[code] OTScanIt logfile created on: 10/13/2008 8:45:02 PM OTScanIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\HP_Administrator\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 958.48 Mb Total Physical Memory | 526.14 Mb Available Physical Memory | 54.89% Memory free 2.26 Gb Paging File | 1.62 Gb Available in Paging File | 71.62% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 177.45 Gb Total Space | 137.65 Gb Free Space | 77.57% Space Free | Partition Type: NTFS Drive D: | 8.84 Gb Total Space | 0.55 Gb Free Space | 6.28% Space Free | Partition Type: FAT32 Drive E: | 26.27 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: STUART Current User Name: HP_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On [Processes - Non-Microsoft Only] arservice.exe -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/3/2005 1:19:16 AM | Attr = ] arpwrmsg.exe -> %SystemRoot%\arpwrmsg.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/3/2005 1:19:16 AM | Attr = ] discover.exe -> %ProgramFiles%\DISC\DISCover.exe -> Digital Interactive Systems Corporation [Ver = 3.43.97.1031 | Size = 1095256 bytes | Modified Date = 10/30/2007 9:57:54 PM | Attr = ] manager.exe -> %SystemRoot%\system32\drivers\setup\manager.exe -> [Ver = | Size = 28672 bytes | Modified Date = 9/1/2007 3:23:28 AM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 5/28/2008 10:33:34 AM | Attr = ] irc.exe -> %SystemRoot%\system32\drivers\setup\irc\irc.exe -> [Ver = | Size = 24576 bytes | Modified Date = 9/5/2007 3:18:28 AM | Attr = ] discstreamhub.exe -> %ProgramFiles%\DISC\DiscStreamHub.exe -> Digital Interactive Systems Corporation, Inc. [Ver = 3.43.97.1031 | Size = 75352 bytes | Modified Date = 10/30/2007 9:57:56 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/3/2005 1:19:16 AM | Attr = ] [Driver Services - Non-Microsoft Only] (AmdK8) AMD Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> Advanced Micro Devices [Ver = 1.2.2 (dnsrv(wmbla).050120-1444) | Size = 36352 bytes | Modified Date = 3/9/2005 4:53:00 PM | Attr = ] (ftsata2) ftsata2 [Kernel | Boot | Stopped] -> %SystemRoot%\system32\DRIVERS\ftsata2.sys -> File not found (intelppm) Intel Processor Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\DRIVERS\intelppm.sys -> File not found (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 4:31:34 PM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1010 | Size = 8944 bytes | Modified Date = 5/28/2008 10:33:36 AM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1004 | Size = 7408 bytes | Modified Date = 5/28/2008 10:33:38 AM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> SUPERAdBlocker.com and SUPERAntiSpyware.com [Ver = 1, 0, 0, 1062 | Size = 55024 bytes | Modified Date = 5/28/2008 10:33:36 AM | Attr = ] (SYMIDSCO) SYMIDSCO [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20080813.001\symidsco.sys -> File not found (TPkd) TPkd [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\TPkd.sys -> PACE Anti-Piracy, Inc. [Ver = 5.8.3.3162 | Size = 86528 bytes | Modified Date = 6/5/2008 9:50:12 AM | Attr = ] (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\usbaapl.sys -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AlwaysReady Power Message APP -> %SystemRoot%\arpwrmsg.exe [ARPWRMSG.EXE] -> Microsoft [Ver = 6.0.0160.0 | Size = 77312 bytes | Modified Date = 8/3/2005 1:19:16 AM | Attr = ] c810868e -> %SystemRoot%\system32\lqmqfoig.dll [rundll32.exe "C:\WINDOWS\system32\lqmqfoig.dll",b] -> [Ver = | Size = 75264 bytes | Modified Date = 10/13/2008 6:57:28 PM | Attr = ] DISCover -> %ProgramFiles%\DISC\DISCover.exe [C:\Program Files\DISC\DISCover.exe nogui] -> Digital Interactive Systems Corporation [Ver = 3.43.97.1031 | Size = 1095256 bytes | Modified Date = 10/30/2007 9:57:54 PM | Attr = ] DMAScheduler -> %ProgramFiles%\HP DigitalMedia Archive\DMAScheduler.exe ["c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"] -> Sonic Solutions [Ver = 1.0.0.1 | Size = 90112 bytes | Modified Date = 4/13/2006 11:05:00 AM | Attr = ] ftutil2 -> %SystemRoot%\system32\ftutil2.dll [rundll32.exe ftutil2.dll,SetWriteCacheMode] -> Promise Technology, Inc. [Ver = 1.00.0.3 | Size = 106496 bytes | Modified Date = 6/7/2004 4:05:38 PM | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 4:24:20 PM | Attr = ] HPBootOp -> %ProgramFiles%\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> Hewlett-Packard Company [Ver = 3, 0, 0, 0 | Size = 249856 bytes | Modified Date = 2/16/2006 12:34:58 AM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.5.0.20 | Size = 267048 bytes | Modified Date = 12/11/2007 1:10:26 PM | Attr = ] manager -> %SystemRoot%\system32\drivers\setup\manager.exe ["C:\Windows\System32\drivers\setup\manager.exe"] -> [Ver = | Size = 28672 bytes | Modified Date = 9/1/2007 3:23:28 AM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [Ver = | Size = 1622016 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5.5 (990.7) | Size = 413696 bytes | Modified Date = 9/6/2008 3:09:14 PM | Attr = ] Recguard -> %SystemRoot%\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [Ver = 6, 0, 54, 0 | Size = 237568 bytes | Modified Date = 7/23/2005 12:14:00 AM | Attr = ] Reminder -> %SystemRoot%\CREATOR\Remind_XP.exe ["C:\Windows\Creator\Remind_XP.exe"] -> SoftThinks [Ver = 6, 0, 52, 2 | Size = 663552 bytes | Modified Date = 12/14/2004 4:23:44 AM | Attr = ] RTHDCPL -> %SystemRoot%\RTHDCPL.EXE [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.0.7.0 | Size = 16239616 bytes | Modified Date = 6/13/2006 10:05:26 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 7/31/2006 6:16:22 