[code] OTScanIt logfile created on: 8/18/2008 11:35:08 AM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Hayley Lorraine\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 446.04 Mb Total Physical Memory | 178.23 Mb Available Physical Memory | 39.96% Memory free 1.03 Gb Paging File | 0.55 Gb Available in Paging File | 53.22% Paging File free Paging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 52.14 Gb Total Space | 24.44 Gb Free Space | 46.87% Space Free | Partition Type: NTFS Drive D: | 7.59 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HAYLEY Current User Name: Hayley Lorraine Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4140 | Size = 401408 bytes | Modified Date = 9/23/2006 4:49:08 AM | Attr = ] wltrysvc.exe -> %SystemRoot%\system32\WLTRYSVC.EXE -> [Ver = | Size = 18944 bytes | Modified Date = 12/19/2005 5:08:42 PM | Attr = ] bcmwltry.exe -> %SystemRoot%\system32\BCMWLTRY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1200128 bytes | Modified Date = 12/19/2005 5:08:40 PM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 1:42:38 PM | Attr = ] frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.456 | Size = 102463 bytes | Modified Date = 2/25/2005 4:50:00 PM | Attr = ] mcshield.exe -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 9/22/2004 9:00:00 PM | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4140 | Size = 401408 bytes | Modified Date = 9/23/2006 4:49:08 AM | Attr = ] naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> Network Associates, Inc. [Ver = 3.5.0.456 | Size = 241719 bytes | Modified Date = 2/25/2005 4:50:00 PM | Attr = ] vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 9/22/2004 9:00:00 PM | Attr = ] nicconfigsvc.exe -> %ProgramFiles%\Dell\QuickSet\NicConfigSvc.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 8/23/2006 6:13:28 PM | Attr = ] viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ] cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 1/2/2006 7:41:22 PM | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 9/22/2006 1:47:54 PM | Attr = ] wltray.exe -> %SystemRoot%\system32\WLTRAY.EXE -> Dell Inc. [Ver = 4.10.47.3 | Size = 1347584 bytes | Modified Date = 12/19/2005 5:08:42 PM | Attr = ] stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.5143.0 nd491 cp1 | Size = 282624 bytes | Modified Date = 9/22/2006 1:06:26 PM | Attr = ] dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 12/9/2005 10:29:52 PM | Attr = ] dlactrlw.exe -> %SystemRoot%\system32\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 6:50:18 PM | Attr = ] shstat.exe -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 9:00:00 PM | Attr = ] updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.5.0.456 | Size = 139320 bytes | Modified Date = 2/25/2005 4:50:00 PM | Attr = ] tbmon.exe -> %CommonProgramFiles%\Network Associates\TalkBack\tbmon.exe -> Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Modified Date = 10/7/2003 10:48:56 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ] dsagnt.exe -> %ProgramFiles%\Dell Support\DSAgnt.exe -> Gteko Ltd. [Ver = 2, 1, 3, 176 | Size = 395776 bytes | Modified Date = 8/28/2006 11:57:12 PM | Attr = ] aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 12:15:06 PM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 5/28/2008 10:33:34 AM | Attr = ] dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 4:06:00 AM | Attr = ] aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 3:17:27 AM | Attr = ] viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 5:38:18 PM | Attr = ] aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> AOL LLC [Ver = 15.5.1.2 | Size = 42032 bytes | Modified Date = 5/25/2007 1:16:08 PM | Attr = ] cli.exe -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLI.exe -> ATI Technologies Inc. [Ver = 1.11.0.0 | Size = 45056 bytes | Modified Date = 1/2/2006 7:41:22 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4140 | Size = 401408 bytes | Modified Date = 9/23/2006 4:49:08 AM | Attr = ] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 1:42:38 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] (McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.456 | Size = 102463 bytes | Modified Date = 2/25/2005 4:50:00 PM | Attr = ] (McShield) Network Associates McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 9/22/2004 9:00:00 PM | Attr = ] (McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 9/22/2004 9:00:00 PM | Attr = ] (NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\QuickSet\NicConfigSvc.