[code] OTScanIt logfile created on: 22/08/2008 20:07:37 OTScanIt by OldTimer - Version 1.0.16.2 Folder = E:\Documents and Settings\Rob J\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.22% Memory free 3.85 Gb Paging File | 3.48 Gb Available in Paging File | 90.47% Paging File free Paging file location(s): E:\pagefile.sys 2046 4092; %SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files Drive C: | 114.49 Gb Total Space | 15.44 Gb Free Space | 13.49% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 232.88 Gb Total Space | 106.91 Gb Free Space | 45.91% Space Free | Partition Type: NTFS Drive F: | 279.47 Gb Total Space | 80.77 Gb Free Space | 28.90% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 3.84 Gb Total Space | 2.37 Gb Free Space | 61.76% Space Free | Partition Type: FAT32 Computer Name: ROB-8A9300D3A21 Current User Name: Rob J Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19/07/2008 15:25:06 | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19/07/2008 15:38:28 | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 22/07/2008 20:42:12 | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 15:17:08 | Attr = ] cmdagent.exe -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.19 | Size = 544512 bytes | Modified Date = 23/11/2007 21:38:47 | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7772 | Size = 127043 bytes | Modified Date = 26/07/2005 08:34:08 | Attr = ] videoacceleratorservice.exe -> %ProgramFiles%\SpeedBit Video Accelerator\VideoAcceleratorService.exe -> Speedbit Ltd. [Ver = 2, 2, 3, 0 | Size = 280184 bytes | Modified Date = 05/05/2008 15:59:58 | Attr = ] wlservice.exe -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 05/07/2005 01:46:04 | Attr = ] wmp54gv4.exe -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe -> Linksys [Ver = 1.0.2.7 | Size = 5210624 bytes | Modified Date = 18/01/2006 04:13:58 | Attr = ] calmain.exe -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 30/09/2005 20:22:50 | Attr = ] ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19/07/2008 15:38:04 | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23/07/2008 15:25:45 | Attr = ] videoacceleratorengine.exe -> %ProgramFiles%\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe -> Speedbit Ltd. [Ver = 2, 2, 3, 0 | Size = 153208 bytes | Modified Date = 05/05/2008 15:59:58 | Attr = ] soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 5.1.0.30 | Size = 73728 bytes | Modified Date = 27/10/2004 07:49:14 | Attr = ] cfp.exe -> %ProgramFiles%\Comodo\Firewall\cfp.exe -> COMODO [Ver = 1.0.0.1 | Size = 1481984 bytes | Modified Date = 23/11/2007 21:38:46 | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19/07/2008 15:38:34 | Attr = ] e_fati9ce.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATI9CE.EXE -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 98304 bytes | Modified Date = 09/04/2004 04:00:00 | Attr = ] moffice.exe -> %ProgramFiles%\Belkin Office Keyboard\MOffice.exe -> [Ver = 1, 0, 0, 1 | Size = 958464 bytes | Modified Date = 10/01/2008 00:12:08 | Attr = ] kbdap32a.exe -> %ProgramFiles%\Belkin Office Keyboard\KBDAP32A.EXE -> [Ver = 3.7.1.0 | Size = 385024 bytes | Modified Date = 10/01/2008 00:12:08 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 04:27:04 | Attr = ] videoaccelerator.exe -> %ProgramFiles%\SpeedBit Video Accelerator\VideoAccelerator.exe -> Speedbit Ltd. [Ver = 2, 2, 2, 5 | Size = 2729584 bytes | Modified Date = 05/05/2008 15:59:58 | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 30/07/2008 10:47:56 | Attr = ] teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 2083664 bytes | Modified Date = 07/10/2007 13:04:34 | Attr = ] idman.exe -> %ProgramFiles%\Internet Download Manager\IDMan.exe -> Tonec Inc. [Ver = 5.14.3.0 | Size = 2610608 bytes | Modified Date = 29/07/2008 15:18:04 | Attr = ] mouse32a.dat -> %ProgramFiles%\Belkin Office Keyboard\mouse32a.dat -> [Ver = 3.0.1.0 | Size = 360448 bytes | Modified Date = 10/01/2008 00:12:08 | Attr = ] iemonitor.exe -> %ProgramFiles%\Internet Download Manager\IEMonitor.exe -> Tonec Inc. [Ver = 5, 12, 8, 0 | Size = 251312 bytes | Modified Date = 18/02/2008 14:01:01 | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 30/07/2008 10:47:48 | Attr = ] e_famt9ce.