[code] OTScanIt logfile created on: 25/08/2008 8:13:25 AM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\HP_Owner\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 503.30 Mb Total Physical Memory | 212.93 Mb Available Physical Memory | 42.31% Memory free 1.19 Gb Paging File | 0.97 Gb Available in Paging File | 81.05% Paging File free Paging file location(s): C:\pagefile.sys 756 1512; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 178.70 Gb Total Space | 134.06 Gb Free Space | 75.02% Space Free | Partition Type: NTFS Drive D: | 7.59 Gb Total Space | 2.17 Gb Free Space | 28.55% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 989.73 Mb Total Space | 820.11 Mb Free Space | 82.86% Space Free | Partition Type: FAT I: Drive not present or media not loaded Computer Name: YOUR-4F1261A8E5 Current User Name: HP_Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] hpsysdrv.exe -> %SystemRoot%\system\hpsysdrv.exe -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 07/05/1998 4:04:38 PM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.3943 | Size = 126976 bytes | Modified Date = 02/11/2004 3:59:42 PM | Attr = ] agrsmmsg.exe -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 29/06/2004 5:06:38 PM | Attr = ] kbd.exe -> %SystemDrive%\hp\KBD\kbd.exe -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 11/02/2003 7:02:48 PM | Attr = ] soundman.exe -> %SystemRoot%\SOUNDMAN.EXE -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 14 | Size = 77824 bytes | Modified Date = 13/10/2004 9:01:50 PM | Attr = ] alcwzrd.exe -> %SystemRoot%\ALCWZRD.EXE -> RealTek Semicoductor Corp. [Ver = 1.1.0.14 | Size = 2742272 bytes | Modified Date = 13/10/2004 11:17:06 PM | Attr = ] alcmtr.exe -> %SystemRoot%\ALCMTR.EXE -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 13/10/2004 11:00:10 PM | Attr = ] lsburnwatcher.exe -> %SystemDrive%\hp\drivers\hplsbwatcher\LSBurnWatcher.exe -> Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 14/10/2004 9:54:32 PM | Attr = ] pwrisovm.exe -> %ProgramFiles%\PowerISO\PWRISOVM.EXE -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 200704 bytes | Modified Date = 06/08/2007 5:05:46 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 12, 0, 0 | Size = 106496 bytes | Modified Date = 28/06/2007 4:06:52 AM | Attr = ] avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -> Kaspersky Lab [Ver = 8.0.0.454 | Size = 206088 bytes | Modified Date = 29/07/2008 8:20:28 PM | Attr = ] reader_sl.exe -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 11:16:38 PM | Attr = ] avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -> Kaspersky Lab [Ver = 8.0.0.454 | Size = 206088 bytes | Modified Date = 29/07/2008 8:20:28 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 4:27:04 AM | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [Ver = 1.0.13.1 | Size = 38912 bytes | Modified Date = 23/09/2004 6:30:48 PM | Attr = ] logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 08/01/2008 2:32:33 PM | Attr = ] setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.24.99 | Size = 784912 bytes | Modified Date = 15/11/2007 11:12:04 AM | Attr = ] khalmnpr.exe -> %CommonProgramFiles%\Logishrd\KHAL2\KHALMNPR.exe -> Logitech, Inc. [Ver = 4.24.28 | Size = 55824 bytes | Modified Date = 15/11/2007 11:08:26 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12/07/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 24/02/2007 8:48:14 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 12, 0, 0 | Size = 106496 bytes | Modified Date = 28/06/2007 4:06:52 AM | Attr = ] (AVP) Kaspersky Internet Security [Win32_Own | Auto | Running] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe -> Kaspersky Lab [Ver = 8.0.0.454 | Size = 206088 bytes | Modified Date = 29/07/2008 8:20:28 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 11:00:00 AM | Attr = ] (LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Logitech\Bluetooth\LBTServ.exe -> Logitech, Inc. [Ver = 4.24.99 | Size = 121360 bytes | Modified Date = 15/11/2007 11:09:42 AM | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [Ver = 1.0.13.1 | Size = 38912 bytes | Modified Date = 23/09/2004 6:30:48 PM | Attr = ] (rpcapd) Remote Packet Capture Protocol v.0 (experimental) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WinPcap\rpcapd.exe -> CACE Technologies [Ver = 4.0.0.755 | Size = 93048 bytes | Modified Date = 25/01/2007 10:31:34 AM | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 03/08/2008 10:07:13 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 11/01/2008 11:16:38 PM | Attr = ] AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe [AGRSMMSG.exe] -> Agere Systems [Ver = 2.1.41.10 2.1.41.10 06/29/2004 09:06:35 | Size = 88363 bytes | Modified Date = 29/06/2004 5:06:38 PM | Attr = ] Alcmtr -> %SystemRoot%\ALCMTR.EXE [ALCMTR.EXE] -> Realtek Semiconductor Corp. [Ver = 1.5 | Size = 57344 bytes | Modified Date = 13/10/2004 11:00:10 PM | Attr = ] AlcWzrd -> %SystemRoot%\ALCWZRD.EXE [ALCWZRD.EXE] -> RealTek Semicoductor Corp. [Ver = 1.1.0.14 | Size = 2742272 bytes | Modified Date = 13/10/2004 11:17:06 PM | Attr = ] AutoTBar -> %ProgramFiles%\HP\Digital Imaging\bin\AUTOTBAR.EXE [c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE] -> File not found AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe ["C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"] -> Kaspersky Lab [Ver = 8.0.0.454 | Size = 206088 bytes | Modified Date = 29/07/2008 8:20:28 PM | Attr = ] High Definition Audio Property Page Shortcut -> %SystemRoot%\system32\Hdaudpropshortcut.exe [HDAudPropShortcut.exe] -> Windows (R) Server 2003 DDK provider [Ver = 5.10.00.5010 built by: WinDDK | Size = 61952 bytes | Modified Date = 18/03/2004 12:10:40 AM | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.3943 | Size = 126976 bytes | Modified Date = 02/11/2004 3:59:42 PM | Attr = ] hpsysdrv -> %SystemRoot%\system\hpsysdrv.exe [c:\windows\system\hpsysdrv.exe] -> Hewlett-Packard Company [Ver = 1, 7, 0, 0 | Size = 52736 bytes | Modified Date = 07/05/1998 4:04:38 PM | Attr = ] KBD -> %SystemDrive%\hp\KBD\kbd.exe [C:\HP\KBD\KBD.EXE] -> Hewlett-Packard Company [Ver = 1.0.2.0 | Size = 61440 bytes | Modified Date = 11/02/2003 7:02:48 PM | Attr = ] Logitech Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> Logitech, Inc. [Ver = 4.24.28 | Size = 55824 bytes | Modified Date = 21/09/2007 4:10:12 AM | Attr = ] LSBWatcher -> %SystemDrive%\hp\drivers\hplsbwatcher\LSBurnWatcher.exe [c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe] -> Hewlett-Packard Company [Ver = 4, 10, 14, 0 | Size = 253952 bytes | Modified Date = 14/10/2004 9:54:32 PM | Attr = ] OPSE reminder -> %ProgramFiles%\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe ["C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"] -> File not found PS2 -> %SystemRoot%\system32\ps2.exe [C:\WINDOWS\system32\ps2.exe] -> File not found PWRISOVM.EXE -> %ProgramFiles%\PowerISO\PWRISOVM.EXE [C:\Program Files\PowerISO\PWRISOVM.EXE] -> PowerISO Computing, Inc. [Ver = 3, 8, 0, 0 | Size = 200704 bytes | Modified Date = 06/08/2007 5:05:46 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 27/05/2008 10:50:30 AM | Attr = ] Recguard -> %SystemRoot%\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [Ver = 5, 0, 44, 2 | Size = 233472 bytes | Modified Date = 14/04/2004 8:43:46 PM | Attr = ] SoundMan -> %SystemRoot%\SOUNDMAN.EXE [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 1, 0, 0, 14 | Size = 77824 bytes | Modified Date = 13/10/2004 9:01:50 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe [C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 10/06/2008 4:27:04 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 08/01/2008 2:32:33 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.24.99 | Size = 784912 bytes | Modified Date = 15/11/2007 11:12:04 AM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < HP_Owner Startup Folder > -> C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 04/11/1999 4:06:48 PM | Attr = ] %UserProfile%\Start Menu\Programs\Startup\Last.fm Helper.lnk -> %ProgramFiles%\Last.fm\LastFMHelper.exe -> File not found < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll -> Kaspersky Lab [Ver = 8.0.0.454 | Size = 79112 bytes | Modified Date = 29/07/2008 8:22:08 PM | Attr = ] C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll -> Kaspersky Lab [Ver = 8.0.0.454 | Size = 79112 bytes | Modified Date = 29/07/2008 8:22:12 PM | Attr = ] C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll -> Kaspersky Lab [Ver = 8.0.0.454 | Size = 83208 bytes | Modified Date = 29/07/2008 8:20:58 PM | Attr = ] C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll -> Kaspersky Lab [Ver = 8.0.0.454 | Size = 11016 bytes | Modified Date = 29/07/2008 8:21:40 PM | Attr = ] *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 13/06/2007 3:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 04/08/2004 11:00:00 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 04/08/2004 11:00:00 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 25/10/2007 8:34:01 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 04/08/2004 11:00:00 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009] > -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3943 | Size = 348160 bytes | Modified Date = 02/11/2004 3:59:20 PM | Attr = ] klogon -> %SystemRoot%\system32\klogon.dll -> Kaspersky Lab [Ver = 8.0.0.454 | Size = 218376 bytes | Modified Date = 29/07/2008 8:21:42 PM | Attr = ] LBTWlgn -> %CommonProgramFiles%\Logitech\Bluetooth\LBTWLgn.dll -> Logitech, Inc. [Ver = 4.24.99 | Size = 72208 bytes | Modified Date = 15/11/2007 11:10:16 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowLegacyWebView -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\AllowUnhashedWebView -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 28 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 91 00 00 00 [binary data] -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 91 00 00 00 [binary