PM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 4:17:26 PM | Attr = ] manager -> %SystemRoot%\system32\drivers\setup\manager.exe ["C:\Windows\System32\drivers\setup\manager.exe"] -> [Ver = | Size = 28672 bytes | Modified Date = 9/1/2007 3:23:28 AM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 5/28/2008 10:33:34 AM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> oodwas.dll -> %SystemRoot%\system32\oodwas.dll -> [Ver = | Size = 110592 bytes | Modified Date = 10/13/2008 6:54:45 PM | Attr = ] *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 5/13/2008 10:13:36 AM | Attr = ] {DBB302CA-CAC4-46C1-8584-B80802CB53F8} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRLdEVM.dll [] -> [Ver = | Size = 45056 bytes | Modified Date = 10/7/2008 12:06:47 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 10:34:01 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 1:41:36 PM | Attr = ] rqRLdEVM -> %SystemRoot%\system32\rqRLdEVM.dll -> [Ver = | Size = 45056 bytes | Modified Date = 10/7/2008 12:06:47 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> < CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> < Drives with AutoRun files > -> -> AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 100 bytes | Modified Date = 7/31/2006 6:30:27 PM | Attr = ] AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 7/27/2001 8:07:38 AM | Attr = HS] < HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: URLSearchHooks\\{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [] -> Ask.com [Ver = 1, 1, 0, 1 | Size = 66912 bytes | Modified Date = 10/6/2008 11:51:28 PM | Attr = ] HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 4, 26, 1 | Size = 438848 bytes | Modified Date = 4/27/2006 12:19:50 AM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> trymedia.com .[http] -> Trusted sites -> trymedia.com .[https] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {00FE3D3F-BD5E-4789-9654-C511E9CC107f} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ugtjieru.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 155648 bytes | Modified Date = 10/7/2008 12:13:10 AM | Attr = ] {0136DAF4-FE96-46E9-B8F0-0BDEEE428E85} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ugtjieru.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 155648 bytes | Modified Date = 10/7/2008 12:13:10 AM | Attr = ] {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 4, 26, 1 | Size = 438848 bytes | Modified Date = 4/27/2006 12:19:50 AM | Attr = ] {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {8BC9BBF6-93F7-46EB-AF4A-7032C8DB7805} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\awturrPJ.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 250880 bytes | Modified Date = 10/7/2008 12:11:54 AM | Attr = ] {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> Hewlett-Packard [Ver = 1.0.0.1 | Size = 208896 bytes | Modified Date = 7/31/2006 6:41:26 PM | Attr = ] {DBB302CA-CAC4-46C1-8584-B80802CB53F8} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\rqRLdEVM.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 45056 bytes | Modified Date = 10/7/2008 12:06:47 AM | Attr = ] {f3f5ee1d-4c47-405a-8915-6a0d805845d5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\oodwas.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 110592 bytes | Modified Date = 10/13/2008 6:54:45 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 1:41:13 PM | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 4, 26, 1 | Size = 438848 bytes | Modified Date = 4/27/2006 12:19:50 AM | Attr = ] {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskSBar\bar\1.bin\ASKSBAR.DLL [Ask Toolbar] -> Ask.com [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 10/6/2008 11:51:25 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 1:41:13 PM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 4, 26, 1 | Size = 438848 bytes | Modified Date = 4/27/2006 12:19:50 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {3369AF0D-62E9-4bda-8103-B4C75499B578}:{DE9C389F-3316-41A7-809B-AA305ED9D922} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 1:41:13 PM | Attr = ] {E2D4D26B-0180-43a4-B05F-462D6D54C789}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Internet Connection Help] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] CmdMapping\\{3369AF0D-62E9-4bda-8103-B4C75499B578} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AOL\AOL Toolbar 2.0\aoltb.dll [AOL Toolbar] -> America Online, Inc. [Ver = 2.0.4239.61 | Size = 524288 bytes | Modified Date = 8/2/2005 1:41:13 PM | Attr = ] CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Internet Connection Help] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar Search -> %ProgramFiles%\AOL\AOL Toolbar 2.0\resources\en-us\local\search.html -> [Ver = | Size = 747 bytes | Modified Date = 6/9/2005 3:01:38 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {892900FC-9814-4488-99C0-81491C1EE93D} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) -> {B9B13A1C-B808-4DF4-A802-128B8263D0E9} -> (1394 Net Adapter) -> {D09A2618-9335-4994-A197-981495D84DDE} -> (NVIDIA nForce Networking Controller) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1219969440714&h=3185895a7f168e20623fe61368a2b063/&filename=jinstall-6u7-windows-i586-jc.