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 136768 bytes | Modified Date = 2006-11-17 13:40:56 | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.0119 | Size = 163908 bytes | Modified Date = 2007-04-28 19:05:00 | Attr = ] stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 2006-03-24 17:30:44 | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 90.0.43.000 | Size = 49152 bytes | Modified Date = 2007-03-11 21:34:40 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 2008-06-10 04:27:04 | Attr = ] teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 0, 20 | Size = 2156368 bytes | Modified Date = 2008-07-07 09:42:06 | Attr = RHS] tosbtmng.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> TOSHIBA CORPORATION. [Ver = 5.00.7111.ALL | Size = 2150400 bytes | Modified Date = 2007-01-11 20:43:46 | Attr = ] hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 90.0.146.000 | Size = 210520 bytes | Modified Date = 2007-03-11 21:26:24 | Attr = ] tosa2dp.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe -> TOSHIBA CORPORATION. [Ver = 5.00.6z18.ALL | Size = 278528 bytes | Modified Date = 2006-12-18 15:22:14 | Attr = ] tosbthid.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe -> TOSHIBA CORPORATION. [Ver = 4, 1, 1323, 0 | Size = 69632 bytes | Modified Date = 2006-01-23 23:14:10 | Attr = ] tosbthsp.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe -> TOSHIBA CORPORATION. [Ver = 5.00.01.61003 | Size = 270336 bytes | Modified Date = 2006-10-27 20:13:48 | Attr = ] tosobex.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe -> TOSHIBA CORPORATION. [Ver = 1, 0, 0, 2 | Size = 311296 bytes | Modified Date = 2006-02-06 23:00:20 | Attr = ] hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe -> Hewlett-Packard Co. [Ver = 90.0.146.000 | Size = 151552 bytes | Modified Date = 2007-03-11 21:32:42 | Attr = ] tosbtproc.exe -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe -> TOSHIBA CORPORATION. [Ver = 5.00.2515.ALL | Size = 2170880 bytes | Modified Date = 2006-12-15 11:41:30 | Attr = ] hpswp_clipbook.exe -> %ProgramFiles%\HP\Smart Web Printing\hpswp_clipbook.exe -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 173672 bytes | Modified Date = 2007-03-02 16:51:40 | Attr = R ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 2008-07-12 09:29:54 | Attr = ] [Win32 Services - Non-Microsoft Only] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 2007-10-23 10:20:45 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 2004-10-22 03:24:18 | Attr = ] (McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 104000 bytes | Modified Date = 2006-11-17 13:37:44 | Attr = ] (McShield) McAfee McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 144960 bytes | Modified Date = 2006-11-30 09:50:00 | Attr = ] (McTaskManager) McAfee Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> McAfee, Inc. [Ver = 8.5.0.781 | Size = 54872 bytes | Modified Date = 2006-11-30 09:50:00 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.0119 | Size = 163908 bytes | Modified Date = 2007-04-28 19:05:00 | Attr = ] (wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\WLTRYSVC.EXE -> [Ver = | Size = 20480 bytes | Modified Date = 2007-03-16 18:10:54 | Attr = ] [Driver Services - Non-Microsoft Only] (b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 8.48.0.0 built by: WinDDK | Size = 142720 bytes | Modified Date = 2005-10-26 10:01:02 | Attr = ] (BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 4.100.15.5 | Size = 604928 bytes | Modified Date = 2007-03-16 18:10:56 | Attr = ] (cercsr6) cercsr6 [Kernel | Boot | Stopped] -> %SystemRoot%\System32\drivers\cercsr6.sys -> Adaptec, Inc. [Ver = 4.1.0.7405 | Size = 39904 bytes | Modified Date = 2004-12-13 17:14:00 | Attr = ] (CSRBC) CSRBC.Sys CSR test driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\csrbcxp.sys -> CSR, plc [Ver = 1.0.0.378 built by: WinDDK | Size = 31744 bytes | Modified Date = 2007-01-16 10:22:00 | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] (guardian2) guardian2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\oz776.sys -> O2Micro [Ver = 1.1.3.7 (+EMV1.3.7.3) | Size = 56320 bytes | Modified Date = 2007-01-31 01:37:18 | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5011 built by: WinDDK | Size = 137728 bytes | Modified Date = 2004-08-12 17:45:54 | Attr = ] (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZid412.sys -> HP [Ver = 10, 1, 0, 3 | Size = 49920 bytes | Modified Date = 2007-01-19 15:46:09 | Attr = R ] (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 16496 bytes | Modified Date = 2007-01-19 15:46:10 | Attr = R ] (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 21568 bytes | Modified Date = 2007-01-19 15:46:12 | Attr = R ] (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_DPV.