data] -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009] > -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 03/08/2004 9:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHP_DVD_Writer_640b______________________E152____\5&2a6b0538&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomASUS_CD-S480/A5_________________________0.99____\5&2a6b0538&0&0.1.0 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 50 bytes | Modified Date = 17/02/2005 1:05:32 AM | Attr = ] AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 27/07/2001 2:07:38 PM | Attr = HS] Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [Ver = | Size = 53 bytes | Modified Date = 30/04/2004 6:01:14 AM | Attr = HS] < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q105&bd=pavilion&pf=desktop -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=desktop -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q105&bd=pavilion&pf=desktop -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.ca/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage/ -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage/ -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage/ -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://securityresponse.symantec.com/avcenter/fix_homepage/ -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\] > -> -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_CA&c=Q105&bd=pavilion&pf=desktop -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\: Main\\Start Page -> http://www.google.ca/ -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1948 domain(s) found. -> 103 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1948 domain(s) found. -> 103 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1948 domain(s) found. -> 103 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1948 domain(s) found. -> 103 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\] > -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\] > -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 70 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 23/10/2006 12:08:42 AM | Attr = ] {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [IEVkbdBHO Class] -> Kaspersky Lab [Ver = 8.0.0.454 | Size = 62728 bytes | Modified Date = 29/07/2008 8:21:34 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 10/06/2008 4:27:02 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\] > -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll [Web traffic protection statistics] -> Kaspersky Lab [Ver = 8.0.0.454 | Size = 222472 bytes | Modified Date = 29/07/2008 8:22:28 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Banner Ad Blocker -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm -> [Ver = | Size = 1411 bytes | Modified Date = 29/07/2008 8:08:28 PM | Attr = ] E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MI1933~1\Office12\EXCEL.EXE -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\] > -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\] > -> HKEY_USERS\S-1-5-21-1544402576-937499710-3583683347-1009\Software\Microsoft\Internet Explorer\MenuExt\ -> Add to Banner Ad Blocker -> %ProgramFiles%\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm -> [Ver = | Size = 1411 bytes | Modified Date = 29/07/2008 8:08:28 PM | Attr = ] E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MI1933~1\Office12\EXCEL.EXE -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {091C7F34-F6B3-4E6E-9734-6A3EEE411482} -> (1394 Net Adapter) -> {6B299F75-C1CB-4C21-B1A8-600D08F46AB0} -> () -> {B46EE69F-E4FA-4EB1-B969-447CCAD86696} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 08/01/2008 2:32:33 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 01/02/2008 5:22:12 PM | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {31435657-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab[Reg Error: Key does not exist or could not be opened.] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://by141fd.bay141.hotmail.msn.com/resources/MsnPUpld.cab[MSN Photo Upload Tool] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165106907130[WUWebControl Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1165107405802[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\.Owner -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> N -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 11:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 10:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 11:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 7:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 23/03/2006 9:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1112 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 11:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04/08/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 14 0A 47 F2 D0 F9 9C BB E1 DE FD BE 2D A2 65 91 66 66 32 32 35 61 62 65 00 00 00 00 B5 5F 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 8C 38 D8 92 CE 8B 22 06 DB DE 61 FF [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 03 38 FC 24 DD 56 A7 