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\au\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] C:\WINDOWS\system32\awturrPJ -> %SystemRoot%\system32\awturrPJ.dll -> [Ver = | Size = 250880 bytes | Modified Date = 10/7/2008 12:11:54 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 792 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 1C DC 9B 2F 38 AA 4D 29 3F 24 CC 52 4C 3E A2 4D 64 38 33 31 66 32 33 33 00 00 00 00 48 6C 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 9E 2D 1B E7 84 C3 31 E7 D9 ED 0A D8 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 08 28 E1 76 44 78 F3 78 84 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 14 00 8F 89 D7 FF [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 72 93 6B 4E B1 2B CE FC AE 78 BD EC 2F 8C 62 CB [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> B6 BA FC 3A DA FA C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 60 DB 8F D1 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 20 B8 81 8E 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 60 DB 8F D1 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\DISCover Drop & Play System - TCP -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\DISC\DISCover.exe|Name=DISCover Drop & Play System|AutoGenIPsec=FALSE|Edge=FALSE| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\DISCover Stream Hub - TCP -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\DISC\DiscStreamHub.exe|Name=DISCover Stream Hub|AutoGenIPsec=FALSE|Edge=FALSE| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\DISCover FTP - TCP -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\DISC\myFTP.exe|Name=DISCover FTP|AutoGenIPsec=FALSE|Edge=FALSE| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\DISCover Drop & Play System - UDP -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\DISC\DISCover.exe|Name=DISCover Drop & Play System|AutoGenIPsec=FALSE|Edge=FALSE| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\DISCover Stream Hub - UDP -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\DISC\DiscStreamHub.exe|Name=DISCover Stream Hub|AutoGenIPsec=FALSE|Edge=FALSE| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules\\DISCover FTP - UDP -> v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=C:\Program Files\DISC\myFTP.exe|Name=DISCover FTP|AutoGenIPsec=FALSE|Edge=FALSE| -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 12295 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 6:24:37 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.1.1 | Size = 10800 bytes | Modified Date = 10/10/2006 12:53:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DISC\DISCover.exe -> %ProgramFiles%\DISC\DISCover.exe [C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System] -> Digital Interactive Systems Corporation [Ver = 3.43.97.1031 | Size = 1095256 bytes | Modified Date = 10/30/2007 9:57:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DISC\DiscStreamHub.exe -> %ProgramFiles%\DISC\DiscStreamHub.exe [C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub] -> Digital Interactive Systems Corporation, Inc. [Ver = 3.43.97.1031 | Size = 75352 bytes | Modified Date = 10/30/2007 9:57:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 2/8/2008 4:32:57 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 6/21/2008 12:47:41 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.5.0.20 | Size = 17152808 bytes | Modified Date = 12/11/2007 1:10:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\World of Warcraft\BackgroundDownloader.exe -> %ProgramFiles%\World of Warcraft\BackgroundDownloader.exe [C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader] -> Blizzard Entertainment [Ver = 1, 8, 2, 426 | Size = 1082000 bytes | Modified Date = 9/30/2008 5:50:44 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> %ProgramFiles%\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 4/27/2007 4:17:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Vuze\Azureus.exe -> %ProgramFiles%\Vuze\Azureus.exe [C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3724:TCP -> 3724:TCP:*:Enabled:blizzard downloader -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6112:TCP -> 6112:TCP:*:Enabled:blizzard downloader -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 6:39:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/9/2004 11:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 6:39:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 10/13/2008 8:42:45 PM | Attr = HS] setup -> %SystemRoot%\System32\drivers\setup -> [Folder | Created Date = 9/22/2008 8:30:51 PM | Attr = ] downloader -> %SystemRoot%\System32\drivers\setup\downloader -> [Folder | Created Date = 9/22/2008 8:30:51 PM | Attr = ] downloader.exe -> %SystemRoot%\System32\drivers\setup\downloader\downloader.exe -> [Ver = | Size = 40960 bytes | Created Date = 9/22/2008 8:30:51 PM | Attr = ] files -> %SystemRoot%\System32\drivers\setup\downloader\files -> [Folder | Created Date = 9/29/2008 10:31:47 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\setup\hosts -> [Folder | Created Date = 9/22/2008 8:30:51 PM | Attr = ] hosts.exe -> %SystemRoot%\System32\drivers\setup\hosts\hosts.exe -> [Ver = | Size = 24576 bytes | Created Date = 9/22/2008 8:30:51 PM | Attr = ] hostsmon.exe -> %SystemRoot%\System32\drivers\setup\hosts\hostsmon.exe -> [Ver = | Size = 24576 bytes | Created Date = 9/22/2008 8:30:51 PM | Attr = ] irc -> %SystemRoot%\System32\drivers\setup\irc -> [Folder | Created Date = 9/22/2008 8:30:51 PM | Attr = ] irc.exe -> %SystemRoot%\System32\drivers\setup\irc\irc.exe -> [Ver = | Size = 24576 bytes | Created Date = 9/22/2008 8:30:52 PM | Attr = ] manager.exe -> %SystemRoot%\System32\drivers\setup\manager.exe -> [Ver = | Size = 28672 bytes | Created Date = 9/22/2008 8:30:51 PM | Attr = ] startup.reg -> %SystemRoot%\System32\drivers\setup\startup.reg -> [Ver = | Size = 632 bytes | Created Date = 9/22/2008 8:30:51 PM | Attr = ] awturrPJ.dll -> %SystemRoot%\System32\awturrPJ.dll -> [Ver = | Size = 250880 bytes | Created Date = 10/7/2008 12:11:50 AM | Attr = ] cyuxgjmh.ini -> %SystemRoot%\System32\cyuxgjmh.ini -> [Ver = | Size = 1065292 bytes | Created Date = 10/9/2008 12:18:04 AM | Attr = HS] efcCvTMF.dll -> %SystemRoot%\System32\efcCvTMF.dll -> [Ver = | Size = 45056 bytes | Created Date = 10/7/2008 12:06:47 AM | Attr = ] ewbfafsp.dll -> %SystemRoot%\System32\ewbfafsp.dll -> [Ver = | Size = 77824 bytes | Created Date = 10/12/2008 1:50:50 PM | Attr = ] faqzxo.dll -> %SystemRoot%\System32\faqzxo.dll -> [Ver = | Size = 111104 bytes | Created Date = 10/11/2008 1:21:23 PM | Attr = ] gcyhlohy.dll -> %SystemRoot%\System32\gcyhlohy.dll -> [Ver = | Size = 155648 bytes | Created Date = 10/13/2008 8:42:28 PM | Attr = ] giofqmql.ini -> %SystemRoot%\System32\giofqmql.ini -> [Ver = | Size = 1123603 bytes | Created Date = 10/13/2008 6:57:28 PM | Attr = HS] gpqqlyxr.ini -> %SystemRoot%\System32\gpqqlyxr.ini -> [Ver = | Size = 1046787 bytes | Created Date = 10/8/2008 6:55:05 AM | Attr = HS] hrnokw.dll -> %SystemRoot%\System32\hrnokw.dll -> [Ver = | Size = 112128 bytes | Created Date = 10/12/2008 1:52:49 PM | Attr = ] JPrrutwa.ini -> %SystemRoot%\System32\JPrrutwa.ini -> [Ver = | Size = 941766 bytes | Created Date = 10/7/2008 12:11:56 AM | Attr = HS] JPrrutwa.ini2 -> %SystemRoot%\System32\JPrrutwa.ini2 -> [Ver = | Size = 941766 bytes | Created Date = 10/7/2008 12:11:57 AM | Attr = HS] jtdcou.dll -> %SystemRoot%\System32\jtdcou.dll -> [Ver = | Size = 112128 bytes | Created Date = 10/9/2008 12:15:05 AM | Attr = ] lqmqfoig.dll -> %SystemRoot%\System32\lqmqfoig.dll -> [Ver = | Size = 75264 bytes | Created Date = 10/13/2008 6:57:27 PM | Attr = ] oodwas.dll -> %SystemRoot%\System32\oodwas.dll -> [Ver = | Size = 110592 bytes | Created Date = 10/13/2008 6:54:45 PM | Attr = ] ppbhjtnb.dll -> %SystemRoot%\System32\ppbhjtnb.dll -> [Ver = | Size = 112128 bytes | Created Date = 10/9/2008 12:15:04 AM | Attr = ] psfafbwe.ini -> %SystemRoot%\System32\psfafbwe.ini -> [Ver = | Size = 1119510 bytes | Created Date = 10/12/2008 1:50:50 PM | Attr = HS] puieylwt.dll -> %SystemRoot%\System32\puieylwt.dll -> [Ver = | Size = 112128 bytes | Created Date = 10/12/2008 1:52:48 PM | Attr = ] qqvdxfjd.dll -> %SystemRoot%\System32\qqvdxfjd.dll -> [Ver = | Size = 112128 bytes | Created Date = 10/8/2008 6:57:56 AM | Attr = ] rqRLdEVM.dll -> %SystemRoot%\System32\rqRLdEVM.dll -> [Ver = | Size = 45056 bytes | Created Date = 10/7/2008 12:06:47 AM | Attr = ] sgsbhfok.dll -> %SystemRoot%\System32\sgsbhfok.dll -> [Ver = | Size = 109568 bytes | Created Date = 10/10/2008 12:13:03 PM | Attr = ] svveqkpt.dll -> %SystemRoot%\System32\svveqkpt.dll -> [Ver = | Size = 111104 bytes | Created Date = 10/11/2008 1:21:22 PM | Attr = ] tnhltpey.ini -> %SystemRoot%\System32\tnhltpey.ini -> [Ver = | Size = 1119510 bytes | Created Date = 10/11/2008 1:19:18 PM | Attr = HS] ugtjieru.dll -> %SystemRoot%\System32\ugtjieru.dll -> [Ver = | Size = 155648 bytes | Created Date = 10/7/2008 12:13:10 AM | Attr = ] uhgnavst.dll -> %SystemRoot%\System32\uhgnavst.dll -> [Ver = | Size = 110592 bytes | Created Date = 10/13/2008 6:54:44 PM | Attr = ] uodachkb.ini -> %SystemRoot%\System32\uodachkb.ini -> [Ver = | Size = 1119510 bytes | Created Date = 10/10/2008 12:11:00 PM | Attr = HS] zaqzmn.dll -> %SystemRoot%\System32\zaqzmn.dll -> [Ver = | Size = 112128 bytes | Created Date = 10/8/2008 6:57:57 AM | Attr = ] zrjxae.dll -> %SystemRoot%\System32\zrjxae.dll -> [Ver = | Size = 109568 bytes | Created Date = 10/10/2008 12:13:04 PM | Attr = ] temp -> %SystemRoot%\temp -> [Folder | Created Date = 10/8/2008 10:02:57 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 9/29/2008 9:55:37 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Apple -> %AllUsersProfile%\Application Data\Apple -> [Folder | Created Date = 9/29/2008 9:55:29 PM | Attr = ] Azureus -> %AllUsersProfile%\Application Data\Azureus -> [Folder | Created Date = 10/6/2008 11:51:36 PM | Attr = ] PACE Anti-Piracy -> %AllUsersProfile%\Application Data\PACE Anti-Piracy -> [Folder | Created Date = 9/22/2008 8:11:04 PM | Attr = ] Antares -> %AppData%\Antares -> [Folder | Created Date = 9/22/2008 8:08:17 PM | Attr = ] Azureus -> %AppData%\Azureus -> [Folder | Created Date = 10/6/2008 11:51:30 PM | Attr = ] PACE Anti-Piracy -> %AppData%\PACE Anti-Piracy -> [Folder | Created Date = 9/22/2008 8:11:04 PM | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Created Date = 10/7/2008 12:06:22 AM | Attr = ] PACE Anti-Piracy -> %UserProfile%\Local Settings\Application Data\PACE Anti-Piracy -> [Folder | Created Date = 9/22/2008 8:11:04 PM | Attr = ] Azureus Downloads -> %UserProfile%\My Documents\Azureus Downloads -> [Folder | Created Date = 10/6/2008 11:51:58 PM | Attr = ] black hawk down.wps -> %UserProfile%\My Documents\black hawk down.wps -> [Ver = | Size = 9728 bytes | Created Date = 9/18/2008 8:48:40 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1615 bytes | Created Date = 9/29/2008 9:56:19 PM | Attr = ] 10 - Superman.mp3 -> %UserProfile%\Desktop\10 - Superman.mp3 -> [Ver = | Size = 7387203 bytes | Created Date = 10/9/2008 9:59:55 PM | Attr = ] 11 - Green Lights.mp3 -> %UserProfile%\Desktop\11 - Green Lights.mp3 -> [Ver = | Size = 7774920 bytes | Created Date = 10/9/2008 9:59:38 PM | Attr = ] 12 - My Wonderful Pink Polo.mp3 -> %UserProfile%\Desktop\12 - My Wonderful Pink Polo.mp3 -> [Ver = | Size = 5974495 bytes | Created Date = 10/9/2008 9:57:35 PM | Attr = ] 16 - STH.mp3 -> %UserProfile%\Desktop\16 - STH.mp3 -> [Ver = | Size = 24400435 bytes | Created Date = 10/9/2008 9:59:19 PM | Attr = ] AimOne All to MP3 Converter.lnk -> %UserProfile%\Desktop\AimOne All to MP3 Converter.lnk -> [Ver = | Size = 676 bytes | Created Date = 9/30/2008 7:17:19 PM | Attr = ] Akon feat Lil Wayne - Im So Paid - HotNewHipHop.com.mp3 -> %UserProfile%\Desktop\Akon feat Lil Wayne - Im So Paid - HotNewHipHop.com.mp3 -> [Ver = | Size = 8272760 bytes | Created Date = 10/9/2008 10:26:01 PM | Attr = ] every time i do it.aif -> %UserProfile%\Desktop\every time i do it.aif -> [Ver = | Size = 19304830 bytes | Created Date = 10/7/2008 9:26:30 PM | Attr = ] every time i do it.mp3 -> %UserProfile%\Desktop\every time i do it.mp3 -> [Ver = | Size = 1747647 bytes | Created Date = 10/7/2008 9:29:36 PM | Attr = ] get money EDITED cover.avi -> %UserProfile%\Desktop\get money EDITED cover.avi -> [Ver = | Size = 12579920 bytes | Created Date = 9/26/2008 1:25:51 PM | Attr = ] get money EDITED cover_0.mp3 -> %UserProfile%\Desktop\get money EDITED cover_0.mp3 -> [Ver = | Size = 1138827 bytes | Created Date = 10/7/2008 12:15:10 AM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 10/13/2008 8:43:40 PM | Attr = ] social doubt test.wav -> %UserProfile%\Desktop\social doubt test.wav -> [Ver = | Size = 14023844 bytes | Created Date = 9/20/2008 11:26:31 PM | Attr = ] social doubt.wav -> %UserProfile%\Desktop\social doubt.wav -> [Ver = | Size = 27485372 bytes | Created Date = 9/21/2008 11:41:37 PM | Attr = ] social doubtt.wav -> %UserProfile%\Desktop\social doubtt.wav -> [Ver = | Size = 11123872 bytes | Created Date = 9/21/2008 11:53:10 PM | Attr = ] Untitled Project -> %UserProfile%\Desktop\Untitled Project -> [Folder | Created Date = 9/20/2008 9:00:57 PM | Attr = R ] Apple -> %CommonProgramFiles%\Apple -> [Folder | Created Date = 9/29/2008 9:56:02 PM | Attr = ] Digidesign -> %CommonProgramFiles%\Digidesign -> [Folder | Created Date = 9/22/2008 8:08:14 PM | Attr = ] PACE Anti-Piracy -> %CommonProgramFiles%\PACE Anti-Piracy -> [Folder | Created Date = 9/22/2008 8:11:04 PM | Attr = ] AimOne_AlltoMP3 -> %ProgramFiles%\AimOne_AlltoMP3 -> [Folder | Created Date = 9/30/2008 7:17:19 PM | Attr = ] AnalogX -> %ProgramFiles%\AnalogX -> [Folder | Created Date = 9/22/2008 8:36:17 PM | Attr = ] Antares -> %ProgramFiles%\Antares -> [Folder | Created Date = 9/22/2008 8:31:21 PM | Attr = ] Antares Audio Technologies -> %ProgramFiles%\Antares Audio Technologies -> [Folder | Created Date = 9/22/2008 5:32:57 PM | Attr = ] Apple Software Update -> %ProgramFiles%\Apple Software Update -> [Folder | Created Date = 9/29/2008 9:55:29 PM | Attr = ] AskSBar -> %ProgramFiles%\AskSBar -> [Folder | Created Date = 10/6/2008 11:51:25 PM | Attr = ] Combined Community Codec Pack -> %ProgramFiles%\Combined Community Codec Pack -> [Folder | Created Date = 10/6/2008 11:59:10 PM | Attr = ] QuickTime -> %ProgramFiles%\QuickTime -> [Folder | Created Date = 9/29/2008 9:55:58 PM | Attr = ] WinRAR -> %ProgramFiles%\WinRAR -> [Folder | Created Date = 10/7/2008 12:06:07 AM | Attr = ] [Files/Folders - Modified Within 30 days] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005113344 bytes | Modified Date = 10/13/2008 12:41:31 PM | Attr = HS] awturrPJ.dll -> %SystemRoot%\System32\awturrPJ.dll -> [Ver = | Size = 250880 bytes | Modified Date = 10/7/2008 12:11:54 AM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> cyuxgjmh.ini -> %SystemRoot%\System32\cyuxgjmh.ini -> [Ver = | Size = 1065292 bytes | Modified Date = 10/10/2008 12:10:28 PM | Attr = HS] efcCvTMF.dll -> %SystemRoot%\System32\efcCvTMF.dll -> [Ver = | Size = 45056 bytes | Modified Date = 10/7/2008 12:06:47 AM | Attr = ] ewbfafsp.dll -> %SystemRoot%\System32\ewbfafsp.dll -> [Ver = | Size = 77824 bytes | Modified Date = 10/12/2008 1:50:50 PM | Attr = ] faqzxo.dll -> %SystemRoot%\System32\faqzxo.dll -> [Ver = | Size = 111104 bytes | Modified Date = 10/11/2008 1:21:23 PM | Attr = ] gcyhlohy.dll -> %SystemRoot%\System32\gcyhlohy.dll -> [Ver = | Size = 155648 bytes | Modified Date = 10/13/2008 8:42:28 PM | Attr = ] giofqmql.ini -> %SystemRoot%\System32\giofqmql.ini -> [Ver = | Size = 1123603 bytes | Modified Date = 10/13/2008 6:58:42 PM | Attr = HS] gpqqlyxr.ini -> %SystemRoot%\System32\gpqqlyxr.ini -> [Ver = | Size = 1046787 bytes | Modified Date = 10/8/2008 7:25:46 PM | Attr = HS] hrnokw.dll -> %SystemRoot%\System32\hrnokw.dll -> [Ver = | Size = 112128 bytes | Modified Date = 10/12/2008 1:52:49 PM | Attr = ] JPrrutwa.ini -> %SystemRoot%\System32\JPrrutwa.ini -> [Ver = | Size = 941766 bytes | Modified Date = 10/13/2008 8:45:15 PM | Attr = HS] JPrrutwa.ini2 -> %SystemRoot%\System32\JPrrutwa.ini2 -> [Ver = | Size = 941766 bytes | Modified Date = 10/13/2008 8:43:16 PM | Attr = HS] jtdcou.dll -> %SystemRoot%\System32\jtdcou.dll -> [Ver = | Size = 112128 bytes | Modified Date = 10/9/2008 12:15:05 AM | Attr = ] lqmqfoig.dll -> %SystemRoot%\System32\lqmqfoig.dll -> [Ver = | Size = 75264 bytes | Modified Date = 10/13/2008 6:57:28 PM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 87785 bytes | Modified Date = 10/13/2008 12:42:12 PM | Attr = ] oodwas.dll -> %SystemRoot%\System32\oodwas.dll -> [Ver = | Size = 110592 bytes | Modified Date = 10/13/2008 6:54:45 PM | Attr = ] ppbhjtnb.dll -> %SystemRoot%\System32\ppbhjtnb.dll -> [Ver = | Size = 112128 bytes | Modified Date = 10/9/2008 12:15:05 AM | Attr = ] psfafbwe.ini -> %SystemRoot%\System32\psfafbwe.ini -> [Ver = | Size = 1119510 bytes | Modified Date = 10/12/2008 1:50:59 PM | Attr = HS] puieylwt.dll -> %SystemRoot%\System32\puieylwt.dll -> [Ver = | Size = 112128 bytes | Modified Date = 10/12/2008 1:52:49 PM | Attr = ] qqvdxfjd.dll -> %SystemRoot%\System32\qqvdxfjd.dll -> [Ver = | Size = 112128 bytes | Modified Date = 10/8/2008 6:57:57 AM | Attr = ] rqRLdEVM.dll -> %SystemRoot%\System32\rqRLdEVM.dll -> [Ver = | Size = 45056 bytes | Modified Date = 10/7/2008 12:06:47 AM | Attr = ] sgsbhfok.dll -> %SystemRoot%\System32\sgsbhfok.dll -> [Ver = | Size = 109568 bytes | Modified Date = 10/10/2008 12:13:04 PM | Attr = ] svveqkpt.dll -> %SystemRoot%\System32\svveqkpt.dll -> [Ver = | Size = 111104 bytes | Modified Date = 10/11/2008 1:21:23 PM | Attr = ] tnhltpey.ini -> %SystemRoot%\System32\tnhltpey.ini -> [Ver = | Size = 1119510 bytes | Modified Date = 10/12/2008 1:50:22 PM | Attr = HS] ugtjieru.dll -> %SystemRoot%\System32\ugtjieru.dll -> [Ver = | Size = 155648 bytes | Modified Date = 10/7/2008 12:13:10 AM | Attr = ] uhgnavst.dll -> %SystemRoot%\System32\uhgnavst.dll -> [Ver = | Size = 110592 bytes | Modified Date = 10/13/2008 6:54:45 PM | Attr = ] uodachkb.ini -> %SystemRoot%\System32\uodachkb.ini -> [Ver = | Size = 1119510 bytes | Modified Date = 10/11/2008 1:18:45 PM | Attr = HS] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 10/13/2008 12:42:22 PM | Attr = ] zaqzmn.dll -> %SystemRoot%\System32\zaqzmn.dll -> [Ver = | Size = 112128 bytes | Modified Date = 10/8/2008 6:57:57 AM | Attr = ] zrjxae.dll -> %SystemRoot%\System32\zrjxae.dll -> [Ver = | Size = 109568 bytes | Modified Date = 10/10/2008 12:13:04 PM | Attr = ] hpsysdrv.DAT -> %SystemRoot%\System\hpsysdrv.DAT -> [Ver = | Size = 186 bytes | Modified Date = 10/13/2008 12:43:03 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/13/2008 12:41:40 PM | Attr = S] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 10/8/2008 9:59:52 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 10/7/2008 9:55:09 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/13/2008 12:41:50 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 8/22/2008 11:01:59 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 9/9/2008 3:04:36 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 9/9/2008 3:04:36 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 8/28/2008 9:09:01 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/7/2006 5:12:31 PM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 162451 bytes | Modified Date = 8/28/2008 7:25:14 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] wklnhst.dat -> %AppData%\wklnhst.dat -> [Ver = | Size = 2056 bytes | Modified Date = 9/18/2008 8:51:32 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 10752 bytes | Modified Date = 10/7/2008 9:29:31 PM | Attr = ] black hawk down.wps -> %UserProfile%\My Documents\black hawk down.wps -> [Ver = | Size = 9728 bytes | Modified Date = 9/18/2008 8:51:32 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1615 bytes | Modified Date = 9/29/2008 9:56:19 PM | Attr = ] AimOne All to MP3 Converter.lnk -> %UserProfile%\Desktop\AimOne All to MP3 Converter.lnk -> [Ver = | Size = 676 bytes | Modified Date = 10/7/2008 12:06:58 AM | Attr = ] Akon feat Lil Wayne - Im So Paid - HotNewHipHop.com.mp3 -> %UserProfile%\Desktop\Akon feat Lil Wayne - Im So Paid - HotNewHipHop.com.mp3 -> [Ver = | Size = 8272760 bytes | Modified Date = 10/7/2008 7:39:36 PM | Attr = ] every time i do it.aif -> %UserProfile%\Desktop\every time i do it.aif -> [Ver = | Size = 19304830 bytes | Modified Date = 10/7/2008 9:26:30 PM | Attr = ] every time i do it.mp3 -> %UserProfile%\Desktop\every time i do it.mp3 -> [Ver = | Size = 1747647 bytes | Modified Date = 10/7/2008 9:29:48 PM | Attr = ] get money EDITED cover.avi -> %UserProfile%\Desktop\get money EDITED cover.avi -> [Ver = | Size = 12579920 bytes | Modified Date = 9/26/2008 1:25:51 PM | Attr = ] get money EDITED cover_0.mp3 -> %UserProfile%\Desktop\get money EDITED cover_0.mp3 -> [Ver = | Size = 1138827 bytes | Modified Date = 10/7/2008 12:15:17 AM | Attr = ] social doubt test.wav -> %UserProfile%\Desktop\social doubt test.wav -> [Ver = | Size = 14023844 bytes | Modified Date = 9/20/2008 11:26:32 PM | Attr = ] social doubt.wav -> %UserProfile%\Desktop\social doubt.wav -> [Ver = | Size = 27485372 bytes | Modified Date = 9/21/2008 11:41:40 PM | Attr = ] social doubtt.wav -> %UserProfile%\Desktop\social doubtt.wav -> [Ver = | Size = 11123872 bytes | Modified Date = 9/21/2008 11:53:10 PM | Attr = ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] Application Data -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 10/6/2008 11:51:36 PM | Attr = H ] Ableton -> C:\Documents and Settings\All Users\Application Data\Ableton -> [Folder | Modified Date = 7/11/2008 11:48:00 PM | Attr = ] AOL -> C:\Documents and Settings\All Users\Application Data\AOL -> [Folder | Modified Date = 6/22/2007 3:51:30 AM | Attr = ] AOL Downloads -> C:\Documents and Settings\All Users\Application Data\AOL Downloads -> [Folder | Modified Date = 7/22/2008 12:36:32 AM | Attr = ] AOL OCP -> C:\Documents and Settings\All Users\Application Data\AOL OCP -> [Folder | Modified Date = 4/23/2007 2:58:24 PM | Attr = ] Apple -> C:\Documents and Settings\All Users\Application Data\Apple -> [Folder | Modified Date = 9/29/2008 9:55:29 PM | Attr = ] Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer -> [Folder | Modified Date = 11/2/2006 11:05:02 PM | Attr = ] Avg7 -> C:\Documents and Settings\All Users\Application Data\Avg7 -> [Folder | Modified Date = 7/28/2008 1:36:57 AM | Attr = ] AVS4YOU -> C:\Documents and Settings\All Users\Application Data\AVS4YOU -> [Folder | Modified Date = 8/15/2007 11:24:42 