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 936960 bytes | Modified Date = 2005-12-01 01:40:56 | Attr = ] (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSXHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 192512 bytes | Modified Date = 2005-12-01 01:40:12 | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.010 | Size = 12544 bytes | Modified Date = 2005-10-04 23:57:08 | Attr = ] (mfeapfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeapfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 64360 bytes | Modified Date = 2006-11-30 08:50:00 | Attr = ] (mfeavfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 72264 bytes | Modified Date = 2006-11-30 08:50:00 | Attr = ] (mfebopk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 34152 bytes | Modified Date = 2006-11-30 08:50:00 | Attr = ] (mfehidk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 168776 bytes | Modified Date = 2006-11-30 08:50:00 | Attr = ] (mferkdk) VSCore mferkdk [Kernel | System | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 31944 bytes | Modified Date = 2006-11-30 09:50:00 | Attr = ] (mfetdik) McAfee Inc. [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfetdik.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 52136 bytes | Modified Date = 2006-11-30 08:50:00 | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.0119 | Size = 6727136 bytes | Modified Date = 2007-04-28 19:05:00 | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] (rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimmptsk.sys -> REDC [Ver = 1.0.0.6 | Size = 28544 bytes | Modified Date = 2005-07-14 18:58:14 | Attr = ] (rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimsptsk.sys -> REDC [Ver = 1.00.01.12 | Size = 51328 bytes | Modified Date = 2005-07-12 19:00:30 | Attr = ] (rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rixdptsk.sys -> REDC [Ver = 1.00.02.04 | Size = 307968 bytes | Modified Date = 2005-07-14 17:28:38 | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 06:25:53 | Attr = ] (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.4995.1 nd446 cp1 | Size = 1156648 bytes | Modified Date = 2006-03-24 17:34:30 | Attr = ] (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 191872 bytes | Modified Date = 2006-03-08 12:35:10 | Attr = ] (tosporte) Bluetooth COM Port [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tosporte.sys -> TOSHIBA Corporation [Ver = 5.00.1003.0 built by: WinDDK | Size = 41600 bytes | Modified Date = 2006-10-10 19:33:00 | Attr = ] (tosrfbd) Bluetooth RFBUS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tosrfbd.sys -> TOSHIBA CORPORATION [Ver = 5.00.1422.0 built by: WinDDK | Size = 113920 bytes | Modified Date = 2007-04-23 16:39:00 | Attr = ] (tosrfbnp) Bluetooth RFBNEP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tosrfbnp.sys -> TOSHIBA Corporation [Ver = 5.0.1120.00 built by: WinDDK | Size = 36480 bytes | Modified Date = 2006-11-20 17:55:16 | Attr = ] (Tosrfcom) Bluetooth RFCOMM [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tosrfcom.sys -> TOSHIBA Corporation [Ver = 1.02 | Size = 64896 bytes | Modified Date = 2005-08-01 16:45:00 | Attr = ] (Tosrfhid) Bluetooth RFHID [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Tosrfhid.sys -> TOSHIBA Corporation. [Ver = Version 5.00.1005.0 built by: WinDDK | Size = 73600 bytes | Modified Date = 2006-10-05 16:07:46 | Attr = ] (tosrfnds) Bluetooth Personal Area Network [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tosrfnds.sys -> TOSHIBA Corporation. [Ver = Version 1.00.03 | Size = 18612 bytes | Modified Date = 2005-01-06 13:42:00 | Attr = ] (Tosrfusb) Bluetooth USB Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tosrfusb.sys -> TOSHIBA CORPORATION [Ver = 5, 0, 1610, 0 | Size = 41856 bytes | Modified Date = 2007-04-10 20:29:42 | Attr = ] (UIUSys) Conexant Setup API [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\UIUSYS.SYS -> File not found (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 669696 bytes | Modified Date = 2005-12-01 01:40:08 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 90ad3fa1 -> %SystemRoot%\system32\bnctrnti.dll [rundll32.exe "C:\WINDOWS\system32\bnctrnti.dll",b] -> [Ver = | Size = 92672 bytes | Modified Date = 2008-07-12 13:13:12 | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 2008-01-11 22:16:38 | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 90.0.43.000 | Size = 49152 bytes | Modified Date = 2007-03-11 21:34:40 | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.0119 | Size = 8429568 bytes | Modified Date = 2007-04-28 19:05:00 | Attr = ] NVHotkey -> %SystemRoot%\system32\nvhotkey.dll [rundll32.exe nvHotkey.dll,Start] -> NVIDIA Corporation [Ver = 6.14.11.0119 | Size = 67584 bytes | Modified Date = 2007-04-28 19:05:00 | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RunDLL32.exe NvMCTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.0119 | Size = 81920 bytes | Modified Date = 2007-04-28 19:05:00 | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /installquiet] -> [Ver = | Size = 1626112 bytes | Modified Date = 2007-04-28 19:05:00 | Attr = ] SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe [stsystra.exe] -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 2006-03-24 17:30:44 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 2008-06-10 04:27:04 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 0, 20 | Size = 2156368 bytes | Modified Date = 2008-07-07 09:42:06 | Attr = RHS] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Bluetooth Manager.lnk -> %ProgramFiles%\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe -> TOSHIBA CORPORATION. [Ver = 5.00.7111.ALL | Size = 2150400 bytes | Modified Date = 2007-01-11 20:43:46 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 90.0.146.000 | Size = 210520 bytes | Modified Date = 2007-03-11 21:26:24 | Attr = ] < Doug Daly.CIR-Q-TEK Startup Folder > -> C:\Documents and Settings\Doug Daly.CIR-Q-TEK\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nnnoNEuS.dll [] -> [Ver = | Size = 29568 bytes | Modified Date = 2008-07-09 14:11:05 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 2007-06-13 06:23:07 | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 2007-10-25 23:34:01 | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> nnnoNEuS -> %SystemRoot%\system32\nnnoNEuS.dll -> [Ver = | Size = 29568 bytes | Modified Date = 2008-07-09 14:11:05 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoWelcomeScreen -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_CDRWDVD_CRX880A____________________KD09____\5&1b786059&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 2007-10-22 17:55:02 | Attr = ] < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4623 domain(s) found. -> 41 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4622 domain(s) found. -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {053F9267-DC04-4294-A72C-58F732D338C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_framework.dll [HP Print Clips] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 177768 bytes | Modified Date = 2007-03-02 16:52:08 | Attr = R ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 2008-07-07 09:41:58 | Attr = ] {684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nnnoNEuS.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 29568 bytes | Modified Date = 2008-07-09 14:11:05 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 2008-06-10 04:27:02 | Attr = ] {92afd67c-6f44-4cf1-b18b-0cade79a8e24} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ugsrln.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 116864 bytes | Modified Date = 2008-07-12 13:16:07 | Attr = ] {A8D7398E-E5CD-41F9-ADEA-762DB8FFB738} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\fccyxxVO.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 318208 bytes | Modified Date = 2008-07-09 14:16:15 | Attr = ] {A91F755D-7803-48D7-B3A5-4304E9F4FA38} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 2007-10-23 10:26:21 | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 2007-10-23 10:20:48 | Attr = ] {fe6bfc4d-ef77-4e49-bdfb-21a8808c84b1} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 2007-10-23 10:26:21 | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 1060 | Size = 2554944 bytes | Modified Date = 2007-10-23 10:26:21 | Attr = R ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 2008-06-10 04:27:02 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 2008-06-10 04:27:02 | Attr = ] {58ECB495-38F0-49cb-A538-10282ABF65E7}:{E763472E-A716-4CD9-89BD-DBDA6122F741} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Clipbook] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 2007-03-02 16:53:20 | Attr = R ] {700259D7-1666-479a-93B1-3250410481E8}:{A93C41D8-01F8-4F8B-B14C-DE20B117E636} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\Smart Web Printing\hpswp_extensions.dll [HP Smart Select] -> Hewlett-Packard Co. [Ver = 2.15.7.0 | Size = 153192 bytes | Modified Date = 2007-03-02 16:53:20 | Attr = R ] {77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 117 | Size = 1312040 bytes | Modified Date = 2007-09-13 13:31:40 | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 2008-07-07 09:41:58 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (button)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 117 | Size = 1312040 bytes | Modified Date = 2007-09-13 13:31:40 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {369291E4-D43E-45C7-8131-31FD26764E44} -> (Broadcom NetXtreme 57xx Gigabit Controller) -> {6DC646F0-6A18-43D5-8BFD-8716E841F242} -> () -> {7EE24768-5FE9-4A43-8DC8-FECDD4019712} -> (Dell Wireless 1490 Dual Band WLAN Mini-Card) -> {C107FE2D-E1D6-48DA-B6B6-A14E59FC1343} -> () -> {F97D0AAA-6E17-4499-80B3-D6C18C179877} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 2007-09-13 13:31:38 | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=58813[Office Genuine Advantage Validation