51 AB [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> D3 84 EE 86 DA 1D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> B8 80 38 87 13 7D 38 CB 9A 5F E4 B2 E7 62 64 E5 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 36 CE 27 BF 50 03 C9 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 50 FB DB 4C 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 50 FB DB 4C 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 50 FB DB 4C 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 5240 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%ProgramFiles%\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> %ProgramFiles%\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 4:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 08/01/2008 2:32:33 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe -> %ProgramFiles%\Updates from HP\309731\Program\Updates from HP.exe [C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion] -> Hewlett-Packard [Ver = 6,3, 2, 1 | Size = 45056 bytes | Modified Date = 17/02/2005 12:37:06 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> %ProgramFiles%\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> %ProgramFiles%\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 19/01/2007 12:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 04/01/2007 4:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 08/01/2008 2:32:33 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.6.0.248 | Size = 21898024 bytes | Modified Date = 01/02/2008 5:22:12 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\13382:TCP -> 13382:TCP:*:Enabled:BitComet 13382 TCP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\13382:UDP -> 13382:UDP:*:Enabled:BitComet 13382 UDP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 4422688 bytes | Created Date = 20/08/2008 5:00:39 PM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 35632 bytes | Created Date = 20/08/2008 5:00:39 PM | Attr = HS] fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 622624 bytes | Created Date = 20/08/2008 5:00:39 PM | Attr = HS] fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 3208 bytes | Created Date = 20/08/2008 5:00:39 PM | Attr = HS] kl1.sys -> %SystemRoot%\System32\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.2.35.0 | Size = 121872 bytes | Created Date = 21/07/2008 6:34:36 PM | Attr = ] klick.dat -> %SystemRoot%\System32\drivers\klick.dat -> [Ver = | Size = 87855 bytes | Created Date = 20/08/2008 5:03:30 PM | Attr = ] klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 8.1.0.100 | Size = 213008 bytes | Created Date = 20/08/2008 5:00:18 PM | Attr = ] klin.dat -> %SystemRoot%\System32\drivers\klin.dat -> [Ver = | Size = 96976 bytes | Created Date = 20/08/2008 5:03:30 PM | Attr = ] klopp.dat -> %SystemRoot%\System32\drivers\klopp.dat -> [Ver = | Size = 24774 bytes | Created Date = 29/07/2008 8:20:00 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 11/08/2008 11:09:42 AM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 11/08/2008 11:09:42 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 20/08/2008 7:58:55 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Created Date = 20/08/2008 10:08:52 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 20/08/2008 7:58:55 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 20/08/2008 10:08:51 PM | Attr = ] klogon.dll -> %SystemRoot%\System32\klogon.dll -> Kaspersky Lab [Ver = 8.0.0.454 | Size = 218376 bytes | Created Date = 29/07/2008 8:21:42 PM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.5 (861) | Size = 57344 bytes | Created Date = 27/05/2008 10:50:34 AM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.5 (861) | Size = 90112 bytes | Created Date = 27/05/2008 10:50:34 AM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 20/08/2008 7:41:36 PM | Attr = ] SDMsgUpdate (SD).job -> %SystemRoot%\tasks\SDMsgUpdate (SD).job -> [Ver = | Size = 468 bytes | Created Date = 14/08/2008 3:13:55 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 20/08/2008 5:00:39 PM | Attr = ] Kaspersky Lab Setup Files -> %AllUsersProfile%\Application Data\Kaspersky Lab Setup Files -> [Folder | Created Date = 20/08/2008 2:21:34 PM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 06/08/2008 5:49:12 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 11/08/2008 11:09:41 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 11/08/2008 11:09:46 AM | Attr = ] SmartDraw -> %AppData%\SmartDraw -> [Folder | Created Date = 14/08/2008 3:15:53 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1615 bytes | Created Date = 20/08/2008 7:55:19 PM | Attr = ] 1.jpg -> %UserProfile%\Desktop\1.jpg -> [Ver = | Size = 1239324 bytes | Created Date = 16/06/2008 8:49:27 AM | Attr = ] 4.5Stars.jpg -> %UserProfile%\Desktop\4.5Stars.jpg -> [Ver = | Size = 3634 bytes | Created Date = 19/07/2008 9:59:00 AM | Attr = ] Hotels in Singapore.docx -> %UserProfile%\Desktop\Hotels in Singapore.docx -> [Ver = | Size = 12458 bytes | Created Date = 22/08/2008 2:08:37 PM | Attr = ] Kaspersky Internet Security 2009.lnk -> %UserProfile%\Desktop\Kaspersky Internet Security 2009.lnk -> [Ver = | Size = 988 bytes | Created Date = 20/08/2008 5:10:35 PM | Attr = ] MagicISO.lnk -> %UserProfile%\Desktop\MagicISO.lnk -> [Ver = | Size = 1497 bytes | Created Date = 14/08/2008 3:01:50 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 25/08/2008 8:12:10 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 25/08/2008 8:10:42 AM | Attr = ] Residence5.jpg -> %UserProfile%\Desktop\Residence5.jpg -> [Ver = | Size = 1230417 bytes | Created Date = 16/06/2008 8:51:42 AM | Attr = ] Scanned Stuff YORK SEND MONDAY -> %UserProfile%\Desktop\Scanned Stuff YORK SEND MONDAY -> [Folder | Created Date = 14/06/2008 1:33:52 PM | Attr = ] SmartDraw 2008.lnk -> %UserProfile%\Desktop\SmartDraw 2008.lnk -> [Ver = | Size = 740 bytes | Created Date = 14/08/2008 3:10:49 PM | Attr = ] Untitled-1.jpg -> %UserProfile%\Desktop\Untitled-1.jpg -> [Ver = | Size = 87353 bytes | Created Date = 16/08/2008 12:11:06 PM | Attr = ] DESIGNER -> %CommonProgramFiles%\DESIGNER -> [Folder | Created Date = 07/08/2008 2:33:14 PM | Attr = ] CCleaner -> %ProgramFiles%\CCleaner -> [Folder | Created Date = 06/08/2008 5:36:32 PM | Attr = ] Kaspersky Lab -> %ProgramFiles%\Kaspersky Lab -> [Folder | Created Date = 20/08/2008 5:00:39 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 11/08/2008 11:09:40 AM | Attr = ] Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight -> [Folder | Created Date = 20/08/2008 8:07:38 PM | Attr = ] QuickTime -> %ProgramFiles%\QuickTime -> [Folder | Created Date = 20/08/2008 7:54:54 PM | Attr = ] SmartDraw 2008 -> %ProgramFiles%\SmartDraw 2008 -> [Folder | Created Date = 14/08/2008 3:08:50 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 19/08/2008 7:38:02 PM | Attr = ] [Files/Folders - Modified Within 90 days] BJPrinter -> %SystemDrive%\BJPrinter -> [Folder | Modified Date = 29/06/2008 4:07:41 PM | Attr = H ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 22/08/2008 2:21:58 AM | Attr = H ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 20/08/2008 10:46:00 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 527814656 bytes | Modified Date = 25/08/2008 8:09:36 AM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 20/08/2008 10:56:18 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 20/08/2008 5:07:52 PM | Attr = ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 4422688 bytes | Modified Date = 25/08/2008 12:40:09 AM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 35632 bytes | Modified Date = 25/08/2008 12:40:09 AM | Attr = HS] fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 622624 bytes | Modified Date = 25/08/2008 12:40:09 AM | Attr = HS] fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 3208 bytes | Modified Date = 25/08/2008 12:40:09 AM | Attr = HS] kl1.sys -> %SystemRoot%\System32\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.2.35.0 | Size = 121872 bytes | Modified Date = 21/07/2008 6:34:36 PM | Attr = ] klick.dat -> %SystemRoot%\System32\drivers\klick.dat -> [Ver = | Size = 87855 bytes | Modified Date = 20/08/2008 5:03:30 PM | Attr = ] klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> Kaspersky Lab [Ver = 8.1.0.100 | Size = 213008 bytes | Modified Date = 20/08/2008 5:00:18 PM | Attr = ] klin.dat -> %SystemRoot%\System32\drivers\klin.dat -> [Ver = | Size = 96976 bytes | Modified Date = 20/08/2008 5:10:58 PM | Attr = ] klopp.dat -> %SystemRoot%\System32\drivers\klopp.dat -> [Ver = | Size = 24774 bytes | Modified Date = 29/07/2008 8:20:00 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 30/07/2008 8:07:52 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 30/07/2008 8:07:56 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 20/08/2008 4:48:42 PM | Attr = ] 7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 24/08/2008 5:47:17 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 23/06/2008 7:59:19 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 20/08/2008 5:10:58 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 320824 bytes | Modified Date = 17/08/2008 10:24:20 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 10/06/2008 1:21:01 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Modified Date = 10/06/2008 2:32:34 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 10/06/2008 1:21:04 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Modified Date = 10/06/2008 2:32:34 AM | Attr = ] klogon.dll -> %SystemRoot%\System32\klogon.dll -> Kaspersky Lab [Ver = 8.0.0.454 | Size = 218376 bytes | Modified Date = 29/07/2008 8:21:42 PM | Attr = ] QuickTime.qts -> %SystemRoot%\System32\QuickTime.qts -> Apple Inc. [Ver = 7.5 (861) | Size = 57344 bytes | Modified Date = 27/05/2008 10:50:34 AM | Attr = ] QuickTimeVR.qtx -> %SystemRoot%\System32\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.5 (861) | Size = 90112 bytes | Modified Date = 27/05/2008 10:50:34 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 25/08/2008 8:10:17 AM | Attr = ] hpsysdrv.dat -> %SystemRoot%\System\hpsysdrv.dat -> [Ver = | Size = 248 bytes | Modified Date = 25/08/2008 8:09:48 AM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 23/06/2008 7:59:14 PM | Attr = H ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 20/08/2008 8:03:49 PM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 25/08/2008 8:09:37 AM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 06/08/2008 9:12:51 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 07/08/2008 2:33:04 PM | Attr = R S] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 20/08/2008 5:03:12 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 22/08/2008 2:21:57 AM | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 25/08/2008 8:12:11 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 20/08/2008 5:42:04 PM | Attr = H ] SHELLNEW -> %SystemRoot%\SHELLNEW -> [Folder | Modified Date = 20/08/2008 8:01:09 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 23/08/2008 9:53:42 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 20/08/2008 7:41:36 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 25/08/2008 8:11:06 AM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 717 bytes | Modified Date = 23/06/2008 7:54:52 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 07/08/2008 2:33:53 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 21/08/2008 1:39:09 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 25/08/2008 8:09:41 AM | Attr = H ] SDMsgUpdate (SD).job -> %SystemRoot%\tasks\SDMsgUpdate (SD).job -> [Ver = | Size = 468 bytes | Modified Date = 25/08/2008 8:10:14 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 15/04/2007 10:21:27 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6760 bytes | Modified Date = 25/08/2008 8:10:47 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6760 bytes | Modified Date = 25/08/2008 8:10:47 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 20/08/2008 8:03:30 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat -> [Ver = | Size = 3804 bytes | Modified Date = 15/02/2007 8:26:20 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11146 bytes | Modified Date = 03/07/2007 2:36:35 PM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8464 bytes | Modified Date = 16/08/2008 11:55:02 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 05/01/2008 1:33:46 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/12/2006 8:53:50 AM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp -> [Folder | Modified Date = 25/08/2008 8:09:52 AM | Attr = ] hpzmsi01.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\hpzmsi01.exe -> Hewlett-Packard [Ver = 4,0,0,80 | Size = 1056768 bytes | Modified Date = 16/11/2004 9:08:56 PM | Attr = ] hpzscr01.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\hpzscr01.exe -> Hewlett-Packard [Ver = 4,0,0,80 | Size = 757760 bytes | Modified Date = 16/11/2004 9:14:04 PM | Attr = ] Install_Messenger.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\Install_Messenger.exe -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 18895728 bytes | Modified Date = 19/01/2007 3:54:17 PM | Attr = ] Install_WLMessenger.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\Install_WLMessenger.exe -> Microsoft Corporation [Ver = 12.0.1471.1025 | Size = 20222992 bytes | Modified Date = 27/10/2007 9:46:44 PM | Attr = ] iTunesPluginWinSetup_2.0.10.0.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\iTunesPluginWinSetup_2.0.10.0.exe -> Last.fm [Ver = 0.9.10.0 | Size = 364257 bytes | Modified Date = 21/01/2007 3:35:51 PM | Attr = ] iTunesPluginWinSetup_2.0.11.0.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\iTunesPluginWinSetup_2.0.11.0.exe -> Last.fm [Ver = 0.9.11.0 | Size = 375489 bytes | Modified Date = 08/04/2007 11:40:27 AM | Attr = ] iTunesPluginWinSetup_2.0.13.0.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\iTunesPluginWinSetup_2.0.13.0.exe -> Last.fm [Ver = 1.1.0.0 | Size = 359986 bytes | Modified Date = 21/12/2007 7:21:25 PM | Attr = ] Last.fm-1.4.1.57486.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\Last.fm-1.4.1.57486.exe -> Last.fm [Ver = 1.4.4 | Size = 5681403 bytes | Modified Date = 21/12/2007 7:21:24 PM | Attr = ] Last.fm-1.4.2.58376.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\Last.fm-1.4.2.58376.exe -> Last.fm [Ver = 1.4.4 | Size = 5545630 bytes | Modified Date = 05/01/2008 2:08:09 PM | Attr = ] LastFM_Win_1.1.3.0.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\LastFM_Win_1.1.3.0.exe -> Last.fm [Ver = 1.1.1 | Size = 3782589 bytes | Modified Date = 02/02/2007 11:11:00 AM | Attr = ] LastFM_Win_1.3.0.62.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\LastFM_Win_1.3.0.62.exe -> Last.fm [Ver = 1.3.3 | Size = 4102635 bytes | Modified Date = 28/06/2007 12:07:00 PM | Attr = ] LastFM_Win_1.3.1.1.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\LastFM_Win_1.3.1.1.exe -> Last.fm [Ver = 1.3.4 | Size = 4090448 bytes | Modified Date = 10/07/2007 2:11:56 PM | Attr = ] MsgPlusUninstall.