PM | Attr = ] Azureus -> C:\Documents and Settings\All Users\Application Data\Azureus -> [Folder | Modified Date = 10/6/2008 11:51:36 PM | Attr = ] CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink -> [Folder | Modified Date = 7/31/2006 6:25:38 PM | Attr = ] Digital Interactive Systems Corporation -> C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation -> [Folder | Modified Date = 9/16/2007 5:29:42 PM | Attr = ] Google -> C:\Documents and Settings\All Users\Application Data\Google -> [Folder | Modified Date = 11/27/2007 8:50:34 PM | Attr = ] Hewlett-Packard -> C:\Documents and Settings\All Users\Application Data\Hewlett-Packard -> [Folder | Modified Date = 7/31/2006 7:01:39 PM | Attr = ] Individual Software -> C:\Documents and Settings\All Users\Application Data\Individual Software -> [Folder | Modified Date = 11/7/2006 10:47:01 PM | Attr = ] InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield -> [Folder | Modified Date = 7/31/2006 6:18:38 PM | Attr = ] Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit -> [Folder | Modified Date = 7/31/2006 6:30:44 PM | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 9/22/2008 8:16:21 PM | Attr = S] @Alternate Data Stream - 1095 bytes -> %AllUsersProfile%\Application Data\Microsoft:IE9XO8THFxQMncPcnw4T4d @Alternate Data Stream - 1202 bytes -> %AllUsersProfile%\Application Data\Microsoft:qEJHz88G2ndz2VxMrJ4 @Alternate Data Stream - 1244 bytes -> %AllUsersProfile%\Application Data\Microsoft:tLd6NXdiAtRyO3GkUlc NVIDIA -> C:\Documents and Settings\All Users\Application Data\NVIDIA -> [Folder | Modified Date = 5/27/2007 8:43:10 PM | Attr = ] PACE Anti-Piracy -> C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy -> [Folder | Modified Date = 9/22/2008 8:11:05 PM | Attr = ] Protexis -> C:\Documents and Settings\All Users\Application Data\Protexis -> [Folder | Modified Date = 6/5/2007 5:31:42 PM | Attr = ] SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [Folder | Modified Date = 7/31/2006 6:06:54 PM | Attr = ] Skype -> C:\Documents and Settings\All Users\Application Data\Skype -> [Folder | Modified Date = 8/7/2007 1:54:37 AM | Attr = ] Sonic -> C:\Documents and Settings\All Users\Application Data\Sonic -> [Folder | Modified Date = 7/31/2006 6:12:31 PM | Attr = ] SUPERAntiSpyware.com -> C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 6/14/2008 3:39:32 PM | Attr = ] Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec -> [Folder | Modified Date = 8/18/2008 9:04:31 PM | Attr = ] TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [Folder | Modified Date = 10/6/2008 11:39:02 PM | Attr = ] @Alternate Data Stream - 362 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF @Alternate Data Stream - 100 bytes -> %AllUsersProfile%\Application Data\TEMP:3553E6B8 Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [Folder | Modified Date = 4/26/2007 10:08:55 PM | Attr = ] WildTangent -> C:\Documents and Settings\All Users\Application Data\WildTangent -> [Folder | Modified Date = 10/29/2006 12:42:03 PM | Attr = ] Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 1/7/2007 6:02:44 PM | Attr = ] Yahoo! Companion -> C:\Documents and Settings\All Users\Application Data\Yahoo! Companion -> [Folder | Modified Date = 10/28/2006 4:58:35 PM | Attr = ] Application Data -> C:\Documents and Settings\HP_Administrator\Application Data -> [Folder | Modified Date = 10/7/2008 12:06:22 AM | Attr = RH ] Ableton -> C:\Documents and Settings\HP_Administrator\Application Data\Ableton -> [Folder | Modified Date = 7/28/2008 12:17:01 AM | Attr = ] acccore -> C:\Documents and Settings\HP_Administrator\Application Data\acccore -> [Folder | Modified Date = 6/22/2007 3:51:34 AM | Attr = ] Adobe -> C:\Documents and Settings\HP_Administrator\Application Data\Adobe -> [Folder | Modified Date = 12/29/2007 4:35:04 AM | Attr = ] AdobeUM -> C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM -> [Folder | Modified Date = 11/10/2006 5:06:59 PM | Attr = ] AdwareAlert -> C:\Documents and Settings\HP_Administrator\Application Data\AdwareAlert -> [Folder | Modified Date = 11/25/2007 4:11:16 PM | Attr = ] Aim -> C:\Documents and Settings\HP_Administrator\Application Data\Aim -> [Folder | Modified Date = 6/22/2007 3:56:59 AM | Attr = ] Antares -> C:\Documents and Settings\HP_Administrator\Application Data\Antares -> [Folder | Modified Date = 9/22/2008 8:08:17 PM | Attr = ] Apple Computer -> C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer -> [Folder | Modified Date = 10/31/2006 10:51:13 PM | Attr = ] AVSMedia -> C:\Documents and Settings\HP_Administrator\Application Data\AVSMedia -> [Folder | Modified Date = 9/19/2007 4:47:59 PM | Attr = ] Azureus -> C:\Documents and Settings\HP_Administrator\Application Data\Azureus -> [Folder | Modified Date = 10/7/2008 9:52:42 AM | Attr = ] CyberLink -> C:\Documents and Settings\HP_Administrator\Application Data\CyberLink -> [Folder | Modified Date = 5/21/2007 8:33:00 PM | Attr = ] funkitron -> C:\Documents and Settings\HP_Administrator\Application Data\funkitron -> [Folder | Modified Date = 5/30/2007 10:43:23 PM | Attr = ] GetRightToGo -> C:\Documents and Settings\HP_Administrator\Application Data\GetRightToGo -> [Folder | Modified Date = 9/26/2007 5:02:15 PM | Attr = ] Google -> C:\Documents and Settings\HP_Administrator\Application Data\Google -> [Folder | Modified Date = 4/16/2007 3:16:02 PM | Attr = ] Help -> C:\Documents and Settings\HP_Administrator\Application Data\Help -> [Folder | Modified Date = 4/1/2007 4:33:11 PM | Attr = ] HP -> C:\Documents and Settings\HP_Administrator\Application