Tool] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193110351921[WUWebControl Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205670075468[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1215882753587&h=251433d02797304c160edf549e5ea02b/&filename=jinstall-6u7-windows-i586-jc.cab[Java Plug-in 1.6.0_07] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\\Enabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\\AllowUserPrefMerge -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance -> %SystemRoot%\system32\sessmgr.exe [%WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance -> %SystemRoot%\pchealth\helpctr\binaries\HelpSvc.exe [%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 743936 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List\\%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -> %SystemRoot%\pchealth\helpctr\binaries\HelpCtr.exe [%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 768512 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\\Enabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\\AllowUserPrefMerge -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List\\135:TCP:*:Enabled:Offer Remote Assistance - Port -> 135:TCP:*:Enabled:Offer Remote Assistance - Port -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint\\Enabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint\\RemoteAddresses -> LocalSubnet -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop\\Enabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop\\RemoteAddresses -> * -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] C:\WINDOWS\system32\fccyxxVO -> %SystemRoot%\system32\fccyxxVO.dll -> [Ver = | Size = 318208 bytes | Modified Date = 2008-07-09 14:16:15 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 13:49:30 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 10:21:15 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 2006-03-24 00:37:50 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1280 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 88 38 9D 1D 99 AB 61 85 B8 0B 96 D3 37 99 41 80 32 37 36 62 34 31 30 39 00 FD 07 00 DA 12 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 E4 54 21 3E FC 08 6B D1 3E 90 D1 27 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 4A 0E BB 08 95 C7 EB D2 E8 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 7C B3 58 94 7E FB [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> D8 E1 44 2F D9 B0 53 FD AE E6 02 72 E7 52 26 EC [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> C0 3B C0 FA 23 15 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 10 D8 CD 09 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 10 D8 CD 09 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 10 D8 CD 09 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11493 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 08:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.5.0.239 | Size = 22880040 bytes | Modified Date = 2007-09-13 13:31:38 | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee\Common Framework\FrameworkService.exe -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe [C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service] -> McAfee, Inc. [Ver = 3.6.0.453 | Size = 104000 bytes | Modified Date = 2006-11-17 13:37:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 08:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath ] -> Skype Technologies S.A. [Ver = 3.5.0.239 | Size = 22880040 bytes | Modified Date = 2007-09-13 13:31:38 | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 00:39:49 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2004-08-04 06:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 00:39:49 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2008-07-12 09:25:17 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 2008-07-12 12:48:00 | Attr = HS] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 2008-07-12 13:23:22 | Attr = ] bnctrnti.dll -> %SystemRoot%\System32\bnctrnti.dll -> [Ver = | Size = 92672 bytes | Created Date = 2008-07-12 13:13:11 | Attr = ] ceexqo.dll -> %SystemRoot%\System32\ceexqo.dll -> [Ver = | Size = 116864 bytes | Created Date = 2008-07-12 09:37:22 | Attr = ] ckrcrn.dll -> %SystemRoot%\System32\ckrcrn.dll -> [Ver = | Size = 116864 bytes | Created Date = 2008-07-12 08:20:23 | Attr = ] cvgwxxyp.dll -> %SystemRoot%\System32\cvgwxxyp.dll -> [Ver = | Size = 116864 bytes | Created Date = 2008-07-12 09:48:03 | Attr = ] fccyxxVO.dll -> %SystemRoot%\System32\fccyxxVO.dll -> [Ver = | Size = 318208 bytes | Created Date = 2008-07-09 14:16:08 | Attr = ] fmvohayy.dll -> %SystemRoot%\System32\fmvohayy.dll -> [Ver = | Size = 116864 bytes | Created Date = 2008-07-12 13:16:04 | Attr = ] htmrbglb.dll -> %SystemRoot%\System32\htmrbglb.dll -> [Ver = | Size = 112256 bytes | Created Date = 2008-07-10 08:17:44 | Attr = ] itnrtcnb.ini -> %SystemRoot%\System32\itnrtcnb.ini -> [Ver = | Size = 1772977 bytes | Created Date = 2008-07-12 13:13:22 | Attr = HS] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 2008-07-12 13:18:18 