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\MsgPlusUninstall.exe -> Patchou [Ver = 4, 20, 0, 262 | Size = 775768 bytes | Modified Date = 28/02/2007 10:19:54 PM | Attr = ] setpointenu.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\setpointenu.exe -> Logitech Inc. [Ver = 3.3 | Size = 56826856 bytes | Modified Date = 15/07/2008 7:28:15 AM | Attr = ] setup_wm.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\setup_wm.exe -> Microsoft Corporation [Ver = 10.00.00.3646 | Size = 819200 bytes | Modified Date = 11/08/2004 9:45:04 AM | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 143360 bytes | Modified Date = 17/02/2006 3:55:46 PM | Attr = ] 348 C:\Documents and Settings\HP_Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\DRDld\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\DRDld -> [Folder | Modified Date = 07/06/2007 8:57:24 PM | Attr = ] ipod-movie-converter.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\DRDld\ipod-movie-converter.exe -> [Ver = | Size = 3014656 bytes | Modified Date = 07/06/2007 8:58:04 PM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\ins1.tmp\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\ins1.tmp\ -> [Folder | Modified Date = 08/01/2008 2:32:44 PM | Attr = ] LDMClient.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\ins1.tmp\LDMClient.exe -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 4244292 bytes | Modified Date = 23/01/2007 12:03:14 PM | Attr = R ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\iSproggler-1.0.1\iSproggler\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\iSproggler-1.0.1\iSproggler -> [Folder | Modified Date = 16/05/2007 5:27:16 PM | Attr = ] iSproggler.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\iSproggler-1.0.1\iSproggler\iSproggler.exe -> [Ver = 1.0.1 | Size = 17258366 bytes | Modified Date = 09/04/2007 5:34:06 PM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\jkos-HP_Owner\binaries\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\jkos-HP_Owner\binaries -> [Folder | Modified Date = 20/08/2008 1:02:49 PM | Attr = ] ScanningProcess.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\jkos-HP_Owner\binaries\ScanningProcess.exe -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 20/08/2008 1:02:46 PM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\Nero7.tmp\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\Nero7.tmp\ -> [Folder | Modified Date = 18/02/2007 2:00:38 AM | Attr = ] SetupX.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\Nero7.tmp\SetupX.exe -> Nero AG [Ver = 1,0,0,19 | Size = 892928 bytes | Modified Date = 30/10/2005 12:31:02 PM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\Nero7.tmp\Redist\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\Nero7.tmp\Redist -> [Folder | Modified Date = 18/02/2007 2:00:36 AM | Attr = ] 50comupd.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\Nero7.tmp\Redist\50comupd.exe -> Microsoft Corporation [Ver = 5.00.2516.1900 | Size = 509984 bytes | Modified Date = 18/12/2002 12:43:16 PM | Attr = ] instmsia.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\Nero7.tmp\Redist\instmsia.exe -> Microsoft Corporation [Ver = 2.0.2600.2 | Size = 1708856 bytes | Modified Date = 11/03/2002 3:45:02 PM | Attr = ] instmsiw.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\Nero7.tmp\Redist\instmsiw.exe -> Microsoft Corporation [Ver = 2.0.2600.2 | Size = 1822520 bytes | Modified Date = 11/03/2002 9:06:30 AM | Attr = ] ShFolder.Exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\Nero7.tmp\Redist\ShFolder.Exe -> Microsoft Corporation [Ver = 5.50.4027.300 | Size = 117288 bytes | Modified Date = 23/01/2001 12:13:28 PM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\Nero7.tmp\setup\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\Nero7.tmp\setup -> [Folder | Modified Date = 18/02/2007 2:00:38 AM | Attr = ] NeroDelTmp.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\Nero7.tmp\setup\NeroDelTmp.exe -> [Ver = 1, 0, 0, 1 | Size = 131072 bytes | Modified Date = 29/10/2005 11:30:26 PM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\ -> [Folder | Modified Date = 03/08/2008 2:55:54 PM | Attr = ] CDStart.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\CDStart.exe -> Symantec Corporation [Ver = 15.5.0.23 | Size = 233848 bytes | Modified Date = 07/02/2008 11:20:52 AM | Attr = ] Setup.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup.exe -> Symantec Corporation [Ver = 15.5.0.23 | Size = 2576248 bytes | Modified Date = 07/02/2008 11:21:02 AM | Attr = ] Stub.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Stub.exe -> Symantec Corporation [Ver = 4.5.0.27 | Size = 778080 bytes | Modified Date = 07/02/2008 2:06:26 AM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NAV\External\CommonFi\COH32\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NAV\External\CommonFi\COH32 -> [Folder | Modified Date = 03/08/2008 2:55:48 PM | Attr = ] COH32.