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 8/23/2006 6:13:28 PM | Attr = ] (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ] (wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\WLTRYSVC.EXE -> [Ver = | Size = 18944 bytes | Modified Date = 12/19/2005 5:08:42 PM | Attr = ] [Driver Services - Non-Microsoft Only] (AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 3:51:56 PM | Attr = ] (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AMDAGP.SYS -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/4/2004 1:07:44 AM | Attr = ] (AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.3.2 (dnsrv(wmbla).060701-2226) | Size = 36864 bytes | Modified Date = 7/2/2006 12:39:40 AM | Attr = ] (APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> Dell Inc [Ver = 1, 0, 1, 1 | Size = 16128 bytes | Modified Date = 8/12/2005 7:50:46 PM | Attr = ] (asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 3:52:00 PM | Attr = ] (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 3:51:58 PM | Attr = ] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6631 | Size = 1681920 bytes | Modified Date = 9/23/2006 4:56:40 AM | Attr = ] (BCM43XX) Dell Wireless WLAN Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\BCMWL5.SYS -> Broadcom Corporation [Ver = 4.10.40.0 | Size = 424320 bytes | Modified Date = 11/2/2005 9:24:34 PM | Attr = ] (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 4.52.0.0 built by: WinDDK | Size = 44544 bytes | Modified Date = 8/17/2006 3:55:16 PM | Attr = ] (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 3:51:54 PM | Attr = ] (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 3:52:16 PM | Attr = ] (DLABOIOM) DLABOIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLABOIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 25628 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr = ] (DLACDBHM) DLACDBHM [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLACDBHM.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 5628 bytes | Modified Date = 8/25/2005 2:16:52 PM | Attr = ] (DLADResN) DLADResN [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLADResN.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 2496 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr = ] (DLAIFS_M) DLAIFS_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAIFS_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 86524 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr = ] (DLAOPIOM) DLAOPIOM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAOPIOM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 14684 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr = ] (DLAPoolM) DLAPoolM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAPoolM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 6364 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr = ] (DLARTL_N) DLARTL_N [File_System | System | Running] -> %SystemRoot%\system32\drivers\DLARTL_N.SYS -> Sonic Solutions [Ver = 5.20.01a | Size = 22684 bytes | Modified Date = 8/25/2005 2:16:16 PM | Attr = ] (DLAUDFAM) DLAUDFAM [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDFAM.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 94332 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr = ] (DLAUDF_M) DLAUDF_M [File_System | Auto | Running] -> %SystemRoot%\system32\DLA\DLAUDF_M.SYS -> Sonic Solutions [Ver = 5.20.08a | Size = 87036 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] (DRVMCDB) DRVMCDB [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\DRVMCDB.SYS -> Sonic Solutions [Ver = 3.30.04a | Size = 89264 bytes | Modified Date = 9/12/2005 5:30:00 AM | Attr = ] (DRVNDDM) DRVNDDM [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\DRVNDDM.SYS -> Sonic Solutions [Ver = 5.20.00a | Size = 40544 bytes | Modified Date = 8/12/2005 7:20:00 AM | Attr = ] (DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\Dell Support\GTAction\triggers\DSproct.sys -> GTek Technologies Ltd. [Ver = 1, 0, 0, 28 | Size = 4864 bytes | Modified Date = 1/10/2006 1:07:58 PM | Attr = ] (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 2:12:10 PM | Attr = ] (FilterService) UVC Filter Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\lvuvcflt.sys -> File not found (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5011 built by: WinDDK | Size = 137728 bytes | Modified Date = 8/12/2004 7:45:54 PM | Attr = ] (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_DPV.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 936960 bytes | Modified Date = 12/1/2005 9:40:56 AM | Attr = ] (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSXHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 192512 bytes | Modified Date = 12/1/2005 9:40:12 AM | Attr = ] (hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ewusbmdm.sys -> Huawei Technologies Co., Ltd. [Ver = 2. 0. 3. 8. SP08 | Size = 101120 bytes | Modified Date = 7/16/2007 1:23:20 PM | Attr = ] (lvpopflt) Logitech POP Suppression Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\lvpopflt.sys -> File not found (LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\LVUSBSta.sys -> File not found (LVUVC) QuickCam for Notebooks Deluxe(UVC) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\lvuvc.hs -> [Ver = | Size = 0 bytes | Modified Date = 5/18/2008 2:31:32 PM | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.010 | Size = 12544 bytes | Modified Date = 10/5/2005 6:57:08 AM | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 3:52:12 PM | Attr = ] (NaiAvFilter1) NaiAvFilter1 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\naiavf5x.sys -> Network Associates, Inc. [Ver = 8.0.0.276 | Size = 108480 bytes | Modified Date = 1/14/2005 9:00:00 