[code] OTScanIt logfile created on: 7/23/2008 3:40:31 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Manuel Barajas\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 254.00 Mb Total Physical Memory | 61.33 Mb Available Physical Memory | 24.15% Memory free 625.05 Mb Paging File | 234.89 Mb Available in Paging File | 37.58% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.24 Gb Total Space | 23.38 Gb Free Space | 62.79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MANUEL Current User Name: Manuel Barajas Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 7/21/2008 11:46:49 PM | Attr = ] acsd.exe -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,17,5 | Size = 1376360 bytes | Modified Date = 8/6/2003 3:58:26 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.0.28.0 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:18 AM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] defwatch.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 32768 bytes | Modified Date = 5/21/2003 1:22:36 AM | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 610304 bytes | Modified Date = 5/21/2003 1:27:46 AM | Attr = ] wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 1/10/2003 4:13:04 PM | Attr = ] hkcmd.exe -> %SystemRoot%\SYSTEM32\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/6/2003 11:07:38 PM | Attr = ] bcmsmmsg.exe -> %SystemRoot%\BCMSMMSG.exe -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 4:59:24 AM | Attr = ] tfswctrl.exe -> %SystemRoot%\SYSTEM32\dla\tfswctrl.exe -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ] dsentry.exe -> %SystemRoot%\SYSTEM32\DSentry.exe -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 9:27:40 AM | Attr = ] pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 6:47:34 PM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.1622 | Size = 151597 bytes | Modified Date = 1/22/2004 4:55:35 PM | Attr = ] hpztsb10.exe -> %SystemRoot%\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe -> HP [Ver = 2.323.0.0 | Size = 172032 bytes | Modified Date = 6/21/2004 10:40:38 AM | Attr = ] vptray.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 90112 bytes | Modified Date = 5/21/2003 1:21:18 AM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Company [Ver = 2, 0, 39, 0 | Size = 49152 bytes | Modified Date = 2/12/2004 1:38:56 PM | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.7.0.43 | Size = 289064 bytes | Modified Date = 7/10/2008 10:51:32 AM | Attr = ] teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 0, 20 | Size = 2156368 bytes | Modified Date = 7/7/2008 9:42:06 AM | Attr = RHS] wspwprtct.exe -> %AllUsersProfile%\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe -> [Ver = | Size = 1253376 bytes | Modified Date = 7/21/2008 7:31:07 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.0.43 | Size = 532264 bytes | Modified Date = 7/10/2008 10:51:22 AM | Attr = ] hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 43.1.5.000 | Size = 241664 bytes | Modified Date = 5/28/2004 10:31:38 PM | Attr = ] hpqgalry.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqgalry.exe -> Hewlett-Packard Co. [Ver = 043.001.005.000 | Size = 520192 bytes | Modified Date = 5/28/2004 11:08:52 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 7/21/2008 11:46:49 PM | Attr = ] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\acsd.exe -> America Online, Inc. [Ver = 1,0,17,5 | Size = 1376360 bytes | Modified Date = 8/6/2003 3:58:26 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.0.28.0 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:18 AM | Attr = ] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] (DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 32768 bytes | Modified Date = 5/21/2003 1:22:36 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.0.43 | Size = 532264 bytes | Modified Date = 7/10/2008 10:51:22 AM | Attr = ] (MyWebSearchService) My Web Search Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe -> File not found (Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 610304 bytes | Modified Date = 5/21/2003 1:27:46 AM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\HPZipm12.exe -> HP [Ver = 8, 0, 0, 0 | Size = 65536 bytes | Modified Date = 3/18/2004 4:55:48 PM | Attr = ] (WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 7, 0, 0, 2 | Size = 65536 bytes | Modified Date = 1/10/2003 4:13:04 PM | Attr = ] [Driver Services - Non-Microsoft Only] (aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 12:15:00 PM | Attr = ] (AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\System32\drivers\AFS2K.SYS -> Oak Technology Inc. [Ver = 3.1.21.1103 | Size = 35840 bytes | Modified Date = 10/7/2004 6:16:04 PM | Attr = ] (AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 12:51:56 PM | Attr = ] (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 11:07:42 PM | Attr = ] (asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 12:52:00 PM | Attr = ] (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 