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NAV\External\CommonFi\COH32\COH32.exe -> Symantec Corporation [Ver = 6.1.4.12 | Size = 1250656 bytes | Modified Date = 18/01/2008 6:43:28 PM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NAV\External\CommonFi\COH64\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NAV\External\CommonFi\COH64 -> [Folder | Modified Date = 03/08/2008 2:55:48 PM | Attr = ] COH64.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NAV\External\CommonFi\COH64\COH64.exe -> Symantec Corporation [Ver = 6.1.4.12 | Size = 1996336 bytes | Modified Date = 18/01/2008 6:58:48 PM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NAV\External\CommonFi\SYMSHARE\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NAV\External\CommonFi\SYMSHARE -> [Folder | Modified Date = 03/08/2008 2:55:54 PM | Attr = ] SMNLnch.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NAV\External\CommonFi\SYMSHARE\SMNLnch.exe -> Symantec Corporation [Ver = 3.1.0.17 | Size = 476816 bytes | Modified Date = 15/06/2007 10:03:54 PM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NAV\External\NORTON\APP\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NAV\External\NORTON\APP -> [Folder | Modified Date = 03/08/2008 2:55:51 PM | Attr = ] NavShcom.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NAV\External\NORTON\APP\NavShcom.exe -> Symantec Corporation [Ver = 15.5.0.23 | Size = 129896 bytes | Modified Date = 07/02/2008 7:05:04 AM | Attr = ] Navw32.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NAV\External\NORTON\APP\Navw32.exe -> Symantec Corporation [Ver = 15.5.0.23 | Size = 251752 bytes | Modified Date = 07/02/2008 7:05:12 AM | Attr = ] Navwnt.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NAV\External\NORTON\APP\Navwnt.exe -> Symantec Corporation [Ver = 15.5.0.23 | Size = 61288 bytes | Modified Date = 07/02/2008 7:05:16 AM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NCO\NCO\APP\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NCO\NCO\APP -> [Folder | Modified Date = 03/08/2008 2:55:49 PM | Attr = ] COExport.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NCO\NCO\APP\COExport.exe -> Symantec Corporation [Ver = 2008.2.5.32 | Size = 378224 bytes | Modified Date = 06/02/2008 9:05:36 PM | Attr = ] coVisPrx.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NCO\NCO\APP\coVisPrx.exe -> Symantec Corporation [Ver = 2008.2.5.32 | Size = 95600 bytes | Modified Date = 06/02/2008 9:05:08 PM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NCO\NCO\SYMSHARE\COL\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NCO\NCO\SYMSHARE\COL -> [Folder | Modified Date = 03/08/2008 2:55:49 PM | Attr = ] COLUpdtr.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\NCO\NCO\SYMSHARE\COL\COLUpdtr.exe -> Symantec Corporation [Ver = 2007.1.1.1009 | Size = 288088 bytes | Modified Date = 29/11/2007 5:15:06 PM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup -> [Folder | Modified Date = 06/08/2008 9:12:47 PM | Attr = ] FWCfg.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup\FWCfg.exe -> Symantec Corporation [Ver = 3.5.0.12 | Size = 31576 bytes | Modified Date = 25/01/2008 4:57:36 PM | Attr = ] sshelper.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup\sshelper.exe -> Symantec Corporation [Ver = 6.9.2260.0 | Size = 71056 bytes | Modified Date = 30/07/2007 4:54:34 PM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup\App\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup\App -> [Folder | Modified Date = 06/08/2008 9:12:47 PM | Attr = ] nisoptui.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup\App\nisoptui.exe -> Symantec Corporation [Ver = 15.5.0.32 | Size = 121712 bytes | Modified Date = 06/02/2008 11:50:06 PM | Attr = ] nmapapp.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup\App\nmapapp.exe -> Symantec Corporation [Ver = 15.5.0.32 | Size = 276848 bytes | Modified Date = 06/02/2008 11:49:38 PM | Attr = ] osCheck.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup\App\osCheck.exe -> Symantec Corporation [Ver = 15.5.0.32 | Size = 718704 bytes | Modified Date = 06/02/2008 11:49:38 PM | Attr = ] WSCStub.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup\App\WSCStub.exe -> Symantec Corporation [Ver = 15.5.0.32 | Size = 86160 bytes | Modified Date = 07/02/2008 12:55:44 AM | Attr = ] C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup\OPC\ -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup\OPC -> [Folder | Modified Date = 03/08/2008 2:55:54 PM | Attr = ] cltUAC.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup\OPC\cltUAC.exe -> Symantec Corporation [Ver = 8.1.0.27 | Size = 423304 bytes | Modified Date = 30/01/2008 7:14:56 PM | Attr = ] cltUIStb.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup\OPC\cltUIStb.exe -> Symantec Corporation [Ver = 8.1.0.27 | Size = 439688 bytes | Modified Date = 30/01/2008 7:15:00 PM | Attr = ] SSAutoRN.exe -> C:\Documents and Settings\HP_Owner\Local Settings\Temp\NIS15.5.0.23\Setup\Setup\OPC\SSAutoRN.exe -> Symantec Corporation [Ver = 8.1.0.27 | Size = 533896 bytes | Modified Date = 30/01/2008 7:14:00 PM | Attr = ]