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FAMT9CE.EXE -> SEIKO EPSON CORPORATION [Ver = 3.07 | Size = 110592 bytes | Modified Date = 03/03/2004 04:07:00 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12/07/2008 09:29:54 | Attr = ] [Win32 Services - Non-Microsoft Only] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 22/07/2008 20:42:12 | Attr = ] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 16056 bytes | Modified Date = 19/07/2008 15:25:06 | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 147640 bytes | Modified Date = 19/07/2008 15:38:28 | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 250040 bytes | Modified Date = 19/07/2008 15:38:04 | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1229, 0 | Size = 348344 bytes | Modified Date = 23/07/2008 15:25:45 | Attr = ] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 15:17:08 | Attr = ] (CCALib8) Canon Camera Access Library 8 [Win32_Own | Auto | Running] -> %ProgramFiles%\Canon\CAL\CALMAIN.exe -> Canon Inc. [Ver = 8, 1, 0, 14 | Size = 96341 bytes | Modified Date = 30/09/2005 20:22:50 | Attr = ] (cmdAgent) COMODO Firewall Pro Helper Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Comodo\Firewall\cmdagent.exe -> COMODO [Ver = 2.4.0.19 | Size = 544512 bytes | Modified Date = 23/11/2007 21:38:47 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 00:56:50 | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 30/07/2008 10:47:48 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.7772 | Size = 127043 bytes | Modified Date = 26/07/2005 08:34:08 | Attr = ] (VideoAcceleratorService) VideoAcceleratorService [Win32_Own | Auto | Running] -> %ProgramFiles%\SpeedBit Video Accelerator\VideoAcceleratorService.exe -> Speedbit Ltd. [Ver = 2, 2, 3, 0 | Size = 280184 bytes | Modified Date = 05/05/2008 15:59:58 | Attr = ] (WMP54Gv4SVC) WMP54Gv4SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 05/07/2005 01:46:04 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 22:16:38 | Attr = ] AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 10/07/2008 09:47:28 | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe [E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 78008 bytes | Modified Date = 19/07/2008 15:38:34 | Attr = ] COMODO Firewall Pro -> %ProgramFiles%\Comodo\Firewall\cfp.exe ["E:\Program Files\Comodo\Firewall\cfp.exe" -s] -> COMODO [Ver = 1.0.0.1 | Size = 1481984 bytes | Modified Date = 23/11/2007 21:38:46 | Attr = ] EPSON Stylus Photo RX420 Series -> %SystemRoot%\system32\spool\drivers\w32x86\3\E_FATI9CE.EXE [E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"] -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 98304 bytes | Modified Date = 09/04/2004 04:00:00 | Attr = ] FLMOFFICE4DMOUSE -> %ProgramFiles%\Belkin Office Keyboard\MOffice.exe [E:\Program Files\Belkin Office Keyboard\moffice.exe] -> [Ver = 1, 0, 0, 1 | Size = 958464 bytes | Modified Date = 10/01/2008 00:12:08 | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["E:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 30/07/2008 10:47:56 | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.7772 | Size = 6803456 bytes | Modified Date = 26/07/2005 08:33:52 | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.7772 | Size = 86016 bytes | Modified Date = 26/07/2005 08:34:00 | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> NVIDIA Corporation [Ver = 6.14.10.10525 | Size = 1519616 bytes | Modified Date = 26/07/2005 08:34:18 | Attr = ] OFFICEKB -> %ProgramFiles%\Belkin Office Keyboard\KBDAP32A.EXE [E:\Program Files\Belkin Office Keyboard\kbdap32a.exe] -> [Ver = 3.7.1.0 | Size = 385024 bytes | Modified Date = 10/01/2008 00:12:08 | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["E:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 27/05/2008 10:50:30 | Attr = ] SoundMan -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5.1.0.30 | Size = 73728 bytes | Modified Date = 27/10/2004 07:49:14 | Attr = ] SpeedBitVideoAccelerator -> %ProgramFiles%\SpeedBit Video Accelerator\VideoAccelerator.exe ["E:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"] -> Speedbit Ltd. [Ver = 2, 2, 2, 5 | Size = 2729584 bytes | Modified Date = 05/05/2008 15:59:58 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["E:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 04:27:04 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> IDMan -> %ProgramFiles%\Internet Download Manager\IDMan.exe [E:\Program Files\Internet Download Manager\IDMan.exe /onboot] -> Tonec Inc. [Ver = 5.14.3.0 | Size = 2610608 bytes | Modified Date = 29/07/2008 15:18:04 | Attr = ] SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 2083664 bytes | Modified Date = 07/10/2007 13:04:34 | Attr = ] < Run [HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\] > -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> IDMan -> %ProgramFiles%\Internet Download Manager\IDMan.exe [E:\Program Files\Internet Download Manager\IDMan.exe /onboot] -> Tonec Inc. [Ver = 5.14.3.0 | Size = 2610608 bytes | Modified Date = 29/07/2008 15:18:04 | Attr = ] SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 2083664 bytes | Modified Date = 07/10/2007 13:04:34 | Attr = ] < All Users Startup Folder > -> E:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> E:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Rob J Startup Folder > -> E:\Documents and Settings\Rob J\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> E:\WINDOWS\system32\guard32.dll -> %SystemRoot%\system32\guard32.dll -> [Ver = | Size = 139008 bytes | Modified Date = 23/11/2007 21:38:47 | Attr = ] *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 13/06/2007 11:23:07 | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> E:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 04/08/2004 00:56:52 | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 26/10/2007 04:34:01 | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003] > -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003] > -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 03/08/2004 22:59:54 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPHILIPS_DVDR1628P1______________________Q1.1____\4d44303135303332323037383639202020202020 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 23/02/2007 07:41:51 | Attr = ] < HOSTS File > (734 bytes) -> E:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> E:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR -> HKEY_CURRENT_USER\: Main\\Search Page -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: SearchURL\\ -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 11:28:40 | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\] > -> -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\: Main\\Local Page -> E:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\: Main\\Search Bar -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\: Main\\Search Page -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\: SearchURL\\ -> http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 11:28:40 | Attr = ] HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3499 domain(s) found. -> 26 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\] > -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3499 domain(s) found. -> 26 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\] > -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {0055C089-8582-441B-A0BF-17B458C2A3A8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Download Manager\IDMIECC.dll [IDMIEHlprObj Class] -> Tonec Inc. [Ver = 5, 14, 3, 0 | Size = 148912 bytes | Modified Date = 29/07/2008 15:15:26 | Attr = ] {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 11:28:40 | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 22/10/2006 23:08:42 | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 10 | Size = 1545040 bytes | Modified Date = 07/10/2007 13:04:24 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 04:27:02 | Attr = ] {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 10/02/2004 15:08:58 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 10/02/2004 15:08:58 | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 11:28:40 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 10/02/2004 15:08:58 | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 11:28:40 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\] > -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 10/02/2004 15:08:58 | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26/10/2006 11:28:40 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 10/06/2008 04:27:02 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 04:27:02 | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 10 | Size = 1545040 bytes | Modified Date = 07/10/2007 13:04:24 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 10 | Size = 1545040 bytes | Modified Date = 07/10/2007 13:04:24 | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found Download all links with IDM -> %ProgramFiles%\Internet Download Manager\IEGetAll.htm -> [Ver = | Size = 283 bytes | Modified Date = 20/10/2003 11:13:13 | Attr = ] Download FLV video content with IDM -> %ProgramFiles%\Internet Download Manager\IEGetVL.htm -> [Ver = | Size = 278 bytes | Modified Date = 02/07/2007 07:19:10 | Attr = ] Download with IDM -> %ProgramFiles%\Internet Download Manager\IEExt.htm -> [Ver = | Size = 277 bytes | Modified Date = 02/12/2004 17:31:09 | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\] > -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 10 | Size = 1545040 bytes | Modified Date = 07/10/2007 13:04:24 | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\] > -> HKEY_USERS\S-1-5-21-448539723-926492609-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Windows &Live Favorites -> -> File not found Download all links with IDM -> %ProgramFiles%\Internet Download Manager\IEGetAll.htm -> [Ver = | Size = 283 bytes | Modified Date = 20/10/2003 11:13:13 | Attr = ] Download