PM | Attr = ] (NaiAvTdi1) NaiAvTdi1 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mvstdi5x.sys -> Network Associates, Inc. [Ver = 8.0.0.266 | Size = 58464 bytes | Modified Date = 1/14/2005 9:00:00 PM | Attr = ] (nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/4/2004 12:29:56 AM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.33a | Size = 36528 bytes | Modified Date = 8/24/2006 2:33:36 PM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 3:52:20 PM | Attr = ] (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 3:52:20 PM | Attr = ] (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 3:52:18 PM | Attr = ] (rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimmptsk.sys -> REDC [Ver = 1.0.0.6 | Size = 28544 bytes | Modified Date = 7/15/2005 1:58:14 AM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 5/28/2008 10:33:36 AM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 5/28/2008 10:33:38 AM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 5/28/2008 10:33:36 AM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr = ] (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SISAGP.SYS -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/4/2004 1:07:44 AM | Attr = ] (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 7:56:16 AM | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 4:07:44 PM | Attr = ] (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.5143.0 nd491 cp1 | Size = 1171464 bytes | Modified Date = 9/22/2006 1:06:26 PM | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 4:07:34 PM | Attr = ] (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 4:07:36 PM | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 4:07:40 PM | Attr = ] (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 4:07:42 PM | Attr = ] (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 191872 bytes | Modified Date = 9/22/2006 1:47:52 PM | Attr = ] (ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 3:52:22 PM | Attr = ] (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wanatw4.sys -> File not found (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.38.00 built by: WinDDK | Size = 669696 bytes | Modified Date = 12/1/2005 9:40:08 AM | Attr = ] (EntDrv51) EntDrv51 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\entdrv51.sys -> Network Associates, Inc [Ver = 8.0.0.277 | Size = 8320 bytes | Modified Date = 1/14/2005 9:00:00 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 4:16:38 PM | Attr = ] ATICCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"] -> [Ver = | Size = 90112 bytes | Modified Date = 5/10/2006 1:12:06 PM | Attr = ] Broadcom Wireless Manager UI -> %SystemRoot%\system32\WLTRAY.EXE [C:\WINDOWS\system32\WLTRAY.exe] -> Dell Inc. [Ver = 4.10.47.3 | Size = 1347584 bytes | Modified Date = 12/19/2005 5:08:42 PM | Attr = ] DLA -> %SystemRoot%\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr = ] DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe ["C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"] -> CyberLink Corp. [Ver = 3.00.0000 | Size = 49152 bytes | Modified Date = 12/9/2005 10:29:52 PM | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 221184 bytes | Modified Date = 7/27/2004 6:50:42 PM | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> InstallShield Software Corporation [Ver = 3, 10, 100, 1155 | Size = 81920 bytes | Modified Date = 7/27/2004 6:50:18 PM | Attr = ] McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe ["C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey] -> Network Associates, Inc. [Ver = 3.5.0.456 | Size = 139320 bytes | Modified Date = 2/25/2005 4:50:00 PM | Attr = ] Network Associates Error Reporting Service -> %CommonProgramFiles%\Network Associates\TalkBack\tbmon.exe ["C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"] -> Network Associates, Inc. [Ver = 2.0.275.0 | Size = 147514 bytes | Modified Date = 10/7/2003 10:48:56 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 10/19/2007 3:16:26 PM | Attr = ] ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe ["C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE] -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 9:00:00 PM | Attr = ] SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe [stsystra.exe] -> SigmaTel, Inc. [Ver = 1.0.5143.0 nd491 cp1 | Size = 282624 bytes | Modified Date = 9/22/2006 1:06:26 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:36 AM | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 9/22/2006 1:47:54 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 12:15:06 PM | Attr = ] DellSupport -> %ProgramFiles%\Dell Support\DSAgnt.exe ["C:\Program Files\Dell Support\DSAgnt.exe" /startup] -> Gteko Ltd. [Ver = 2, 1, 3, 176 | Size = 395776 bytes | Modified Date = 8/28/2006 11:57:12 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 5/28/2008 10:33:34 AM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 4:06:00 AM | Attr = ] < Hayley Lorraine Startup Folder > -> C:\Documents and Settings\Hayley Lorraine\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 5/13/2008 10:13:36 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 