Part 3:
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\IEUpdate -> C:\WINDOWS\system32\12520850k.exe [C:\WINDOWS\system32\12520850k.exe] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> ->
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] ->
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 748 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 ->
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages ->
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\IEUpdate -> C:\WINDOWS\system32\12520850k.exe [C:\WINDOWS\system32\12520850k.exe] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> ->
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder ->
Windows NT Access Provider -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 4B 3B 47 D8 2F 59 17 20 11 92 D7 81 47 97 80 23 66 33 30 38 36 65 65 33 00 FD 07 00 3E 55 00 00 34 FA 07 00 4E 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 4F 3D DD 36 AA 9F 08 7D 07 B8 80 F3 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 5F 44 D6 F5 97 8A 19 CF C6 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 85 D0 3E 60 E1 C2 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 7:00:00 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> E8 F2 3B 93 CD 9B 02 6E 0F 21 A7 DC FB 34 08 91 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL ->
http://www.passport.com ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 88 FB 43 66 01 C2 C6 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 16373 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Free Music Zilla\FMZilla.exe -> C:\Program Files\Free Music Zilla\FMZilla.exe [C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module] -> [Ver = 1, 0, 0, 5 | Size = 626688 bytes | Modified Date = 10/17/2007 9:45:42 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe -> C:\Program Files\BitComet\BitComet.exe [C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> www.BitComet.com [Ver = 0.62. | Size = 2678784 bytes | Modified Date = 2/13/2006 1:02:48 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent] -> [Ver = | Size = 472368 bytes | Modified Date = 5/24/2008 6:39:01 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ChadStewart\Profit Docs\ebay\various stuff\utorrent.exe -> C:\Documents and Settings\ChadStewart\Profit Docs\ebay\various stuff\utorrent.exe [C:\Documents and Settings\ChadStewart\Profit Docs\ebay\various stuff\utorrent.exe:*:Disabled:utorrent] -> [Ver = | Size = 133120 bytes | Modified Date = 2/21/2006 4:47:21 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\ChadStewart\Profit Docs\ebay\utorrent.exe -> C:\Documents and Settings\ChadStewart\Profit Docs\ebay\utorrent.exe [C:\Documents and Settings\ChadStewart\Profit Docs\ebay\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 6/2/2008 5:04:00 PM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Connect ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\51545:TCP -> 51545:TCP:*:Enabled:192.168.1.2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ]
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet ->
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService ->
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ]
TCPIP -> -> File not found
NTLMSSP -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 ->
[Files/Folders - Created Within 30 days]