FLV video content with IDM -> %ProgramFiles%\Internet Download Manager\IEGetVL.htm -> [Ver = | Size = 278 bytes | Modified Date = 02/07/2007 07:19:10 | Attr = ] Download with IDM -> %ProgramFiles%\Internet Download Manager\IEExt.htm -> [Ver = | Size = 277 bytes | Modified Date = 02/12/2004 17:31:09 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {7602F029-3FD6-4658-803C-E8EF489F0238} -> (Linksys Wireless-G PCI Adapter) -> {B53074E9-C1EF-4AD9-858A-734F76A7953A} -> (Sony Ericsson Device 117 USB Ethernet Emulation (NDIS 5)) -> {BA2EE6D2-46E7-4F6C-BE66-241697E4DAE4} -> (1394 Net Adapter) -> {DA54BC42-EF0B-463A-9C4D-7CA3B92ED8A3} -> (SiS 900-Based PCI Fast Ethernet Adapter) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 24/07/2007 15:17:08 | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> E:\Program Files\Yahoo!\Common\yinsthelper.dll[YInstStarter Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\E:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 00:56:44 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 18:49:30 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 00:56:44 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 15:21:15 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24/03/2006 05:37:50 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 736 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 00:56:46 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04/08/2004 00:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 05 96 DD 85 0A 94 34 C4 CB B4 5F A9 E2 BA 13 22 35 34 37 62 63 64 65 66 00 FD 07 00 4D 32 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 44 0A 1F B7 BC 87 7B F1 3F 8A C0 54 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 3D 4B A6 37 A0 1A C9 26 11 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 23 08 EB A2 33 B0 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 31/03/2003 13:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 18 82 CD 2F F7 61 6D EE 80 FC C1 4A 37 16 B7 BD [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 88 50 11 92 4A 2E C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 C6 58 87 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 6044 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 00:56:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 13:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\E:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 12:34:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\E:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02/10/2007 18:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 31/03/2008 16:03:21 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 13:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18/10/2007 12:34:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [E:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02/10/2007 18:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 24/07/2007 15:17:08 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.7.1.11 | Size = 20252968 bytes | Modified Date = 30/07/2008 10:47:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [E:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 00:56:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 05:39:49 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 04/08/2004 00:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [E:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 04/08/2004 00:56:58 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 26/07/2005 05:39:49 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 12/08/2008 11:22:14 | Attr = ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Created Date = 23/06/2008 00:17:41 | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Created Date = 23/06/2008 01:52:41 | Attr = H ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Created Date = 23/06/2008 16:20:12 | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Created Date = 23/06/2008 17:48:32 | Attr = H ] sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Created Date = 23/06/2008 18:57:29 | Attr = H ] sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Created Date = 23/06/2008 21:19:00 | Attr = H ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Created Date = 23/06/2008 22:16:08 | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Created Date = 24/06/2008 14:04:39 | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Created Date = 24/06/2008 17:26:36 | Attr = H ] sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Created Date = 24/06/2008 20:00:31 | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Created Date = 23/06/2008 00:17:41 | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Created Date = 23/06/2008 01:52:41 | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Created Date = 23/06/2008 16:20:12 | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Created Date = 23/06/2008 17:48:31 | Attr = H ] sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Created Date = 23/06/2008 18:57:29 | Attr = H ] sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Created Date = 23/06/2008 21:19:00 | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Created Date = 23/06/2008 22:16:08 | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Created Date = 24/06/2008 14:04:39 | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Created Date = 24/06/2008 17:26:36 | Attr = H ] sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Created Date = 24/06/2008 20:00:31 | Attr = H ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 12/08/2008 11:15:44 | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 12/08/2008 11:15:43 | Attr = ] DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 683520 bytes | Created Date = 31/05/2008 00:22:46 | Attr = ] divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 823296 bytes | Created Date = 31/05/2008 00:22:48 | Attr = ] divx_xx0a.dll -> %SystemRoot%\System32\divx_xx0a.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 815104 bytes | Created Date = 31/05/2008 00:22:46 | Attr = ] divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 823296 bytes | Created Date = 31/05/2008 00:22:48 | Attr = ] divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 802816 bytes | Created Date = 31/05/2008 00:22:48 | Attr = ] dpu10.dll -> %SystemRoot%\System32\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 31/05/2008 00:22:54 | Attr = ] dpu11.dll -> %SystemRoot%\System32\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 31/05/2008 00:22:54 | Attr = ] dpuGUI10.dll -> %SystemRoot%\System32\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 31/05/2008 00:22:58 | Attr = ] dpuGUI11.dll -> %SystemRoot%\System32\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 31/05/2008 00:22:54 | Attr = ] dpus11.dll -> %SystemRoot%\System32\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 31/05/2008 00:22:54 | Attr = ] dpv11.dll -> %SystemRoot%\System32\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 31/05/2008 00:22:54 | Attr = ] idmmbc.dll -> %SystemRoot%\System32\idmmbc.dll -> Tonec Inc. [Ver = 5, 14, 1, 0 | Size = 206256 bytes | Created Date = 29/07/2008 15:03:25 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 10/08/2008 13:02:37 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 10/08/2008 13:02:37 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 10/08/2008 13:02:37 | Attr = ] mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 18044 bytes | Created Date = 11/08/2008 23:43:48 | Attr = H ] NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Created Date = 17/07/2008 15:14:18 | Attr = ] 7 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.5 (861) | Size = 57344 bytes | Created Date = 27/05/2008 10:50:34 | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.5 (861) | Size = 90112 bytes | Created Date = 27/05/2008 10:50:34 | Attr = ] Cache -> %SystemRoot%\Cache -> [Folder | Created Date = 02/07/2008 16:35:22 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 12/08/2008 11:22:31 | Attr = ] UKCpInfo.sys -> %SystemRoot%\UKCpInfo.sys -> [Ver = | Size = 31 bytes | Created Date = 02/07/2008 16:35:21 | Attr = H ] WindowsShellUK.Manifest -> %SystemRoot%\WindowsShellUK.Manifest -> [Ver = | Size = 82 bytes | Created Date = 02/07/2008 16:35:21 | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 12/08/2008 11:15:42 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 12/08/2008 11:15:47 | Attr = ] CV.doc -> %UserProfile%\My Documents\CV.doc -> [Ver = | Size = 38912 bytes | Created Date = 02/07/2008 23:34:45 | Attr = ] esssential program links.doc -> %UserProfile%\My Documents\esssential program links.doc -> [Ver = | Size = 118272 bytes | Created Date = 05/08/2008 18:55:05 | Attr = ] EXCEL RECRUITMENT LTD.doc -> %UserProfile%\My Documents\EXCEL RECRUITMENT LTD.doc -> [Ver = | Size = 189952 bytes | Created Date = 08/07/2008 11:38:36 | Attr = ] kasperspy.html -> %UserProfile%\My Documents\kasperspy.html -> [Ver = | Size = 2961 bytes | Created Date = 12/08/2008 22:37:04 | Attr = ] My Albums -> %UserProfile%\My Documents\My Albums -> [Folder | Created Date = 03/08/2008 19:37:17 | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 1804 bytes | Created Date = 03/08/2008 00:08:02 | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Created Date = 25/07/2008 00:47:12 | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Created Date = 20/07/2008 16:05:47 | Attr = ] Sony Ericsson PC Suite 3.2.lnk -> %AllUsersProfile%\Desktop\Sony Ericsson PC Suite 