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Created Date = 2008-07-12 13:18:18 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 2008-07-12 13:18:18 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 2008-07-12 13:18:18 | Attr = ] ligzps.dll -> %SystemRoot%\System32\ligzps.dll -> [Ver = | Size = 116864 bytes | Created Date = 2008-07-12 09:48:05 | Attr = ] nnnoNEuS.dll -> %SystemRoot%\System32\nnnoNEuS.dll -> [Ver = | Size = 29568 bytes | Created Date = 2008-07-09 14:11:05 | Attr = ] okvbcdct.dll -> %SystemRoot%\System32\okvbcdct.dll -> [Ver = | Size = 116864 bytes | Created Date = 2008-07-12 09:37:21 | Attr = ] opnkkLEX.dll -> %SystemRoot%\System32\opnkkLEX.dll -> [Ver = | Size = 29568 bytes | Created Date = 2008-07-09 14:12:42 | Attr = ] OVxxyccf.ini -> %SystemRoot%\System32\OVxxyccf.ini -> [Ver = | Size = 283212 bytes | Created Date = 2008-07-12 13:10:03 | Attr = HS] OVxxyccf.ini2 -> %SystemRoot%\System32\OVxxyccf.ini2 -> [Ver = | Size = 283212 bytes | Created Date = 2008-07-12 13:10:03 | Attr = HS] pmnoPIcA.dll -> %SystemRoot%\System32\pmnoPIcA.dll -> [Ver = | Size = 29568 bytes | Created Date = 2008-07-09 14:12:42 | Attr = ] rijmwm.dll -> %SystemRoot%\System32\rijmwm.dll -> [Ver = | Size = 112256 bytes | Created Date = 2008-07-09 14:17:22 | Attr = ] sdxpct.dll -> %SystemRoot%\System32\sdxpct.dll -> [Ver = | Size = 116864 bytes | Created Date = 2008-07-11 08:19:29 | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 3314 bytes | Created Date = 2008-07-12 11:00:57 | Attr = ] tufekjob.dll -> %SystemRoot%\System32\tufekjob.dll -> [Ver = | Size = 112256 bytes | Created Date = 2008-07-09 14:17:21 | Attr = ] ugsrln.dll -> %SystemRoot%\System32\ugsrln.dll -> [Ver = | Size = 116864 bytes | Created Date = 2008-07-12 13:16:08 | Attr = ] vtUoLbxx.dll -> %SystemRoot%\System32\vtUoLbxx.dll -> [Ver = | Size = 29568 bytes | Created Date = 2008-07-09 14:11:05 | Attr = ] wiqryqwo.dll -> %SystemRoot%\System32\wiqryqwo.dll -> [Ver = | Size = 116864 bytes | Created Date = 2008-07-12 08:20:22 | Attr = ] wnfnqwfk.dll -> %SystemRoot%\System32\wnfnqwfk.dll -> [Ver = | Size = 116864 bytes | Created Date = 2008-07-11 08:19:27 | Attr = ] ysdfyh.dll -> %SystemRoot%\System32\ysdfyh.dll -> [Ver = | Size = 112256 bytes | Created Date = 2008-07-10 08:17:46 | Attr = ] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 694 bytes | Created Date = 2008-07-12 13:13:41 | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2008-07-12 09:25:50 | Attr = ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 2008-07-12 09:25:07 | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 2008-07-12 09:25:07 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 2008-07-12 09:25:07 | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 2008-07-12 09:25:07 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 2008-07-12 13:18:30 | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2008-07-12 09:25:07 | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008-07-12 09:25:07 | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2008-07-12 09:25:07 | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 2008-07-12 12:47:29 | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2008-07-12 09:25:07 | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 2008-07-12 09:25:07 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 2008-07-12 10:45:16 | Attr = ] Sun -> %AppData%\Sun -> [Folder | Created Date = 2008-07-12 13:18:30 | Attr = ] 05500439eco011336.zip -> %UserProfile%\My Documents\05500439eco011336.zip -> [Ver = | Size = 1739012 bytes | Created Date = 2008-07-08 10:34:11 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\05500439eco011336.zip:Zone.Identifier 05900798 799 800 opt.zip -> %UserProfile%\My Documents\05900798 799 800 opt.zip -> [Ver = | Size = 181858 bytes | Created Date = 2008-06-24 07:27:03 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\05900798 799 800 opt.zip:Zone.Identifier cc_20080712_1249.reg -> %UserProfile%\My Documents\cc_20080712_1249.reg -> [Ver = | Size = 130460 bytes | Created Date = 2008-07-12 12:49:59 | Attr = ] dbcsinc packing slip.doc -> %UserProfile%\My Documents\dbcsinc packing slip.doc -> [Ver = | Size = 108032 bytes | Created Date = 2008-07-01 17:37:52 | Attr = ] FDD-101357-M????08032501.xls -> %UserProfile%\My Documents\FDD-101357-M堤億惆豢08032501.xls -> [Ver = | Size = 98304 bytes | Modified Date = 2008-03-28 11:39:46 | Attr = ] FDD-101357-P????08032502.xls -> %UserProfile%\My Documents\FDD-101357-P堤億惆豢08032502.xls -> [Ver = | Size = 36352 bytes | Modified Date = 2008-03-28 11:39:57 | Attr = ] FDD-101358-M????08032503.xls -> %UserProfile%\My Documents\FDD-101358-M堤億惆豢08032503.xls -> [Ver = | Size = 72192 bytes | Modified Date = 2008-03-28 11:40:06 | Attr = ] keyinstruments CofC.doc -> %UserProfile%\My Documents\keyinstruments CofC.doc -> [Ver = | Size = 29184 bytes | Created Date = 2008-06-17 09:39:07 | Attr = ] microresearch.pdf -> %UserProfile%\My