11:34:01 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ] AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4140 | Size = 86016 bytes | Modified Date = 9/23/2006 4:50:18 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_DVD+-RW_TS-L632D_______________DE03____\5&338364db&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 8/10/2004 3:04:08 PM | Attr = ] < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061204 -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061204 -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 5:08:42 PM | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 7:20:00 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] {99C6D1BB-7555-474C-91DA-D8FB62A9CC75} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\1DQI03iX.dll [solution Class] -> File not found {CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.2.0.2 | Size = 98304 bytes | Modified Date = 11/17/2006 1:46:38 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 7/12/2007 4:00:35 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {093FAD86-33AD-46B1-9F22-D23D4190608A} -> (Dell Wireless 1390 WLAN Mini-Card) -> {5B223180-7E25-498D-8B2C-0E151DD6E15E} -> (Broadcom 440x 10/100 Integrated Controller) -> {E5101C51-2B07-4830-8F7D-079EC4C7684C} -> () -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 1:42:30 PM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 844 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 92 14 52 85 36 8F 7C 8B 8B E2 80 24 07 57 05 22 37 35 61 30 36 63 65 31 00 00 00 00 57 2E 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 26 77 B7 F5 85 C4 A0 F1 72 83 E5 75 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 55 F7 E9 E7 A9 57 CB 76 8F [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> B0 56 99 4A 80 E6 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 82 5A AD 39 94 F1 D1 41 53 9A 9F 6D FE D9 7A 05 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 7A CB 2A 11 BC 17 C7 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E8 36 7A 44 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 78 9C 2F 12 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E8 36 7A 44 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 43370 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> %CommonProgramFiles%\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> %ProgramFiles%\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 3:17:27 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Hayley Lorraine\Desktop\utorrent.exe -> %UserProfile%\Desktop\utorrent.exe [C:\Documents and Settings\Hayley Lorraine\Desktop\utorrent.exe:*:Enabled:µTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 1:42:38 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ruckus Player\Ruckus.exe -> %ProgramFiles%\Ruckus Player\Ruckus.exe [C:\Program Files\Ruckus Player\Ruckus.exe:*:Enabled:Ruckus] -> [Ver = 3,6,1,14608 | Size = 2134016 bytes | Modified Date = 3/27/2008 10:00:10 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe [C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service] -> Network Associates, Inc. [Ver = 3.5.0.456 | Size = 102463 bytes | Modified Date = 2/25/2005 4:50:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\QuickTime\QuickTimePlayer.exe -> %ProgramFiles%\QuickTime\QuickTimePlayer.exe [C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player] -> Apple Inc. [Ver = 7.3 | Size = 6948144 bytes | Modified Date = 10/19/2007 3:17:52 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> %ProgramFiles%\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 1/3/2008 12:15:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe -> %ProgramFiles%\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe [C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe -> %ProgramFiles%\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe [C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe:*:Enabled:3 USB Modem] -> Huawei Technologies [Ver = HOST01.11.18.01.04.156 | Size = 335872 bytes | Modified Date = 8/9/2007 4:52:28 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 8/17/2008 6:54:44 PM | Attr = HS] 1Sksb4Er.exe -> %SystemRoot%\System32\1Sksb4Er.exe -> [Ver = | Size = 29760 bytes | Created Date = 8/15/2008 12:28:30 AM | Attr = ] 1Sksb4Er.exe.a_a -> %SystemRoot%\System32\1Sksb4Er.exe.a_a -> [Ver = | Size = 0 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] WdqiXO0x.exe -> %SystemRoot%\System32\WdqiXO0x.exe -> [Ver = | Size = 80898 bytes | Created Date = 8/15/2008 12:39:41 AM | Attr = ] WdqiXO0x.exe.a_a -> %SystemRoot%\System32\WdqiXO0x.exe.a_a -> [Ver = | Size = 0 bytes | Created Date = 8/15/2008 7:11:14 PM | Attr = ] WdqiXO0x.exe_ -> %SystemRoot%\System32\WdqiXO0x.exe_ -> [Ver = | Size = 80898 bytes | Created Date = 8/15/2008 12:39:41 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 8/18/2008 2:44:57 AM | Attr = ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Created Date = 8/17/2008 6:55:34 PM | Attr = ] At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:32 AM | Attr = ] At10.job -> %SystemRoot%\tasks\At10.