12:51:58 PM | Attr = ] (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\bcm4sbxp.sys -> Broadcom Corporation [Ver = 3.60.0.0 built by: WinDDK | Size = 43136 bytes | Modified Date = 5/23/2003 11:58:30 AM | Attr = ] (BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\BCMSM.sys -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:05:01 | Size = 1101696 bytes | Modified Date = 8/29/2003 4:59:24 AM | Attr = ] (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 12:51:54 PM | Attr = ] (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 12:52:16 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:17 PM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:16 PM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 4:00:00 AM | Attr = ] (drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\drvmcdb.sys -> Sonic Solutions [Ver = 3.21.65a | Size = 84576 bytes | Modified Date = 7/31/2003 2:21:00 AM | Attr = ] (drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\drvnddm.sys -> Sonic Solutions [Ver = 2.56.38a | Size = 40448 bytes | Modified Date = 6/20/2003 1:56:00 AM | Attr = ] (EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 8/17/2001 11:11:06 AM | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ] (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\hpzid412.sys -> HP [Ver = 8, 0, 0, 0 | Size = 51088 bytes | Modified Date = 6/21/2004 10:40:48 AM | Attr = ] (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZipr12.sys -> HP [Ver = 8, 0, 0, 0 | Size = 16496 bytes | Modified Date = 6/21/2004 10:40:48 AM | Attr = ] (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZius12.sys -> HP [Ver = 8, 0, 0, 0 | Size = 21744 bytes | Modified Date = 6/21/2004 10:40:48 AM | Attr = ] (i81x) i81x [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 161020 bytes | Modified Date = 8/3/2004 10:29:36 PM | Attr = ] (iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12415 bytes | Modified Date = 8/3/2004 10:29:37 PM | Attr = ] (iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12127 bytes | Modified Date = 8/3/2004 10:29:37 PM | Attr = ] (iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11775 bytes | Modified Date = 8/3/2004 10:29:37 PM | Attr = ] (iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12063 bytes | Modified Date = 8/3/2004 10:29:47 PM | Attr = ] (iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 19455 bytes | Modified Date = 8/3/2004 10:29:49 PM | Attr = ] (iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 29311 bytes | Modified Date = 8/3/2004 10:29:41 PM | Attr = ] (iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 19551 bytes | Modified Date = 8/3/2004 10:29:42 PM | Attr = ] (iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wATV03nt.sys -> File not found (iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 33599 bytes | Modified Date = 8/3/2004 10:29:43 PM | Attr = ] (iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 23615 bytes | Modified Date = 8/3/2004 10:29:45 PM | Attr = ] (ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.13.10.3510 | Size = 90907 bytes | Modified Date = 4/15/2003 9:39:46 AM | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 12:52:12 PM | Attr = ] (NAVAP) NAVAP [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -> Symantec Corporation [Ver = 9.1.0.26 | Size = 224256 bytes | Modified Date = 5/2/2003 9:08:18 PM | Attr = ] (NAVAPEL) NAVAPEL [Kernel | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -> Symantec Corporation [Ver = 9.1.0.26 | Size = 30208 bytes | Modified Date = 5/2/2003 9:08:22 PM | Attr = ] (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080723.009\NAVENG.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 89936 bytes | Modified Date = 7/23/2008 1:00:00 AM | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080723.009\NAVEX15.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 856336 bytes | Modified Date = 7/23/2008 1:00:00 AM | Attr = ] (nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 10:29:54 PM | Attr = ] (omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 12:45:06 PM | Attr = ] (pfc) PADUS ASPI SHELL [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 200 | Size = 14604 bytes | Modified Date = 6/13/2002 3:08:46 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 4:00:00 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 2.02.57a | Size = 17168 bytes | Modified Date = 7/30/2003 1:02:00 AM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 12:52:20 PM | Attr = ] (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 12:52:20 PM | Attr = ] (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 12:52:18 PM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SECDRV.SYS -> [Ver = | Size = 27440 bytes | Modified Date = 8/29/2002 4:00:00 AM | Attr = ] (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 11:07:42 PM | Attr = ] (smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3555 | Size = 545024 bytes | Modified Date = 2/28/2003 8:17:18 AM | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 1:07:44 PM | Attr = ] (sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\sscdbhk5.sys -> Sonic Solutions [Ver = 1.10.81a | Size = 5621 bytes | Modified Date = 7/14/2003 10:28:40 AM | Attr = ] (ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ssrtln.sys -> Sonic Solutions [Ver = 1.10.81a | Size = 23219 bytes | Modified Date = 7/14/2003 10:28:22 AM | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 1:07:34 PM | Attr = ] (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 1:07:36 PM | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.2.2.11 | Size = 73496 bytes | Modified Date = 4/26/2004 6:50:49 PM | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 1:07:40 PM | Attr = ] (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 1:07:42 PM | Attr = ] (tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnboio.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 25685 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ] (tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsncofs.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 34837 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ] (tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsndrct.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 4117 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ] (tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsndres.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 2233 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ] (tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnifs.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 83284 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ] (tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnopio.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 14229 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ] (tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnpool.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 6357 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ] (tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnudf.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 98068 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ] (tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\dla\tfsnudfa.sys -> Sonic Solutions [Ver = 1.04.05b | Size = 100373 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ] (ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 12:52:22 PM | Attr = ] (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\usbaapl.sys -> Apple, Inc. [Ver = 1, 29, 0, 0 | Size = 32000 bytes | Modified Date = 7/10/2008 9:35:22 AM | Attr = ] (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 4:13:04 PM | Attr = ] ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmsbw.sys -> Intel Corporation [Ver = 6.13.10.3510 | Size = 113504 bytes | Modified Date = 4/15/2003 9:40:54 AM | Attr = ] ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmkchw.sys -> Intel Corporation [Ver = 6.13.10.3510 | Size = 78752 bytes | Modified Date = 4/15/2003 9:40:46 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> a458b01a -> %SystemRoot%\system32\snmfffvg.DLL [rundll32.exe "C:\WINDOWS\system32\snmfffvg.dll",b] -> File not found AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 7/10/2008 9:47:28 AM | Attr = ] BCMSMMSG -> %SystemRoot%\BCMSMMSG.exe [BCMSMMSG.exe] -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:04:35 | Size = 122880 bytes | Modified Date = 8/29/2003 4:59:24 AM | Attr = ] dla -> %SystemRoot%\SYSTEM32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> Sonic Solutions [Ver = 1.04.05b | Size = 114741 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ] DVDSentry -> %SystemRoot%\SYSTEM32\DSentry.exe [C:\WINDOWS\System32\DSentry.exe] -> Dell - Advanced Desktop Engineering [Ver = 1, 0, 5, 0 | Size = 28672 bytes | Modified Date = 8/13/2003 9:27:40 AM | Attr = ] HotKeysCmds -> %SystemRoot%\SYSTEM32\hkcmd.exe [C:\WINDOWS\System32\hkcmd.exe] -> Intel Corporation [Ver = 3,0,0,2104 | Size = 114688 bytes | Modified Date = 4/6/2003 11:07:38 PM | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe ["C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"] -> Hewlett-Packard Company [Ver = 2, 0, 39, 0 | Size = 49152 bytes | Modified Date = 2/12/2004 1:38:56 PM | Attr = ] HPDJ Taskbar Utility -> %SystemRoot%\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb10.