Documents\microresearch.pdf -> [Ver = | Size = 193905 bytes | Created Date = 2008-07-01 13:35:46 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\microresearch.pdf:Zone.Identifier New Microsoft Word Document.doc -> %UserProfile%\My Documents\New Microsoft Word Document.doc -> [Ver = | Size = 10752 bytes | Created Date = 2008-06-13 09:59:22 | Attr = ] PI PCB Quotation.doc -> %UserProfile%\My Documents\PI PCB Quotation.doc -> [Ver = | Size = 28672 bytes | Created Date = 2008-06-27 10:29:10 | Attr = ] Production_status andy 0702.xls -> %UserProfile%\My Documents\Production_status andy 0702.xls -> [Ver = | Size = 29184 bytes | Created Date = 2008-07-02 10:56:24 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Production_status andy 0702.xls:Zone.Identifier Quote_on_June_11th,_2008.doc -> %UserProfile%\My Documents\Quote_on_June_11th,_2008.doc -> [Ver = | Size = 23040 bytes | Created Date = 2008-06-27 10:16:22 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Quote_on_June_11th,_2008.doc:Zone.Identifier renewlargepotentialopportunity.zip -> %UserProfile%\My Documents\renewlargepotentialopportunity.zip -> [Ver = | Size = 1794593 bytes | Created Date = 2008-07-01 07:41:54 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\renewlargepotentialopportunity.zip:Zone.Identifier report.html -> %UserProfile%\My Documents\report.html -> [Ver = | Size = 3929 bytes | Created Date = 2008-07-12 13:47:07 | Attr = ] TNT Status as of 6.doc -> %UserProfile%\My Documents\TNT Status as of 6.doc -> [Ver = | Size = 20992 bytes | Created Date = 2008-06-30 10:18:24 | Attr = ] TNT STOCK STATUS 61908.xls -> %UserProfile%\My Documents\TNT STOCK STATUS 61908.xls -> [Ver = | Size = 79360 bytes | Created Date = 2008-06-19 12:57:24 | Attr = ] MSN Installer.lnk -> %AllUsersProfile%\Desktop\MSN Installer.lnk -> [Ver = | Size = 1857 bytes | Created Date = 2008-06-25 15:45:25 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 2008-07-13 08:06:26 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 2008-07-13 08:06:09 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 2008-07-12 10:45:23 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 2008-07-12 13:16:24 | Attr = ] Java -> %ProgramFiles%\Java -> [Folder | Created Date = 2008-07-12 13:17:29 | Attr = ] Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [Folder | Created Date = 2008-07-12 10:45:16 | Attr = ] [Files/Folders - Modified Within 30 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2008-07-13 07:04:17 | Attr = H ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-07-12 13:17:29 | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2008-07-12 12:33:16 | Attr = ] QUARANTINE -> %SystemDrive%\QUARANTINE -> [Folder | Modified Date = 2008-07-12 16:25:39 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 2008-07-12 12:48:00 | Attr = HS] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 2008-07-12 13:23:22 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-07-13 07:02:44 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2008-07-12 12:41:46 | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 2008-07-12 12:41:46 | Attr = ] hosts.20080712-105205.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080712-105205.backup -> [Ver = | Size = 27 bytes | Modified Date = 2008-07-12 09:32:55 | Attr = ] hosts.ics -> %SystemRoot%\System32\drivers\etc\hosts.ics -> [Ver = | Size = 435 bytes | Modified Date = 2008-07-13 07:03:34 | Attr = ] bnctrnti.dll -> %SystemRoot%\System32\bnctrnti.dll -> [Ver = | Size = 92672 bytes | Modified Date = 2008-07-12 13:13:12 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-07-12 15:26:34 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ceexqo.dll -> %SystemRoot%\System32\ceexqo.dll -> [Ver = | Size = 116864 bytes | Modified Date = 2008-07-12 09:37:22 | Attr = ] ckrcrn.dll -> %SystemRoot%\System32\ckrcrn.dll -> [Ver = | Size = 116864 bytes | Modified Date = 2008-07-12 08:20:23 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 2008-07-12 12:38:55 | Attr = ] cvgwxxyp.dll -> %SystemRoot%\System32\cvgwxxyp.dll -> [Ver = | Size = 116864 bytes | Modified Date = 2008-07-12 09:48:05 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2008-07-12 12:56:18 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008-07-12 12:52:58 | Attr = ] fccyxxVO.dll -> %SystemRoot%\System32\fccyxxVO.dll -> [Ver = | Size = 318208 bytes | Modified Date = 2008-07-09 14:16:15 | Attr = ] fmvohayy.dll -> %SystemRoot%\System32\fmvohayy.dll -> [Ver = | Size = 116864 bytes | Modified Date = 2008-07-12 13:16:07 | Attr = ] htmrbglb.dll -> %SystemRoot%\System32\htmrbglb.dll -> [Ver = | Size = 112256 bytes | Modified Date = 2008-07-10 08:17:46 | Attr = ] itnrtcnb.ini -> %SystemRoot%\System32\itnrtcnb.ini -> [Ver = | Size = 1772977 bytes | Modified Date = 2008-07-13 07:03:26 | Attr = HS] ligzps.dll -> %SystemRoot%\System32\ligzps.dll -> [Ver = | Size = 116864 bytes | Modified Date = 2008-07-12 09:48:05 | Attr = ] nnnoNEuS.dll -> %SystemRoot%\System32\nnnoNEuS.dll -> [Ver = | Size = 29568 bytes | Modified Date = 2008-07-09 14:11:05 | Attr = ] nvModes.001 -> %SystemRoot%\System32\nvModes.001 -> [Ver = | Size = 30237 bytes | Modified Date = 2008-07-13 07:02:55 | Attr = ] nvModes.dat -> %SystemRoot%\System32\nvModes.dat -> [Ver = | Size = 30237 bytes | Modified Date = 2008-06-26 18:11:40 | Attr = ] okvbcdct.dll -> %SystemRoot%\System32\okvbcdct.dll -> [Ver = | Size = 116864 bytes | Modified Date = 2008-07-12 09:37:22 | Attr = ] opnkkLEX.dll -> %SystemRoot%\System32\opnkkLEX.dll -> [Ver = | Size = 29568 bytes | Modified Date = 2008-07-09 14:12:42 | Attr = ] OVxxyccf.ini -> %SystemRoot%\System32\OVxxyccf.ini -> [Ver = | Size = 283212 bytes | Modified Date = 2008-07-13 08:08:24 | Attr = HS] OVxxyccf.ini2 -> %SystemRoot%\System32\OVxxyccf.ini2 -> [Ver = | Size = 283212 bytes | Modified Date = 2008-07-13 08:06:20 | Attr = HS] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 72554 bytes | Modified Date = 2008-07-13 07:06:38 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 445096 bytes | Modified Date = 2008-07-13 07:06:38 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 526710 bytes | Modified Date = 2008-07-13 07:06:37 | Attr = ] pmnoPIcA.dll -> %SystemRoot%\System32\pmnoPIcA.dll -> [Ver = | Size = 29568 bytes | Modified Date = 2008-07-09 14:12:42 | Attr = ] rijmwm.dll -> %SystemRoot%\System32\rijmwm.dll -> [Ver = | Size = 112256 bytes | Modified Date = 2008-07-09 14:17:22 | Attr = ] sdxpct.dll -> %SystemRoot%\System32\sdxpct.dll -> [Ver = | Size = 116864 bytes | Modified Date = 2008-07-11 08:19:29 | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 3314 bytes | Modified Date = 2008-07-12 11:03:58 | Attr = ] tufekjob.dll -> %SystemRoot%\System32\tufekjob.dll -> [Ver = | Size = 112256 bytes | Modified Date = 2008-07-09 14:17:22 | Attr = ] ugsrln.dll -> %SystemRoot%\System32\ugsrln.dll -> [Ver = | Size = 116864 bytes | Modified Date = 2008-07-12 13:16:07 | Attr = ] vtUoLbxx.dll -> %SystemRoot%\System32\vtUoLbxx.dll -> [Ver = | Size = 29568 bytes | Modified Date = 2008-07-09 14:11:05 | Attr = ] wiqryqwo.dll -> %SystemRoot%\System32\wiqryqwo.dll -> [Ver = | Size = 116864 bytes | Modified Date = 2008-07-12 08:20:23 | Attr = ] wnfnqwfk.dll -> %SystemRoot%\System32\wnfnqwfk.dll -> [Ver = | Size = 116864 bytes | Modified Date = 2008-07-11 08:19:29 | Attr = ] ysdfyh.dll -> %SystemRoot%\System32\ysdfyh.dll -> [Ver = | Size = 112256 bytes | Modified Date = 2008-07-10 08:17:46 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2008-07-09 08:49:03 | Attr = H ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008-07-13 07:02:14 | Attr = S] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 694 bytes | Modified Date = 2008-07-12 16:01:34 | Attr = ] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 2008-07-11 07:09:10 | Attr = HS] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2008-07-12 13:00:40 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-07-12 13:18:27 | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2008-07-12 12:38:41 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008-07-12 12:53:16 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-07-13 07:04:22 | Attr = HS] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 2008-06-25 15:43:43 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-07-13 08:06:30 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 2008-07-12 13:18:30 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2008-07-12 12:42:10 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008-07-13 07:06:38 | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 2008-07-13 07:02:58 | Attr = ] Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job -> [Ver = | Size = 416 bytes | Modified Date = 2008-06-26 20:14:36 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-07-13 07:02:22 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2007-10-22 23:36:30 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5909 bytes | Modified Date = 2008-07-12 13:00:34 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5524 bytes | Modified Date = 2008-07-12 13:00:35 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 2007-10-23 07:21:30 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2007-10-24 19:27:40 | Attr = ] C:\Documents and Settings\Doug Daly.CIR-Q-TEK\Local Settings\Temp\jkos-doug daly\binaries\ -> C:\Documents and Settings\Doug Daly.CIR-Q-TEK\Local Settings\Temp\jkos-doug daly\binaries -> [Folder | Modified Date = 2008-07-12 13:47:24 | Attr = ] FSSync.dll -> C:\Documents and Settings\Doug Daly.CIR-Q-TEK\Local Settings\Temp\jkos-doug daly\binaries\FSSync.dll -> Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 2008-07-12 13:19:55 | Attr = ] kave.dll -> C:\Documents and Settings\Doug Daly.CIR-Q-TEK\Local Settings\Temp\jkos-doug daly\binaries\kave.dll -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 2008-07-12 