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At11.job -> %SystemRoot%\tasks\At11.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At12.job -> %SystemRoot%\tasks\At12.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At13.job -> %SystemRoot%\tasks\At13.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At14.job -> %SystemRoot%\tasks\At14.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At15.job -> %SystemRoot%\tasks\At15.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At16.job -> %SystemRoot%\tasks\At16.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At17.job -> %SystemRoot%\tasks\At17.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At18.job -> %SystemRoot%\tasks\At18.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At19.job -> %SystemRoot%\tasks\At19.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At2.job -> %SystemRoot%\tasks\At2.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:32 AM | Attr = ] At20.job -> %SystemRoot%\tasks\At20.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At21.job -> %SystemRoot%\tasks\At21.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At22.job -> %SystemRoot%\tasks\At22.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At23.job -> %SystemRoot%\tasks\At23.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At24.job -> %SystemRoot%\tasks\At24.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At25.job -> %SystemRoot%\tasks\At25.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At26.job -> %SystemRoot%\tasks\At26.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At27.job -> %SystemRoot%\tasks\At27.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At28.job -> %SystemRoot%\tasks\At28.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At29.job -> %SystemRoot%\tasks\At29.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At3.job -> %SystemRoot%\tasks\At3.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:32 AM | Attr = ] At30.job -> %SystemRoot%\tasks\At30.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At31.job -> %SystemRoot%\tasks\At31.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At32.job -> %SystemRoot%\tasks\At32.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At33.job -> %SystemRoot%\tasks\At33.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At34.job -> %SystemRoot%\tasks\At34.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At35.job -> %SystemRoot%\tasks\At35.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At36.job -> %SystemRoot%\tasks\At36.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At37.job -> %SystemRoot%\tasks\At37.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At38.job -> %SystemRoot%\tasks\At38.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At39.job -> %SystemRoot%\tasks\At39.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At4.job -> %SystemRoot%\tasks\At4.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At40.job -> %SystemRoot%\tasks\At40.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At41.job -> %SystemRoot%\tasks\At41.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At42.job -> %SystemRoot%\tasks\At42.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At43.job -> %SystemRoot%\tasks\At43.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At44.job -> %SystemRoot%\tasks\At44.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At45.job -> %SystemRoot%\tasks\At45.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At46.job -> %SystemRoot%\tasks\At46.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At47.job -> %SystemRoot%\tasks\At47.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At48.job -> %SystemRoot%\tasks\At48.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:39:43 AM | Attr = ] At5.job -> %SystemRoot%\tasks\At5.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At6.job -> %SystemRoot%\tasks\At6.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At7.job -> %SystemRoot%\tasks\At7.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At8.job -> %SystemRoot%\tasks\At8.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] At9.job -> %SystemRoot%\tasks\At9.job -> [Ver = | Size = 350 bytes | Created Date = 8/15/2008 12:28:33 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 8/17/2008 7:30:36 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 8/17/2008 8:39:46 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 8/17/2008 7:40:35 PM | Attr = ] @Alternate Data Stream - 116 bytes -> %AllUsersProfile%\Application Data\TEMP:D1B5B4F1 @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 8/17/2008 8:39:24 PM | Attr = ] FOOD.xls -> %UserProfile%\My Documents\FOOD.xls -> [Ver = | Size = 17920 bytes | Created Date = 7/29/2008 4:07:16 PM | Attr = ] geri_halliwell--its_raining_men1.pdf -> %UserProfile%\My Documents\geri_halliwell--its_raining_men1.pdf -> [Ver = | Size = 1282412 bytes | Created Date = 8/1/2008 7:05:49 PM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 8/18/2008 11:23:38 AM | Attr = ] Bonjour Mme.doc -> %UserProfile%\Desktop\Bonjour Mme.doc -> [Ver = | Size = 19968 bytes | Created Date = 8/9/2008 7:38:36 PM | Attr = ] F08schedule.xls -> %UserProfile%\Desktop\F08schedule.xls -> [Ver = | Size = 15360 bytes | Created Date = 8/16/2008 12:35:47 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 8/17/2008 11:04:07 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 8/17/2008 10:51:46 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 8/18/2008 11:32:49 AM | Attr = ] 40 C:\Documents and Settings\Hayley Lorraine\Desktop\*.tmp files -> C:\Documents and Settings\Hayley Lorraine\Desktop\*.tmp -> OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 8/18/2008 11:28:00 AM | Attr = ] pic080108_2.jpg -> %UserProfile%\Desktop\pic080108_2.jpg -> [Ver = | Size = 43506 bytes | Created Date = 8/2/2008 12:57:10 AM | Attr = ] pic080108_3.jpg -> %UserProfile%\Desktop\pic080108_3.jpg -> [Ver = | Size = 45454 bytes | Created Date = 8/2/2008 12:56:55 AM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 8/17/2008 8:37:16 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 8/17/2008 7:30:36 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 8/17/2008 8:39:24 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 8/17/2008 11:04:03 PM | Attr = ] [Files/Folders - Modified Within 30 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/17/2008 9:38:23 PM | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 467775488 bytes | Modified Date = 8/18/2008 11:13:18 AM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/17/2008 11:04:03 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/17/2008 6:46:51 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/18/2008 11:16:45 AM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 8/17/2008 5:50:22 PM | Attr = ] 1Sksb4Er.exe -> %SystemRoot%\System32\1Sksb4Er.exe -> [Ver = | Size = 29760 bytes | Modified Date = 8/15/2008 12:27:54 AM | Attr = ] 1Sksb4Er.exe.a_a -> %SystemRoot%\System32\1Sksb4Er.exe.a_a -> [Ver = | Size = 0 bytes | Modified Date = 8/15/2008 12:28:33 AM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 8/18/2008 12:18:53 AM | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/18/2008 2:44:47 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/18/2008 11:13:15 AM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/18/2008 2:44:49 AM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 8/16/2008 12:32:39 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 61590 bytes | Modified Date = 8/17/2008 7:42:18 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 400090 bytes | Modified Date = 8/17/2008 7:42:18 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 467972 bytes | Modified Date = 8/17/2008 7:42:17 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/17/2008 6:46:51 PM | Attr = ] WdqiXO0x.exe -> %SystemRoot%\System32\WdqiXO0x.exe -> [Ver = | Size = 80898 bytes | Modified Date = 8/18/2008 2:12:28 AM | Attr = ] WdqiXO0x.exe.a_a -> %SystemRoot%\System32\WdqiXO0x.exe.a_a -> [Ver = | Size = 0 bytes | Modified Date = 8/15/2008 7:11:14 PM | Attr = ] WdqiXO0x.exe_ -> %SystemRoot%\System32\WdqiXO0x.exe_ -> [Ver = | Size = 80898 bytes | Modified Date = 8/18/2008 12:11:59 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 8/4/2008 10:47:32 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/18/2008 2:46:29 AM | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/18/2008 11:13:21 AM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 8/17/2008 7:23:50 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/18/2008 2:46:33 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/18/2008 2:46:40 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/17/2008 8:39:37 PM | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 8/17/2008 7:20:00 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/18/2008 11:24:08 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 8/17/2008 2:44:20 AM | Attr = H ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 8/17/2008 9:38:23 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/18/2008 11:13:15 AM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 8/15/2008 12:39:43 AM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/18/2008 11:24:03 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 8/17/2008 6:55:34 PM | Attr = ] At1.job -> %SystemRoot%\tasks\At1.job -> [Ver = | Size = 350 bytes | Modified Date = 8/18/2008 12:06:02 AM | Attr = ] At10.job -> %SystemRoot%\tasks\At10.job -> [Ver = | Size = 350 bytes | Modified Date = 8/15/2008 12:28:34 AM | Attr = ] At11.job -> %SystemRoot%\tasks\At11.job -> [Ver = | Size = 350 bytes | Modified Date = 8/15/2008 12:28:34 AM | Attr = ] At12.job -> %SystemRoot%\tasks\At12.job -> [Ver = | Size = 350 bytes | Modified Date = 8/15/2008 12:28:34 AM | Attr = ] At13.job -> %SystemRoot%\tasks\At13.job -> [Ver = | Size = 350 bytes | Modified Date = 8/16/2008 12:00:06 PM | Attr = ] At14.job -> %SystemRoot%\tasks\At14.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 1:00:04 PM | Attr = ] At15.job -> %SystemRoot%\tasks\At15.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 2:01:11 PM | Attr = ] At16.job -> %SystemRoot%\tasks\At16.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 3:00:11 PM | Attr = ] At17.job -> %SystemRoot%\tasks\At17.