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe] -> HP [Ver = 2.323.0.0 | Size = 172032 bytes | Modified Date = 6/21/2004 10:40:38 AM | Attr = ] IgfxTray -> %SystemRoot%\SYSTEM32\igfxtray.exe [C:\WINDOWS\System32\igfxtray.exe] -> Intel Corporation [Ver = 3,0,0,2104 | Size = 155648 bytes | Modified Date = 4/6/2003 11:19:52 PM | Attr = ] ISUSPM Startup -> %SystemDrive%\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> File not found iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.0.43 | Size = 289064 bytes | Modified Date = 7/10/2008 10:51:32 AM | Attr = ] My Web Search Bar -> %SystemDrive%\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL [rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S] -> File not found MyWebSearch Plugin -> %SystemDrive%\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL [rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF] -> File not found PCMService -> %ProgramFiles%\Dell\Media Experience\PCMService.exe ["C:\Program Files\Dell\Media Experience\PCMService.exe"] -> CyberLink Corp. [Ver = 1.0.0826 | Size = 204800 bytes | Modified Date = 8/26/2003 6:47:34 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr = ] StorageGuard -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe ["C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r] -> Sonic Solutions [Ver = 1.01.11a | Size = 155648 bytes | Modified Date = 2/13/2003 12:01:00 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.1622 | Size = 151597 bytes | Modified Date = 1/22/2004 4:55:35 PM | Attr = ] vptray -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe] -> Symantec Corporation [Ver = 8.1.0.825 | Size = 90112 bytes | Modified Date = 5/21/2003 1:21:18 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> MoneyAgent -> %ProgramFiles%\Microsoft Money\System\MNYEXPR.EXE ["C:\Program Files\Microsoft Money\System\mnyexpr.exe"] -> Microsoft Corp. [Ver = 12.00.0613 | Size = 200704 bytes | Modified Date = 6/18/2003 11:00:00 AM | Attr = ] s9201 -> %AllUsersProfile%\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe ["C:\Documents and Settings\All Users\Application Data\SecuriSoft SARL\WinSpywareProtect\wspwprtct.exe" /autorun] -> [Ver = | Size = 1253376 bytes | Modified Date = 7/21/2008 7:31:07 PM | Attr = ] Sonic RecordNow! -> [] -> File not found SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 0, 20 | Size = 2156368 bytes | Modified Date = 7/7/2008 9:42:06 AM | Attr = RHS] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk -> %ProgramFiles%\America Online 9.0\aoltray.exe -> America Online, Inc. [Ver = 9.00.000 | Size = 36953 bytes | Modified Date = 8/9/2003 4:36:04 PM | Attr = H ] %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 43.1.5.000 | Size = 241664 bytes | Modified Date = 5/28/2004 10:31:38 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 043.001.005.000 | Size = 53248 bytes | Modified Date = 5/28/2004 11:06:36 PM | Attr = ] < Manuel Barajas Startup Folder > -> C:\Documents and Settings\Manuel Barajas\Start Menu\Programs\Startup -> -> %UserProfile%\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe -> Leader Technologies [Ver = 3,0,0,0 | Size = 225280 bytes | Modified Date = 2/3/2004 7:34:57 PM | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {6A10732F-BDB9-48B3-9DF7-622478AD74FC} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\vtUlJbBs.dll [] -> [Ver = | Size = 33152 bytes | Modified Date = 7/21/2008 7:33:35 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1032192 bytes | Modified Date = 8/4/2004 12:56:49 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\SYSTEM32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\SYSTEM32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\SYSTEM32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.2869 (xpsp_sp2_gdr.060316-1512) | Size = 8452096 bytes | Modified Date = 3/16/2006 9:03:54 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\SYSTEM32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2104 | Size = 315392 bytes | Modified Date = 4/6/2003 11:06:48 PM | Attr = ] NavLogon -> %SystemRoot%\SYSTEM32\NavLogon.dll -> [Ver = | Size = 45056 bytes | Modified Date = 5/21/2003 1:19:00 AM | Attr = ] vtUlJbBs -> %SystemRoot%\SYSTEM32\vtUlJbBs.dll -> [Ver = | Size = 33152 bytes | Modified Date = 7/21/2008 7:33:35 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 1 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\SYSTEM32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:52 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_RW/DVD_GCC-4480B_______________C104____\5&2641f507&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> autoAlbum.log [-i="C:\Documents and Settings\Manuel Barajas\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_1\tmpAlb_1_0.txt" -o="C:\Documents and Settings\Manuel Barajas\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_1\tmpAlb_1_0_out.txt" -g -b -s=4 -f="text"input text file: C:\Documents and Settings\Manuel Barajas\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_1\tmpAlb_1_0.txt | output file: C:\Documents and Settings\Manuel Barajas\Local Settings\Application Data\HP\Digital Imaging\tmpAlb_1\tmpAlb_1_0_out.txt | | Value of width is 1700 and ht is 2338creating book layout ... | layout is complete, writing output file of type 1... | ] -> %SystemDrive%\autoAlbum.log [ NTFS ] -> [Ver = | Size = 655 bytes | Modified Date = 6/10/2005 8:09:28 PM | Attr = ] AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 9/3/2002 7:59:58 AM | Attr = ] < HOSTS File > (253037 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.dell4me.com/myway -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.dell4me.com/myway -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4645 domain(s) found. -> 41 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4644 domain(s) found. -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 6.0.1.2003110300 | Size = 54248 bytes | Modified Date = 11/3/2003 2:17:44 PM | Attr = ] {06F11F49-5D8A-47F8-ACE0-F57C13A5E4C0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr = ] {549B5CA7-4A86-11D7-A4DF-000874180BB3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\dla\tfswshx.dll [DriveLetterAccess] -> Sonic Solutions [Ver = 1.04.05b | Size = 106548 bytes | Modified Date = 8/6/2003 12:04:00 AM | Attr = ] {6A10732F-BDB9-48B3-9DF7-622478AD74FC} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\vtUlJbBs.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 33152 bytes | Modified Date = 7/21/2008 7:33:35 PM | Attr = ] {7B18CBFF-8B33-4F92-A805-F39E6FFEF4E7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {C0FCBD7F-56E3-4469-8F70-61CFACD820D7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {E09E1A10-4B33-49DA-98FF-770508E3BC2C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\jkkHaxUN.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 322304 bytes | Modified Date = 7/21/2008 7:41:37 PM | Attr = ] {f2a8f2df-b099-4b23-ae05-10b5e3e07613} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\msjava.dll [Sun Java Console] -> File not found {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\System32\msjava.dll [Web Browser Applet Control] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Search -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {E27FD1AD-5D68-4D07-A016-1D74E8F7E13E} -> (Broadcom 440x 10/100 Integrated Controller) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {74C861A1-D548-4916-BC8A-FDE92EDFF62C}[HKEY_LOCAL_MACHINE] -> http://mediaplayer.walmart.com/installer/install.cab[Reg Error: Key does not exist or could not be opened.] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:43 AM | Attr = ] C:\WINDOWS\system32\jkkHaxUN -> %SystemRoot%\SYSTEM32\jkkHaxUN.dll -> [Ver = | Size = 322304 bytes | Modified Date = 7/21/2008 7:41:37 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 10:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:43 AM | Attr = ] schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 728 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 94 94 67 D7 FB 3F A6 DC 8E 7F 26 E4 E9 12 49 5E 61 32 37 61 65 37 64 66 00 00 00 00 01 00 00 00 B4 01 00 00 B8 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 CB 2D 69 78 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 39 D0 08 DF C5 29 3E A1 25 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> DE F4 DD A7 98 0E [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> A7 77 D3 F6 FD EA 14 83 39 2F 48 F0 3A 21 BD 59 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 3E E2 96 D2 3C AF C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 6F E3 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 17224 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealOne Player] -> RealNetworks, Inc. [Ver = 6.0.11.853 | Size = 204845 bytes | Modified Date = 1/22/2004 4:55:39 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.7.0.43 | Size = 20246824 bytes | Modified Date = 7/10/2008 10:51:26 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E27FD1AD-5D68-4D07-A016-1D74E8F7E13E} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{614CFECA-4349-405C-B56B-8B979B6D2F6D} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 7/22/2008 1:54:14 PM | Attr = ] blphc9bpj0eg6j.scr -> %SystemRoot%\System32\blphc9bpj0eg6j.scr -> Sysinternals [Ver = 3.2 | Size = 60928 bytes | Created Date = 7/23/2008 3:24:00 PM | Attr = ] elgtvrah.ini -> %SystemRoot%\System32\elgtvrah.ini -> [Ver = | Size = 43521 bytes | Created Date = 7/22/2008 1:29:35 PM | Attr = HS] fprppr.dll -> %SystemRoot%\System32\fprppr.dll -> [Ver = | Size = 116864 bytes | Created Date = 7/21/2008 10:29:43 PM | Attr = ] guwmlwbj.dll -> %SystemRoot%\System32\guwmlwbj.dll -> [Ver = | Size = 116864 bytes | Created Date = 7/23/2008 3:23:52 PM | Attr = ] gvfffmns.ini -> %SystemRoot%\System32\gvfffmns.ini -> [Ver = | Size = 43761 bytes | Created Date = 7/21/2008 11:36:04 PM | Attr = HS] harvtgle.dll -> %SystemRoot%\System32\harvtgle.dll -> [Ver = | Size = 94848 bytes | Created Date = 7/22/2008 1:29:34 PM | Attr = ] jkkHaxUN.dll -> %SystemRoot%\System32\jkkHaxUN.dll -> [Ver = | Size = 322304 bytes | Created Date = 7/21/2008 7:41:33 PM | Attr = ] lphc9bpj0eg6j.exe -> %SystemRoot%\System32\lphc9bpj0eg6j.exe -> [Ver = | Size = 110080 bytes | Created Date = 7/23/2008 3:18:46 PM | Attr = ] ngeqlu.dll -> %SystemRoot%\System32\ngeqlu.dll -> [Ver = | Size = 116352 bytes | Created Date = 7/22/2008 1:26:58 PM | Attr = ] NUxaHkkj.ini -> %SystemRoot%\System32\NUxaHkkj.ini -> [Ver = | Size = 627804 bytes | Created Date = 7/21/2008 7:41:40 PM | Attr = HS] NUxaHkkj.ini2 -> %SystemRoot%\System32\NUxaHkkj.ini2 -> [Ver = | Size = 627804 bytes | Created Date = 7/21/2008 7:41:41 PM | Attr = HS] nwfvakek.dll -> %SystemRoot%\System32\nwfvakek.dll -> [Ver = | Size = 116864 bytes | Created Date = 7/21/2008 11:33:02 PM | Attr = ] nxvtaoqi.dll -> %SystemRoot%\System32\nxvtaoqi.dll -> [Ver = | Size = 116864 bytes | Created Date = 7/21/2008 10:29:35 PM | Attr = ] rabrbuws.dll -> %SystemRoot%\System32\rabrbuws.dll -> [Ver = | Size = 116352 bytes | Created Date = 7/22/2008 1:26:57 PM | Attr = ] vazjnz.dll -> %SystemRoot%\System32\vazjnz.dll -> [Ver = | Size = 116864 bytes | Created Date = 7/21/2008 11:33:08 PM | Attr = ] vcnegk.dll -> %SystemRoot%\System32\vcnegk.dll -> [Ver = | Size = 116864 bytes | Created Date = 7/23/2008 3:23:55 PM | Attr = ] vtUlJbBs.dll -> %SystemRoot%\System32\vtUlJbBs.dll -> [Ver = | Size = 33152 bytes | Created Date = 7/21/2008 7:33:35 PM | Attr = ] ymveeiph.ini -> %SystemRoot%\System32\ymveeiph.ini -> [Ver = | Size = 43581 bytes | Created Date = 7/21/2008 10:31:36 PM | Attr = HS] kgxmotapktx.dll -> %SystemRoot%\kgxmotapktx.dll -> [Ver = | Size = 454656 bytes | Created Date = 7/21/2008 7:30:08 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 7/18/2008 4:13:42 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 7/21/2008 11:43:32 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 7/21/2008 8:30:27 PM | Attr = ] SecuriSoft SARL -> %AllUsersProfile%\Application Data\SecuriSoft SARL -> [Folder | Created Date = 7/21/2008 7:29:26 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 7/21/2008 9:43:10 PM | Attr = ] FunWebProducts -> %AppData%\FunWebProducts -> [Folder | Created Date = 7/19/2008 5:44:15 PM | Attr = ] Summer OCR Unit 6 -> %UserProfile%\My Documents\Summer OCR Unit 6 -> [Folder | Created Date = 7/6/2008 5:22:23 PM | Attr = ] Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [Ver = | Size = 793 bytes | Created Date = 7/21/2008 11:43:52 PM | Attr = ] Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [Ver = | Size = 793 bytes | Created Date = 7/21/2008 11:43:52 PM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Created Date = 7/18/2008 7:11:33 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Created Date = 7/18/2008 7:06:19 PM | Attr = ] aaw2008.exe -> %UserProfile%\Desktop\aaw2008.exe -> [Ver = | Size = 19153264 bytes | Created Date = 7/21/2008 11:41:52 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\aaw2008.exe:Zone.Identifier ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 7/23/2008 3:35:32 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier CSUN.lnk -> %UserProfile%\Desktop\CSUN.lnk -> [Ver = | Size = 538 bytes | Created Date = 7/21/2008 4:46:08 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 7/22/2008 12:58:11 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 7/22/2008 12:57:38 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 7/23/2008 3:39:10 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 7/23/2008 3:37:26 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Created Date = 7/21/2008 9:43:26 PM | Attr = ] spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> Safer Networking Limited [Ver = 1.6.0 | Size = 15083520 bytes | Created Date = 7/21/2008 9:42:27 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\spybotsd160.exe:Zone.Identifier VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 7.00.0006 | Size = 119808 bytes | Created Date = 7/22/2008 12:56:21 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\VundoFix.exe:Zone.Identifier Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 7/21/2008 11:42:07 PM | Attr = ] Bonjour -> %ProgramFiles%\Bonjour -> [Folder | Created Date = 7/18/2008 7:07:55 PM | Attr = ] iTunes -> %ProgramFiles%\iTunes -> [Folder | Created Date = 7/18/2008 7:10:20 PM | Attr = ] Lavasoft -> %ProgramFiles%\Lavasoft -> [Folder | Created Date = 7/21/2008 11:43:38 PM | Attr = ] QuickTime -> %ProgramFiles%\QuickTime -> [Folder | Created Date = 7/18/2008 7:04:50 PM | Attr = ] Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [Folder | Created Date = 7/21/2008 9:43:10 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 7/22/2008 12:58:10 PM | Attr = ] [Files/Folders - Modified Within 30 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 7/21/2008 11:47:17 PM | Attr = H ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 266407936 bytes | Modified Date = 7/23/2008 3:28:01 PM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7/22/2008 12:58:10 PM | Attr = R ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 7/22/2008 1:54:14 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 7/23/2008 3:41:14 PM | Attr = ] ETC -> %SystemRoot%\System32\drivers\ETC -> [Folder | Modified Date = 7/21/2008 9:53:36 PM | Attr = ] HOSTS -> %SystemRoot%\System32\drivers\ETC\HOSTS -> [Ver = | Size = 253037 bytes | Modified Date = 7/21/2008 9:53:36 PM | Attr = R ] usbaapl.sys -> %SystemRoot%\System32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 29, 0, 0 | Size = 32000 bytes | Modified