3.2.lnk -> [Ver = | Size = 1745 bytes | Created Date = 15/07/2008 12:17:22 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 20/08/2008 20:00:35 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 22/08/2008 20:05:22 | Attr = ] Bonjour -> %ProgramFiles%\Bonjour -> [Folder | Created Date = 20/07/2008 16:06:14 | Attr = ] Coupon Printer -> %ProgramFiles%\Coupon Printer -> [Folder | Created Date = 02/07/2008 16:35:21 | Attr = ] iPod -> %ProgramFiles%\iPod -> [Folder | Created Date = 03/08/2008 00:07:36 | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 12/08/2008 11:15:42 | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 20/08/2008 20:00:35 | Attr = ] [Files/Folders - Modified Within 90 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 13/08/2008 20:41:47 | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 12/08/2008 11:22:14 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 20/08/2008 20:00:35 | Attr = R ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 23/06/2008 00:17:41 | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 23/06/2008 01:52:41 | Attr = H ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 23/06/2008 16:20:12 | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 23/06/2008 17:48:32 | Attr = H ] sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 23/06/2008 18:57:29 | Attr = H ] sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 23/06/2008 21:19:00 | Attr = H ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 23/06/2008 22:16:08 | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 24/06/2008 14:04:39 | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Modified Date = 24/06/2008 17:26:36 | Attr = H ] sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 24/06/2008 20:00:31 | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 23/06/2008 00:17:41 | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 23/06/2008 01:52:41 | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 23/06/2008 16:20:12 | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 23/06/2008 17:48:31 | Attr = H ] sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 23/06/2008 18:57:29 | Attr = H ] sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 23/06/2008 21:19:00 | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 23/06/2008 22:16:08 | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 24/06/2008 14:04:39 | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 24/06/2008 17:26:36 | Attr = H ] sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 24/06/2008 20:00:31 | Attr = H ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 22/08/2008 20:02:03 | Attr = ] aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 26944 bytes | Modified Date = 19/07/2008 15:32:15 | Attr = ] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 20560 bytes | Modified Date = 19/07/2008 15:37:42 | Attr = ] aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 94416 bytes | Modified Date = 19/07/2008 15:37:21 | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 23152 bytes | Modified Date = 19/07/2008 15:33:42 | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 78416 bytes | Modified Date = 19/07/2008 15:35:18 | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1227.0 | Size = 42912 bytes | Modified Date = 19/07/2008 15:32:36 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 16/07/2008 17:01:46 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 30/07/2008 20:07:52 | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 30/07/2008 20:07:56 | Attr = ] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 1163960 bytes | Modified Date = 19/07/2008 15:43:08 | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 8, 1227, 0 | Size = 94392 bytes | Modified Date = 19/07/2008 15:30:53 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 22/08/2008 19:46:55 | Attr = ] 7 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 29/07/2008 20:10:35 | Attr = ] DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 683520 bytes | Modified Date = 31/05/2008 00:22:46 | Attr = ] divxdec.ax -> %SystemRoot%\System32\divxdec.ax -> DivX, Inc. [Ver = 6.3.0.63 | Size = 630784 bytes | Modified Date = 31/05/2008 00:22:40 | Attr = ] divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 823296 bytes | Modified Date = 31/05/2008 00:22:48 | Attr = ] divx_xx0a.dll -> %SystemRoot%\System32\divx_xx0a.