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 4:00:18 PM | Attr = ] At18.job -> %SystemRoot%\tasks\At18.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 5:00:18 PM | Attr = ] At19.job -> %SystemRoot%\tasks\At19.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 6:00:04 PM | Attr = ] At2.job -> %SystemRoot%\tasks\At2.job -> [Ver = | Size = 350 bytes | Modified Date = 8/18/2008 1:00:02 AM | Attr = ] At20.job -> %SystemRoot%\tasks\At20.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 7:00:03 PM | Attr = ] At21.job -> %SystemRoot%\tasks\At21.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 8:00:02 PM | Attr = ] At22.job -> %SystemRoot%\tasks\At22.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 9:00:16 PM | Attr = ] At23.job -> %SystemRoot%\tasks\At23.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 10:00:04 PM | Attr = ] At24.job -> %SystemRoot%\tasks\At24.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 11:00:04 PM | Attr = ] At25.job -> %SystemRoot%\tasks\At25.job -> [Ver = | Size = 350 bytes | Modified Date = 8/18/2008 12:22:13 AM | Attr = ] At26.job -> %SystemRoot%\tasks\At26.job -> [Ver = | Size = 350 bytes | Modified Date = 8/18/2008 11:13:23 AM | Attr = ] At27.job -> %SystemRoot%\tasks\At27.job -> [Ver = | Size = 350 bytes | Modified Date = 8/18/2008 2:00:21 AM | Attr = ] At28.job -> %SystemRoot%\tasks\At28.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 7:11:30 AM | Attr = ] At29.job -> %SystemRoot%\tasks\At29.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 4:00:24 AM | Attr = ] At3.job -> %SystemRoot%\tasks\At3.job -> [Ver = | Size = 350 bytes | Modified Date = 8/18/2008 2:00:03 AM | Attr = ] At30.job -> %SystemRoot%\tasks\At30.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 5:00:14 AM | Attr = ] At31.job -> %SystemRoot%\tasks\At31.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 6:00:21 AM | Attr = ] At32.job -> %SystemRoot%\tasks\At32.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 7:00:20 AM | Attr = ] At33.job -> %SystemRoot%\tasks\At33.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 8:00:00 AM | Attr = ] At34.job -> %SystemRoot%\tasks\At34.job -> [Ver = | Size = 350 bytes | Modified Date = 8/15/2008 12:39:44 AM | Attr = ] At35.job -> %SystemRoot%\tasks\At35.job -> [Ver = | Size = 350 bytes | Modified Date = 8/15/2008 12:39:44 AM | Attr = ] At36.job -> %SystemRoot%\tasks\At36.job -> [Ver = | Size = 350 bytes | Modified Date = 8/15/2008 12:39:44 AM | Attr = ] At37.job -> %SystemRoot%\tasks\At37.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 2:40:01 AM | Attr = ] At38.job -> %SystemRoot%\tasks\At38.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 4:19:31 PM | Attr = ] At39.job -> %SystemRoot%\tasks\At39.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 2:01:48 PM | Attr = ] At4.job -> %SystemRoot%\tasks\At4.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 3:00:04 AM | Attr = ] At40.job -> %SystemRoot%\tasks\At40.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 3:00:40 PM | Attr = ] At41.job -> %SystemRoot%\tasks\At41.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 4:00:46 PM | Attr = ] At42.job -> %SystemRoot%\tasks\At42.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 8:15:23 PM | Attr = ] At43.job -> %SystemRoot%\tasks\At43.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 6:00:15 PM | Attr = ] At44.job -> %SystemRoot%\tasks\At44.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 7:00:33 PM | Attr = ] At45.job -> %SystemRoot%\tasks\At45.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 8:00:12 PM | Attr = ] At46.job -> %SystemRoot%\tasks\At46.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 9:38:32 PM | Attr = ] At47.job -> %SystemRoot%\tasks\At47.job -> [Ver = | Size = 350 bytes | Modified Date = 8/18/2008 12:25:30 AM | Attr = ] At48.job -> %SystemRoot%\tasks\At48.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 11:00:33 PM | Attr = ] At5.job -> %SystemRoot%\tasks\At5.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 4:00:05 AM | Attr = ] At6.job -> %SystemRoot%\tasks\At6.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 5:00:02 AM | Attr = ] At7.job -> %SystemRoot%\tasks\At7.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 6:00:03 AM | Attr = ] At8.job -> %SystemRoot%\tasks\At8.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 7:00:02 AM | Attr = ] At9.job -> %SystemRoot%\tasks\At9.job -> [Ver = | Size = 350 bytes | Modified Date = 8/17/2008 8:00:00 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/18/2008 11:13:23 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 12/4/2006 11:34:18 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6770 bytes | Modified Date = 8/18/2008 11:15:07 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6770 bytes | Modified Date = 8/18/2008 11:15:06 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting -> [Folder | Modified Date = 12/4/2006 11:47:40 AM | Attr = ] GridLayout.