Data\HP -> [Folder | Modified Date = 10/28/2006 5:29:14 PM | Attr = ] HPQ -> C:\Documents and Settings\HP_Administrator\Application Data\HPQ -> [Folder | Modified Date = 11/7/2006 10:22:23 PM | Attr = ] Identities -> C:\Documents and Settings\HP_Administrator\Application Data\Identities -> [Folder | Modified Date = 11/14/2005 8:04:10 PM | Attr = ] Intuit -> C:\Documents and Settings\HP_Administrator\Application Data\Intuit -> [Folder | Modified Date = 7/31/2006 6:30:44 PM | Attr = ] Leadertech -> C:\Documents and Settings\HP_Administrator\Application Data\Leadertech -> [Folder | Modified Date = 6/8/2007 7:35:37 PM | Attr = ] Macromedia -> C:\Documents and Settings\HP_Administrator\Application Data\Macromedia -> [Folder | Modified Date = 10/28/2006 4:58:45 PM | Attr = ] Microsoft -> C:\Documents and Settings\HP_Administrator\Application Data\Microsoft -> [Folder | Modified Date = 8/24/2008 12:04:07 AM | Attr = S] NCH Swift Sound -> C:\Documents and Settings\HP_Administrator\Application Data\NCH Swift Sound -> [Folder | Modified Date = 7/28/2008 1:32:52 AM | Attr = ] PACE Anti-Piracy -> C:\Documents and Settings\HP_Administrator\Application Data\PACE Anti-Piracy -> [Folder | Modified Date = 9/22/2008 8:11:05 PM | Attr = ] Real -> C:\Documents and Settings\HP_Administrator\Application Data\Real -> [Folder | Modified Date = 9/29/2008 9:48:51 PM | Attr = ] Sonic -> C:\Documents and Settings\HP_Administrator\Application Data\Sonic -> [Folder | Modified Date = 6/8/2007 7:35:42 PM | Attr = ] Sun -> C:\Documents and Settings\HP_Administrator\Application Data\Sun -> [Folder | Modified Date = 1/21/2007 9:32:31 PM | Attr = ] SUPERAntiSpyware.com -> C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 6/14/2008 3:39:22 PM | Attr = ] teamspeak2 -> C:\Documents and Settings\HP_Administrator\Application Data\teamspeak2 -> [Folder | Modified Date = 11/9/2006 9:43:42 PM | Attr = ] Template -> C:\Documents and Settings\HP_Administrator\Application Data\Template -> [Folder | Modified Date = 11/7/2006 5:12:39 PM | Attr = ] uTorrent -> C:\Documents and Settings\HP_Administrator\Application Data\uTorrent -> [Folder | Modified Date = 9/30/2008 1:32:12 AM | Attr = ] Ventrilo -> C:\Documents and Settings\HP_Administrator\Application Data\Ventrilo -> [Folder | Modified Date = 12/28/2006 7:05:59 PM | Attr = ] Viewpoint -> C:\Documents and Settings\HP_Administrator\Application Data\Viewpoint -> [Folder | Modified Date = 4/26/2007 10:08:57 PM | Attr = ] WildTangent -> C:\Documents and Settings\HP_Administrator\Application Data\WildTangent -> [Folder | Modified Date = 10/29/2006 12:42:04 PM | Attr = ] WinBatch -> C:\Documents and Settings\HP_Administrator\Application Data\WinBatch -> [Folder | Modified Date = 8/27/2007 3:57:42 PM | Attr = ] WinRAR -> C:\Documents and Settings\HP_Administrator\Application Data\WinRAR -> [Folder | Modified Date = 10/7/2008 12:06:22 AM | Attr = ] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 9/29/2008 9:55:37 PM | Attr = S] AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 10/7/2008 9:55:09 PM | Attr = ] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 8/10/2004 6:00:00 AM | Attr = RH ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/13/2008 12:41:50 PM | Attr = H ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\Administrator\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Application Data\Microsoft:IE9XO8THFxQMncPcnw4T4d 1095 bytes C:\Documents and Settings\All Users\Application Data\Microsoft:qEJHz88G2ndz2VxMrJ4 1202 bytes C:\Documents and Settings\All Users\Application Data\Microsoft:tLd6NXdiAtRyO3GkUlc 1244 bytes C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF 362 bytes C:\Documents and Settings\All Users\Application Data\TEMP:3553E6B8 100 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Landscapes - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Masterpieces - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Nature - GalleryPlayer\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Videos\ehthumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\Cookies:4OOmAAPaa1n2OS1pZWdvIOcLA 1230 bytes C:\Documents and Settings\HP_Administrator\Favorites\2006 Triton TS-17, New, Never Used.url:favicon 1150 bytes C:\Documents and Settings\HP_Administrator\Favorites\eBay Motors 99-06 99-07 chevy-gmc 2-3 leveling lift kit silverado (item 360043647272 end time Apr-23-08 091453 PDT).url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\Google.url:favicon 1406 bytes C:\Documents and Settings\HP_Administrator\Favorites\MSN.com.url:favicon 3638 bytes C:\Documents and Settings\HP_Administrator\Favorites\Yahoo!.url:favicon 1150 bytes C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\ehome\musicThumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\KArVBEaslrX:1Z5wKlXTiQLz1ri7fD 1203 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Music\iTunes\iTunes Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Music\iTunes\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007-01 (Jan)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\2007-02 (Feb)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\cam truck\cam truck.dvd:Afp_AfpInfo 48 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\cam truck\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\me n tay\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Videos\AVSMedia\VideotoGO\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\HP_Administrator\My Documents\My Videos\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 982 < End of report > [/code]