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 815104 bytes | Modified Date = 31/05/2008 00:22:46 | Attr = ] divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 823296 bytes | Modified Date = 31/05/2008 00:22:48 | Attr = ] divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 802816 bytes | Modified Date = 31/05/2008 00:22:48 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 22/08/2008 18:09:55 | Attr = RHS] dpu10.dll -> %SystemRoot%\System32\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 31/05/2008 00:22:54 | Attr = ] dpu11.dll -> %SystemRoot%\System32\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 31/05/2008 00:22:54 | Attr = ] dpuGUI10.dll -> %SystemRoot%\System32\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Modified Date = 31/05/2008 00:22:58 | Attr = ] dpuGUI11.dll -> %SystemRoot%\System32\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Modified Date = 31/05/2008 00:22:54 | Attr = ] dpus11.dll -> %SystemRoot%\System32\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Modified Date = 31/05/2008 00:22:54 | Attr = ] dpv11.dll -> %SystemRoot%\System32\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Modified Date = 31/05/2008 00:22:54 | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 12/08/2008 11:15:44 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 20/07/2008 16:03:44 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 110992 bytes | Modified Date = 15/07/2008 14:26:14 | Attr = ] idmmbc.dll -> %SystemRoot%\System32\idmmbc.dll -> Tonec Inc. [Ver = 5, 14, 1, 0 | Size = 206256 bytes | Modified Date = 09/07/2008 15:34:12 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 10/06/2008 01:21:01 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Modified Date = 10/06/2008 02:32:34 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 10/06/2008 01:21:04 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Modified Date = 10/06/2008 02:32:34 | Attr = ] mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 18044 bytes | Modified Date = 11/08/2008 23:43:48 | Attr = H ] NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Modified Date = 17/07/2008 15:15:03 | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 26682 bytes | Modified Date = 22/08/2008 20:02:09 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 64518 bytes | Modified Date = 15/07/2008 12:22:18 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 409122 bytes | Modified Date = 15/07/2008 12:22:18 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 478516 bytes | Modified Date = 15/07/2008 12:22:18 | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.5 (861) | Size = 57344 bytes | Modified Date = 27/05/2008 10:50:34 | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.5 (861) | Size = 90112 bytes | Modified Date = 27/05/2008 10:50:34 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 15/07/2008 12:22:18 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 22/08/2008 20:02:06 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 13/08/2008 20:42:02 | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 22/08/2008 20:00:23 | Attr = S] Cache -> %SystemRoot%\Cache -> [Folder | Modified Date = 02/07/2008 16:35:22 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 15/08/2008 16:31:13 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 12/08/2008 11:22:31 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 15/07/2008 12:19:51 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 21/08/2008 18:28:17 | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 13/08/2008 20:41:01 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 22/08/2008 18:11:05 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 13/08/2008 20:41:47 | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 15/08/2008 16:31:11 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 2075 bytes | Modified Date = 28/06/2008 19:14:27 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 22/08/2008 20:03:25 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 20/07/2008 13:33:50 | Attr = H ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 22/08/2008 20:03:15 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 13/07/2008 13:31:29 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 22/08/2008 20:03:18 | Attr = ] UKCpInfo.sys -> %SystemRoot%\UKCpInfo.sys -> [Ver = | Size = 31 bytes | Modified Date = 02/07/2008 16:35:21 | Attr = H ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 497 bytes | Modified Date = 13/08/2008 20:39:37 | Attr = ] WindowsShellUK.Manifest -> %SystemRoot%\WindowsShellUK.Manifest -> [Ver = | Size = 82 bytes | Modified Date = 02/07/2008 16:35:21 | Attr = H ] 1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 390 bytes | Modified Date = 25/07/2008 17:15:00 | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 13/07/2008 13:31:29 | Attr = ] Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 256 bytes | Modified Date = 22/08/2008 18:56:00 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 22/08/2008 20:00:29 | Attr = H ] E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 