13:19:56 | Attr = ] kosglue-7.0.25.0.dll -> C:\Documents and Settings\Doug Daly.CIR-Q-TEK\Local Settings\Temp\jkos-doug daly\binaries\kosglue-7.0.25.0.dll -> Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 2008-07-12 13:19:56 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2008-07-12 12:58:42 | Attr = ] HPAppData -> %AppData%\HPAppData -> [Folder | Modified Date = 2008-07-12 13:49:55 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2008-07-12 13:18:31 | Attr = S] Sun -> %AppData%\Sun -> [Folder | Modified Date = 2008-07-12 13:18:30 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 3763748 bytes | Modified Date = 2008-07-12 17:08:38 | Attr = H ] 05500439eco011336.zip -> %UserProfile%\My Documents\05500439eco011336.zip -> [Ver = | Size = 1739012 bytes | Modified Date = 2008-07-08 10:34:22 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\05500439eco011336.zip:Zone.Identifier 05900798 799 800 opt.zip -> %UserProfile%\My Documents\05900798 799 800 opt.zip -> [Ver = | Size = 181858 bytes | Modified Date = 2008-06-24 07:27:04 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\05900798 799 800 opt.zip:Zone.Identifier cc_20080712_1249.reg -> %UserProfile%\My Documents\cc_20080712_1249.reg -> [Ver = | Size = 130460 bytes | Modified Date = 2008-07-12 12:50:15 | Attr = ] dbcsinc packing slip.doc -> %UserProfile%\My Documents\dbcsinc packing slip.doc -> [Ver = | Size = 108032 bytes | Modified Date = 2008-07-01 17:40:33 | Attr = ] FDD-101357-M????08032501.xls -> %UserProfile%\My Documents\FDD-101357-M堤億惆豢08032501.xls -> [Ver = | Size = 98304 bytes | Modified Date = 2008-03-28 11:39:46 | Attr = ] FDD-101357-P????08032502.xls -> %UserProfile%\My Documents\FDD-101357-P堤億惆豢08032502.xls -> [Ver = | Size = 36352 bytes | Modified Date = 2008-03-28 11:39:57 | Attr = ] FDD-101358-M????08032503.xls -> %UserProfile%\My Documents\FDD-101358-M堤億惆豢08032503.xls -> [Ver = | Size = 72192 bytes | Modified Date = 2008-03-28 11:40:06 | Attr = ] keyinstruments CofC.doc -> %UserProfile%\My Documents\keyinstruments CofC.doc -> [Ver = | Size = 29184 bytes | Modified Date = 2008-06-17 09:39:07 | Attr = ] microresearch.pdf -> %UserProfile%\My Documents\microresearch.pdf -> [Ver = | Size = 193905 bytes | Modified Date = 2008-07-01 13:35:47 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\microresearch.pdf:Zone.Identifier New Microsoft Word Document.doc -> %UserProfile%\My Documents\New Microsoft Word Document.doc -> [Ver = | Size = 10752 bytes | Modified Date = 2008-06-13 09:59:22 | Attr = ] OPT -> %UserProfile%\My Documents\OPT -> [Folder | Modified Date = 2008-07-11 07:05:33 | Attr = ] PI PCB Quotation.doc -> %UserProfile%\My Documents\PI PCB Quotation.doc -> [Ver = | Size = 28672 bytes | Modified Date = 2008-06-27 10:29:10 | Attr = ] Production_status andy 0702.xls -> %UserProfile%\My Documents\Production_status andy 0702.xls -> [Ver = | Size = 29184 bytes | Modified Date = 2008-07-02 11:05:47 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Production_status andy 0702.xls:Zone.Identifier Quote_on_June_11th,_2008.doc -> %UserProfile%\My Documents\Quote_on_June_11th,_2008.doc -> [Ver = | Size = 23040 bytes | Modified Date = 2008-06-27 10:16:22 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\Quote_on_June_11th,_2008.doc:Zone.Identifier renewlargepotentialopportunity.zip -> %UserProfile%\My Documents\renewlargepotentialopportunity.zip -> [Ver = | Size = 1794593 bytes | Modified Date = 2008-07-01 07:42:04 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\renewlargepotentialopportunity.zip:Zone.Identifier report.html -> %UserProfile%\My Documents\report.html -> [Ver = | Size = 3929 bytes | Modified Date = 2008-07-12 13:47:07 | Attr = ] TNT Status as of 6.doc -> %UserProfile%\My Documents\TNT Status as of 6.doc -> [Ver = | Size = 20992 bytes | Modified Date = 2008-06-30 10:48:46 | Attr = ] TNT STOCK STATUS 61908.xls -> %UserProfile%\My Documents\TNT STOCK STATUS 61908.xls -> [Ver = | Size = 79360 bytes | Modified Date = 2008-07-09 11:59:48 | Attr = ] TNT STOCK STATUS.xls -> %UserProfile%\My Documents\TNT STOCK STATUS.xls -> [Ver = | Size = 78336 bytes | Modified Date = 2008-06-16 08:41:53 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\TNT STOCK STATUS.xls:Zone.Identifier MSN Installer.lnk -> %AllUsersProfile%\Desktop\MSN Installer.lnk -> [Ver = | Size = 1857 bytes | Modified Date = 2008-06-25 15:45:42 | Attr = ] Norton Security Scan.lnk -> %AllUsersProfile%\Desktop\Norton Security Scan.lnk -> [Ver = | Size = 2185 bytes | Modified Date = 2008-07-12 11:19:43 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 2008-07-13 08:06:27 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 2008-07-13 08:06:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 2008-07-12 10:45:23 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 2008-07-12 13:16:24 | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 2008-07-12 12:09:29 | Attr = ] < End of report > [/code]