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Small Business Accounting\GridLayout.dat -> [Ver = | Size = 101321 bytes | Modified Date = 7/25/2005 8:20:18 PM | Attr = ] C:\Documents and Settings\Hayley Lorraine\Local Settings\Temp\ -> C:\Documents and Settings\Hayley Lorraine\Local Settings\Temp -> [Folder | Modified Date = 8/18/2008 11:34:08 AM | Attr = ] DataCard_Setup.exe -> C:\Documents and Settings\Hayley Lorraine\Local Settings\Temp\DataCard_Setup.exe -> Huawei Technologies Co., Ltd. [Ver = 1, 0, 0, 12 | Size = 110592 bytes | Modified Date = 7/3/2007 4:04:18 PM | Attr = R ] First15.exe -> C:\Documents and Settings\Hayley Lorraine\Local Settings\Temp\First15.exe -> Macromedia, Inc. [Ver = 6,0,21,0 | Size = 1453843 bytes | Modified Date = 8/17/2004 10:14:06 PM | Attr = R ] ResetDevice.exe -> C:\Documents and Settings\Hayley Lorraine\Local Settings\Temp\ResetDevice.exe -> [Ver = | Size = 6144 bytes | Modified Date = 5/16/2007 1:31:10 PM | Attr = R ] VP6Install.exe -> C:\Documents and Settings\Hayley Lorraine\Local Settings\Temp\VP6Install.exe -> [Ver = | Size = 23040 bytes | Modified Date = 8/17/2004 10:14:36 PM | Attr = R ] C:\Documents and Settings\Hayley Lorraine\Local Settings\Temp\ -> C:\Documents and Settings\Hayley Lorraine\Local Settings\Temp -> [Folder | Modified Date = 8/18/2008 11:34:08 AM | Attr = ] VP6VFW.dll -> C:\Documents and Settings\Hayley Lorraine\Local Settings\Temp\VP6VFW.dll -> On2.com [Ver = 6,0,6,4 | Size = 442368 bytes | Modified Date = 8/17/2004 10:14:36 PM | Attr = R ] C:\Documents and Settings\Hayley Lorraine\Local Settings\Temp\ -> C:\Documents and Settings\Hayley Lorraine\Local Settings\Temp -> [Folder | Modified Date = 8/18/2008 11:34:08 AM | Attr = ] Perflib_Perfdata_ef8.dat -> C:\Documents and Settings\Hayley Lorraine\Local Settings\Temp\Perflib_Perfdata_ef8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/18/2008 11:16:58 AM | Attr = ] Perflib_Perfdata_f54.dat -> C:\Documents and Settings\Hayley Lorraine\Local Settings\Temp\Perflib_Perfdata_f54.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/18/2008 11:15:40 AM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 8/18/2008 11:24:03 AM | Attr = ] Perflib_Perfdata_b4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/18/2008 11:13:27 AM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 8/17/2008 7:30:36 PM | Attr = ] Skype -> %AllUsersProfile%\Application Data\Skype -> [Folder | Modified Date = 8/17/2008 1:03:33 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 8/17/2008 8:39:46 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 8/17/2008 10:48:07 PM | Attr = ] @Alternate Data Stream - 116 bytes -> %AllUsersProfile%\Application Data\TEMP:D1B5B4F1 @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 goombah -> %AppData%\goombah -> [Folder | Modified Date = 8/5/2008 3:38:06 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 8/17/2008 8:39:35 PM | Attr = S] Ruckus Network -> %AppData%\Ruckus Network -> [Folder | Modified Date = 8/17/2008 12:14:56 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 8/17/2008 8:39:24 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4811198 bytes | Modified Date = 8/17/2008 12:24:04 PM | Attr = H ] FOOD.xls -> %UserProfile%\My Documents\FOOD.xls -> [Ver = | Size = 17920 bytes | Modified Date = 7/29/2008 5:09:59 PM | Attr = ] FRANCE -> %UserProfile%\My Documents\FRANCE -> [Folder | Modified Date = 8/17/2008 7:23:37 PM | Attr = ] geri_halliwell--its_raining_men1.pdf -> %UserProfile%\My Documents\geri_halliwell--its_raining_men1.pdf -> [Ver = | Size = 1282412 bytes | Modified Date = 8/1/2008 7:05:49 PM | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 8/17/2008 12:16:24 PM | Attr = R ] Poetry -> %UserProfile%\My Documents\Poetry -> [Folder | Modified Date = 8/5/2008 10:57:19 PM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 8/18/2008 11:23:37 AM | Attr = ] Bonjour Mme.doc -> %UserProfile%\Desktop\Bonjour Mme.doc -> [Ver = | Size = 19968 bytes | Modified Date = 8/9/2008 7:38:43 PM | Attr = ] F08schedule.xls -> %UserProfile%\Desktop\F08schedule.xls -> [Ver = | Size = 15360 bytes | Modified Date = 8/16/2008 12:35:48 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 8/17/2008 11:04:07 PM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 8/17/2008 10:51:56 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 8/18/2008 11:33:53 AM | Attr = ] 40 C:\Documents and Settings\Hayley Lorraine\Desktop\*.tmp files -> C:\Documents and Settings\Hayley Lorraine\Desktop\*.tmp -> OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 8/18/2008 11:28:06 AM | Attr = ] pic080108_2.jpg -> %UserProfile%\Desktop\pic080108_2.jpg -> [Ver = | Size = 43506 bytes | Modified Date = 8/2/2008 12:57:09 AM | Attr = ] pic080108_3.jpg -> %UserProfile%\Desktop\pic080108_3.jpg -> [Ver = | Size = 45454 bytes | Modified Date = 8/2/2008 12:56:48 AM | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Modified Date = 8/17/2008 7:18:30 PM | Attr = ] xanga -> %UserProfile%\Desktop\xanga -> [Folder | Modified Date = 8/18/2008 12:15:04 AM | Attr = ] LogiShrd -> %CommonProgramFiles%\LogiShrd -> [Folder | Modified Date = 8/17/2008 6:57:17 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 8/17/2008 8:37:16 PM | Attr = ] < End of report > [/code]