327882R2FWJFW -> %SystemDrive%\327882R2FWJFW -> [Folder | Created Date = 5/27/2008 2:23:33 PM | Attr = ]
1 C:\*.tmp files -> C:\*.tmp ->
SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 5/28/2008 7:57:27 PM | Attr = ]
ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Created Date = 5/26/2008 7:47:59 PM | Attr = ]
iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 5/26/2008 7:47:59 PM | Attr = ]
iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 5/26/2008 7:47:59 PM | Attr = ]
kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 5/26/2008 7:47:59 PM | Attr = ]
pctfw2.sys -> %SystemRoot%\System32\drivers\pctfw2.sys -> PC Tools [Ver = 3, 0, 1, 11 | Size = 159880 bytes | Created Date = 5/26/2008 7:48:16 PM | Attr = ]
1064a -> %SystemRoot%\System32\1064a -> [Folder | Created Date = 5/24/2008 6:39:01 PM | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
at1 -> %SystemRoot%\System32\at1 -> [Folder | Created Date = 5/24/2008 6:39:01 PM | Attr = ]
blphc762j0eaep.scr -> %SystemRoot%\System32\blphc762j0eaep.scr -> Peter's Productions [Ver = 2.00.0002 | Size = 52736 bytes | Created Date = 6/2/2008 5:31:41 PM | Attr = ]
dvd2 -> %SystemRoot%\System32\dvd2 -> [Folder | Created Date = 5/24/2008 6:39:01 PM | Attr = ]
epempsdh.ini -> %SystemRoot%\System32\epempsdh.ini -> [Ver = | Size = 1433886 bytes | Created Date = 5/24/2008 6:49:13 PM | Attr = HS]
g39.exe -> %SystemRoot%\System32\g39.exe -> [Ver = | Size = 401963 bytes | Created Date = 5/24/2008 6:39:13 PM | Attr = ]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Created Date = 5/25/2008 10:05:08 PM | Attr = H ]
hI2 -> %SystemRoot%\System32\hI2 -> [Folder | Created Date = 5/24/2008 6:39:01 PM | Attr = ]
jjbmnktq.exe -> %SystemRoot%\System32\jjbmnktq.exe -> [Ver = | Size = 2560 bytes | Created Date = 5/24/2008 6:52:01 PM | Attr = ]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 5/27/2008 2:38:30 PM | Attr = ]
lphc762j0eaep.exe -> %SystemRoot%\System32\lphc762j0eaep.exe -> [Ver = | Size = 93184 bytes | Created Date = 6/2/2008 5:31:36 PM | Attr = ]
lwyestqy.dll -> %SystemRoot%\System32\lwyestqy.dll -> [Ver = | Size = 90960 bytes | Created Date = 5/24/2008 6:47:45 PM | Attr = ]
phc762j0eaep.bmp -> %SystemRoot%\System32\phc762j0eaep.bmp -> [Ver = | Size = 90838 bytes | Created Date = 6/2/2008 5:31:38 PM | Attr = ]
vbpdtvdp.exe -> %SystemRoot%\System32\vbpdtvdp.exe -> Microsoft [Ver = 2.34.0799 | Size = 87513 bytes | Created Date = 5/24/2008 6:38:45 PM | Attr = ]
Ycfggfii.ini -> %SystemRoot%\System32\Ycfggfii.ini -> [Ver = | Size = 919094 bytes | Created Date = 5/24/2008 6:45:52 PM | Attr = HS]
Ycfggfii.ini2 -> %SystemRoot%\System32\Ycfggfii.ini2 -> [Ver = | Size = 919094 bytes | Created Date = 5/24/2008 6:45:52 PM | Attr = HS]
?dobe -> %SystemRoot%\System32\Αdobe -> [Folder | Modified Date = 7/1/2007 1:41:11 AM | Attr = ]
??pPatch -> %SystemRoot%\System32\ΑрpPatch -> [Folder | Modified Date = 5/25/2008 7:17:46 PM | Attr = ]
accesss.exe -> %SystemRoot%\accesss.exe -> [Ver = | Size = 28416 bytes | Created Date = 5/28/2008 8:36:29 PM | Attr = ]
astctl32.ocx -> %SystemRoot%\astctl32.ocx -> [Ver = | Size = 26112 bytes | Created Date = 5/28/2008 8:36:29 PM | Attr = ]
avpcc.dll -> %SystemRoot%\avpcc.dll -> [Ver = | Size = 29696 bytes | Created Date = 5/28/2008 8:36:29 PM | Attr = ]