Date = 7/10/2008 9:35:22 AM | Attr = ] blphc9bpj0eg6j.scr -> %SystemRoot%\System32\blphc9bpj0eg6j.scr -> Sysinternals [Ver = 3.2 | Size = 60928 bytes | Modified Date = 7/23/2008 3:24:00 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 7/19/2008 5:35:54 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CONFIG -> %SystemRoot%\System32\CONFIG -> [Folder | Modified Date = 7/21/2008 9:23:57 PM | Attr = ] DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 7/21/2008 11:43:38 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 7/18/2008 7:00:12 PM | Attr = ] elgtvrah.ini -> %SystemRoot%\System32\elgtvrah.ini -> [Ver = | Size = 43521 bytes | Modified Date = 7/22/2008 1:29:51 PM | Attr = HS] fprppr.dll -> %SystemRoot%\System32\fprppr.dll -> [Ver = | Size = 116864 bytes | Modified Date = 7/21/2008 10:29:42 PM | Attr = ] guwmlwbj.dll -> %SystemRoot%\System32\guwmlwbj.dll -> [Ver = | Size = 116864 bytes | Modified Date = 7/23/2008 3:23:52 PM | Attr = ] gvfffmns.ini -> %SystemRoot%\System32\gvfffmns.ini -> [Ver = | Size = 43761 bytes | Modified Date = 7/22/2008 1:07:01 PM | Attr = HS] harvtgle.dll -> %SystemRoot%\System32\harvtgle.dll -> [Ver = | Size = 94848 bytes | Modified Date = 7/22/2008 1:29:34 PM | Attr = ] jkkHaxUN.dll -> %SystemRoot%\System32\jkkHaxUN.dll -> [Ver = | Size = 322304 bytes | Modified Date = 7/21/2008 7:41:37 PM | Attr = ] ngeqlu.dll -> %SystemRoot%\System32\ngeqlu.dll -> [Ver = | Size = 116352 bytes | Modified Date = 7/22/2008 1:26:58 PM | Attr = ] NUxaHkkj.ini -> %SystemRoot%\System32\NUxaHkkj.ini -> [Ver = | Size = 627804 bytes | Modified Date = 7/23/2008 3:41:12 PM | Attr = HS] NUxaHkkj.ini2 -> %SystemRoot%\System32\NUxaHkkj.ini2 -> [Ver = | Size = 627804 bytes | Modified Date = 7/23/2008 3:38:28 PM | Attr = HS] nwfvakek.dll -> %SystemRoot%\System32\nwfvakek.dll -> [Ver = | Size = 116864 bytes | Modified Date = 7/21/2008 11:33:05 PM | Attr = ] nxvtaoqi.dll -> %SystemRoot%\System32\nxvtaoqi.dll -> [Ver = | Size = 116864 bytes | Modified Date = 7/21/2008 10:29:42 PM | Attr = ] rabrbuws.dll -> %SystemRoot%\System32\rabrbuws.dll -> [Ver = | Size = 116352 bytes | Modified Date = 7/22/2008 1:26:58 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 7/21/2008 9:21:20 PM | Attr = ] vazjnz.dll -> %SystemRoot%\System32\vazjnz.dll -> [Ver = | Size = 116864 bytes | Modified Date = 7/21/2008 11:33:05 PM | Attr = ] vcnegk.dll -> %SystemRoot%\System32\vcnegk.dll -> [Ver = | Size = 116864 bytes | Modified Date = 7/23/2008 3:23:52 PM | Attr = ] vtUlJbBs.dll -> %SystemRoot%\System32\vtUlJbBs.dll -> [Ver = | Size = 33152 bytes | Modified Date = 7/21/2008 7:33:35 PM | Attr = ] WBEM -> %SystemRoot%\System32\WBEM -> [Folder | Modified Date = 7/21/2008 9:23:26 PM | Attr = ] WPA.DBL -> %SystemRoot%\System32\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 7/22/2008 6:18:35 AM | Attr = ] ymveeiph.ini -> %SystemRoot%\System32\ymveeiph.ini -> [Ver = | Size = 43581 bytes | Modified Date = 7/21/2008 11:33:21 PM | Attr = HS] BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 7/23/2008 3:28:02 PM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 7/19/2008 5:35:56 PM | Attr = S] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> INF -> %SystemRoot%\INF -> [Folder | Modified Date = 7/18/2008 7:33:10 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 7/21/2008 11:47:27 PM | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 7/23/2008 3:38:09 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 7/18/2008 3:43:27 PM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 7/21/2008 9:23:26 PM | Attr = ] SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 7/23/2008 3:41:09 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 7/18/2008 4:13:42 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 7/23/2008 3:36:09 PM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 336 bytes | Modified Date = 7/22/2008 12:46:57 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 7/18/2008 4:13:42 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/23/2008 3:28:28 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache -> [Folder | Modified Date = 6/17/2004 6:28:26 PM | Attr = ] ABOUT.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\ABOUT.DAT -> [Ver = | Size = 1528 bytes | Modified Date = 6/18/2003 11:00:00 AM | Attr = ] COLLEGE.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\COLLEGE.DAT -> [Ver = | Size = 327746 bytes | Modified Date = 6/18/2003 11:00:00 AM | Attr = ] MOREINFO.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\MOREINFO.DAT -> [Ver = | Size = 102 bytes | Modified Date = 6/18/2003 11:00:00 AM | Attr = ] YLPGSCAT.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Money\12.0\Webcache\YLPGSCAT.DAT -> [Ver = | Size = 12283223 bytes | Modified Date = 6/18/2003 11:00:00 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 1/22/2004 4:24:52 PM | Attr = ] QMGR0.