24/11/2007 01:54:59 | Attr = ] qmgr0.dat -> E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 7976 bytes | Modified Date = 21/08/2008 18:29:46 | Attr = ] qmgr1.dat -> E:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 9266 bytes | Modified Date = 21/08/2008 18:29:08 | Attr = ] E:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> E:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 23/11/2007 22:39:28 | Attr = ] opa11.dat -> E:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11110 bytes | Modified Date = 23/11/2007 22:39:35 | Attr = ] E:\WINDOWS\Temp\ -> E:\WINDOWS\Temp -> [Folder | Modified Date = 22/08/2008 20:03:18 | Attr = ] Perflib_Perfdata_5c4.dat -> E:\WINDOWS\Temp\Perflib_Perfdata_5c4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 18/08/2008 23:07:28 | Attr = ] Perflib_Perfdata_5d8.dat -> E:\WINDOWS\Temp\Perflib_Perfdata_5d8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 22/08/2008 20:00:30 | Attr = ] 6 E:\WINDOWS\Temp\*.tmp files -> E:\WINDOWS\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 12/08/2008 11:15:42 | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 17/07/2008 15:14:17 | Attr = S] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 15/08/2008 16:31:44 | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 11/08/2008 17:33:03 | Attr = ] @Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34 DMCache -> %AppData%\DMCache -> [Folder | Modified Date = 22/08/2008 20:02:14 | Attr = ] IDM -> %AppData%\IDM -> [Folder | Modified Date = 04/08/2008 18:04:35 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 12/08/2008 11:15:47 | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 25/07/2008 00:47:17 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 25/07/2008 01:12:48 | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Modified Date = 21/07/2008 02:34:48 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 16896 bytes | Modified Date = 17/08/2008 16:51:37 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 17792 bytes | Modified Date = 20/07/2008 17:24:28 | Attr = ] Last.fm -> %UserProfile%\Local Settings\Application Data\Last.fm -> [Folder | Modified Date = 22/08/2008 18:58:16 | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 17/07/2008 15:14:17 | Attr = ] Converted Videos -> %UserProfile%\My Documents\Converted Videos -> [Folder | Modified Date = 07/07/2008 15:07:55 | Attr = ] CV.doc -> %UserProfile%\My Documents\CV.doc -> [Ver = | Size = 38912 bytes | Modified Date = 04/07/2008 17:08:05 | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 01/08/2008 22:48:33 | Attr = ] esssential program links.doc -> %UserProfile%\My Documents\esssential program links.doc -> [Ver = | Size = 118272 bytes | Modified Date = 05/08/2008 18:55:06 | Attr = ] EXCEL RECRUITMENT LTD.doc -> %UserProfile%\My Documents\EXCEL RECRUITMENT LTD.doc -> [Ver = | Size = 189952 bytes | Modified Date = 08/07/2008 11:38:27 | Attr = ] kasperspy.html -> %UserProfile%\My Documents\kasperspy.html -> [Ver = | Size = 2961 bytes | Modified Date = 12/08/2008 22:37:04 | Attr = ] My Albums -> %UserProfile%\My Documents\My Albums -> [Folder | Modified Date = 03/08/2008 19:37:17 | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 03/08/2008 19:56:09 | Attr = R ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 16/07/2008 23:55:00 | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 565 bytes | Modified Date = 22/08/2008 18:13:39 | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 25/07/2008 17:34:04 | Attr = R ] Programs -> %UserProfile%\My Documents\Programs -> [Folder | Modified Date = 20/08/2008 20:00:30 | Attr = ] Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 225280 bytes | Modified Date = 15/07/2008 12:15:29 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable uni -> %UserProfile%\My Documents\uni -> [Folder | Modified Date = 07/06/2008 02:10:57 | Attr = ] DivX Player.lnk -> %AllUsersProfile%\Desktop\DivX Player.lnk -> [Ver = | Size = 795 bytes | Modified Date = 15/06/2008 18:19:55 | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 1804 bytes | Modified Date = 03/08/2008 00:08:02 | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Modified Date = 25/07/2008 00:47:12 | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Modified Date = 20/07/2008 16:05:47 | Attr = ] Sony Ericsson PC Suite 3.2.lnk -> %AllUsersProfile%\Desktop\Sony Ericsson PC Suite 3.2.lnk -> [Ver = | Size = 1745 bytes | Modified Date = 15/07/2008 12:17:22 | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 20/08/2008 20:00:35 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 22/08/2008 20:05:22 | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 15/07/2008 12:19:23 | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]