BM33d6f161.xml -> %SystemRoot%\BM33d6f161.xml -> [Ver = | Size = 109812 bytes | Created Date = 5/26/2008 7:44:37 PM | Attr = ]
clrssn.exe -> %SystemRoot%\clrssn.exe -> [Ver = | Size = 26368 bytes | Created Date = 5/28/2008 8:36:30 PM | Attr = ]
cpan.dll -> %SystemRoot%\cpan.dll -> [Ver = | Size = 22784 bytes | Created Date = 5/28/2008 8:36:30 PM | Attr = ]
ctfmon32.exe -> %SystemRoot%\ctfmon32.exe -> [Ver = | Size = 19200 bytes | Created Date = 5/28/2008 8:36:30 PM | Attr = ]
ctrlpan.dll -> %SystemRoot%\ctrlpan.dll -> [Ver = | Size = 27136 bytes | Created Date = 5/28/2008 8:36:30 PM | Attr = ]
default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1853 bytes | Created Date = 5/28/2008 8:35:29 PM | Attr = ]
directx32.exe -> %SystemRoot%\directx32.exe -> [Ver = | Size = 26624 bytes | Created Date = 5/28/2008 8:36:31 PM | Attr = ]
dnsrelay.dll -> %SystemRoot%\dnsrelay.dll -> [Ver = | Size = 9984 bytes | Created Date = 5/28/2008 8:36:31 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 5/28/2008 8:02:43 PM | Attr = ]
36 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
explore.exe -> %SystemRoot%\explore.exe -> [Ver = | Size = 19968 bytes | Created Date = 5/28/2008 8:36:31 PM | Attr = ]
explorer32.exe -> %SystemRoot%\explorer32.exe -> [Ver = | Size = 9728 bytes | Created Date = 5/28/2008 8:36:31 PM | Attr = ]
funniest.exe -> %SystemRoot%\funniest.exe -> [Ver = | Size = 11776 bytes | Created Date = 5/28/2008 8:36:31 PM | Attr = ]
funny.exe -> %SystemRoot%\funny.exe -> [Ver = | Size = 12032 bytes | Created Date = 5/28/2008 8:36:32 PM | Attr = ]
gfmnaaa.dll -> %SystemRoot%\gfmnaaa.dll -> [Ver = | Size = 19712 bytes | Created Date = 5/28/2008 8:36:32 PM | Attr = ]
helpcvs.exe -> %SystemRoot%\helpcvs.exe -> [Ver = | Size = 18432 bytes | Created Date = 5/28/2008 8:36:32 PM | Attr = ]
inetinf.exe -> %SystemRoot%\inetinf.exe -> [Ver = | Size = 29184 bytes | Created Date = 5/28/2008 8:36:33 PM | Attr = ]
loader.exe -> %SystemRoot%\loader.exe -> [Ver = | Size = 25856 bytes | Created Date = 5/28/2008 8:36:33 PM | Attr = ]
mainms.vpi -> %SystemRoot%\mainms.vpi -> [Ver = | Size = 138 bytes | Created Date = 5/24/2008 6:38:44 PM | Attr = RHS]
msspi.dll -> %SystemRoot%\msspi.dll -> [Ver = | Size = 15104 bytes | Created Date = 5/28/2008 8:36:33 PM | Attr = ]
mswsc10.dll -> %SystemRoot%\mswsc10.dll -> [Ver = | Size = 19968 bytes | Created Date = 5/28/2008 8:36:34 PM | Attr = ]
mswsc20.dll -> %SystemRoot%\mswsc20.dll -> [Ver = | Size = 32512 bytes | Created Date = 5/28/2008 8:36:34 PM | Attr = ]
mtwirl32.dll -> %SystemRoot%\mtwirl32.dll -> [Ver = | Size = 14848 bytes | Created Date = 5/28/2008 8:36:34 PM | Attr = ]
olehelp.exe -> %SystemRoot%\olehelp.exe -> [Ver = | Size = 27904 bytes | Created Date = 5/28/2008 8:36:35 PM | Attr = ]
pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 21 bytes | Created Date = 5/26/2008 7:44:37 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 6/3/2008 2:49:35 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 6/3/2008 2:49:35 PM | Attr = H ]
qttasks.exe -> %SystemRoot%\qttasks.exe -> [Ver = | Size = 21248 bytes | Created Date = 5/28/2008 8:36:35 PM | Attr = ]
rundll32.vbe -> %SystemRoot%\rundll32.vbe -> [Ver = | Size = 15104 bytes | Created Date = 5/28/2008 8:36:35 PM | Attr = ]
searchword.dll -> %SystemRoot%\searchword.dll -> [Ver = | Size = 29952 bytes | Created Date = 5/28/2008 8:36:36 PM | Attr = ]