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\QMGR0.DAT -> [Ver = | Size = 4232 bytes | Modified Date = 6/4/2007 5:06:50 PM | Attr = ] QMGR1.DAT -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\QMGR1.DAT -> [Ver = | Size = 5524 bytes | Modified Date = 6/4/2007 5:05:17 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 7/13/2004 1:58:58 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11062 bytes | Modified Date = 7/13/2004 2:03:51 PM | Attr = ] C:\Documents and Settings\Manuel Barajas\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Manuel Barajas\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> [Folder | Modified Date = 6/8/2004 6:49:14 PM | Attr = ] IsUninst.Exe -> C:\Documents and Settings\Manuel Barajas\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\IsUninst.Exe -> InstallShield Software Corporation [Ver = 5, 51, 138, 0 | Size = 306688 bytes | Modified Date = 10/29/1998 1:45:06 PM | Attr = R ] C:\Documents and Settings\Manuel Barajas\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Manuel Barajas\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> [Folder | Modified Date = 6/8/2004 6:49:14 PM | Attr = ] Ctl3d32.dll -> C:\Documents and Settings\Manuel Barajas\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Ctl3d32.dll -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/13/1995 3:46:26 PM | Attr = R ] mcRegSrvr.dll -> C:\Documents and Settings\Manuel Barajas\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\mcRegSrvr.dll -> [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/10/2002 3:24:20 PM | Attr = R ] rsl.dll -> C:\Documents and Settings\Manuel Barajas\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\rsl.dll -> Roxio, Inc. [Ver = 1.01.27 | Size = 163840 bytes | Modified Date = 3/21/2002 5:24:52 PM | Attr = R ] C:\Documents and Settings\Manuel Barajas\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> C:\Documents and Settings\Manuel Barajas\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\ -> [Folder | Modified Date = 6/8/2004 6:49:14 PM | Attr = ] Corecomp.ini -> C:\Documents and Settings\Manuel Barajas\Local Settings\Temp\_ISTMP1.DIR\_ISTMP0.DIR\Corecomp.ini -> [Ver = | Size = 28290 bytes | Modified Date = 2/2/1999 1:21:18 PM | Attr = R ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 7/21/2008 11:43:32 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 7/21/2008 8:30:27 PM | Attr = ] SecuriSoft SARL -> %AllUsersProfile%\Application Data\SecuriSoft SARL -> [Folder | Modified Date = 7/21/2008 7:29:26 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 7/21/2008 10:11:17 PM | Attr = ] FunWebProducts -> %AppData%\FunWebProducts -> [Folder | Modified Date = 7/19/2008 5:44:15 PM | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Modified Date = 7/19/2008 11:05:45 AM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 7/23/2008 3:32:34 PM | Attr = ] Summer OCR Unit 6 -> %UserProfile%\My Documents\Summer OCR Unit 6 -> [Folder | Modified Date = 7/6/2008 6:30:59 PM | Attr = ] Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [Ver = | Size = 793 bytes | Modified Date = 7/21/2008 11:43:52 PM | Attr = ] Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [Ver = | Size = 793 bytes | Modified Date = 7/21/2008 11:43:52 PM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 7/19/2008 5:39:31 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Modified Date = 7/18/2008 7:06:20 PM | Attr = ] aaw2008.exe -> %UserProfile%\Desktop\aaw2008.exe -> [Ver = | Size = 19153264 bytes | Modified Date = 7/21/2008 11:42:03 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\aaw2008.exe:Zone.Identifier ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 7/23/2008 3:35:33 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier CSUN.lnk -> %UserProfile%\Desktop\CSUN.lnk -> [Ver = | Size = 538 bytes | Modified Date = 7/21/2008 4:46:08 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 7/22/2008 12:58:12 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 7/22/2008 12:57:39 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier Microsoft Office PowerPoint 2003.lnk -> %UserProfile%\Desktop\Microsoft Office PowerPoint 2003.lnk -> [Ver = | Size = 2483 bytes | Modified Date = 6/25/2008 3:03:29 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 7/23/2008 3:39:10 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 7/23/2008 3:37:28 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 7/21/2008 9:43:26 PM | Attr = ] spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> Safer Networking Limited [Ver = 1.6.0 | Size = 15083520 bytes | Modified Date = 7/21/2008 9:42:34 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\spybotsd160.exe:Zone.Identifier VundoFix.exe -> %UserProfile%\Desktop\VundoFix.exe -> Atribune.org [Ver = 7.00.0006 | Size = 119808 bytes | Modified Date = 7/22/2008 12:56:25 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\VundoFix.exe:Zone.Identifier Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 7/21/2008 9:09:59 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 7/21/2008 11:42:07 PM | Attr = ] < End of report > [/code]