sistem.exe -> %SystemRoot%\sistem.exe -> [Ver = | Size = 11520 bytes | Created Date = 5/28/2008 8:36:36 PM | Attr = ]
svcinit.exe -> %SystemRoot%\svcinit.exe -> [Ver = | Size = 8704 bytes | Created Date = 5/28/2008 8:36:36 PM | Attr = ]
systeem.exe -> %SystemRoot%\systeem.exe -> [Ver = | Size = 32000 bytes | Created Date = 5/28/2008 8:36:36 PM | Attr = ]
systemcritical.exe -> %SystemRoot%\systemcritical.exe -> [Ver = | Size = 13568 bytes | Created Date = 5/28/2008 8:36:37 PM | Attr = ]
time.exe -> %SystemRoot%\time.exe -> [Ver = | Size = 15616 bytes | Created Date = 5/28/2008 8:36:37 PM | Attr = ]
users32.exe -> %SystemRoot%\users32.exe -> [Ver = | Size = 25344 bytes | Created Date = 5/28/2008 8:36:37 PM | Attr = ]
waol.exe -> %SystemRoot%\waol.exe -> [Ver = | Size = 9984 bytes | Created Date = 5/28/2008 8:36:37 PM | Attr = ]
win32e.exe -> %SystemRoot%\win32e.exe -> [Ver = | Size = 28928 bytes | Created Date = 5/28/2008 8:36:38 PM | Attr = ]
win64.exe -> %SystemRoot%\win64.exe -> [Ver = | Size = 23552 bytes | Created Date = 5/28/2008 8:36:38 PM | Attr = ]
winajbm.dll -> %SystemRoot%\winajbm.dll -> [Ver = | Size = 11008 bytes | Created Date = 5/28/2008 8:36:38 PM | Attr = ]
winmgnt.exe -> %SystemRoot%\winmgnt.exe -> [Ver = | Size = 19200 bytes | Created Date = 5/28/2008 8:36:38 PM | Attr = ]
x.exe -> %SystemRoot%\x.exe -> [Ver = | Size = 30720 bytes | Created Date = 5/28/2008 8:36:38 PM | Attr = ]
xplugin.dll -> %SystemRoot%\xplugin.dll -> [Ver = | Size = 10752 bytes | Created Date = 5/28/2008 8:36:38 PM | Attr = ]
xxxvideo.hta -> %SystemRoot%\xxxvideo.hta -> [Ver = | Size = 10752 bytes | Created Date = 5/28/2008 8:36:39 PM | Attr = ]
y.exe -> %SystemRoot%\y.exe -> [Ver = | Size = 16896 bytes | Created Date = 5/28/2008 8:36:39 PM | Attr = ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
PC Tools -> %AllUsersProfile%\Application Data\PC Tools -> [Folder | Created Date = 5/26/2008 7:47:51 PM | Attr = ]
TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 5/26/2008 7:21:00 PM | Attr = ]
@Alternate Data Stream - 190 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
PC Tools -> %AppData%\PC Tools -> [Folder | Created Date = 5/26/2008 7:47:51 PM | Attr = ]
?ystem -> %UserProfile%\My Documents\ѕystem -> [Folder | Modified Date = 8/11/2007 1:57:09 PM | Attr = ]
Spyware Doctor.lnk -> %AllUsersProfile%\Desktop\Spyware Doctor.lnk -> [Ver = | Size = 1637 bytes | Created Date = 5/26/2008 7:48:06 PM | Attr = ]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 5/27/2008 2:25:15 PM | Attr = ]
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1955921 bytes | Created Date = 5/27/2008 2:22:32 PM | Attr = ]
HijackThis.exe -> %UserProfile%\Desktop\HijackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Created Date = 5/26/2008 7:12:06 PM | Attr = ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1403 bytes | Created Date = 5/26/2008 7:12:06 PM | Attr = ]
HJ.exe -> %UserProfile%\Desktop\HJ.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 5/26/2008 7:10:09 PM | Attr = ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/4/2008 11:39:44 AM | Attr = ]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 545259 bytes | Created Date = 5/29/2008 11:03:53 PM | Attr = ]
ProcessExplorer -> %UserProfile%\Desktop\ProcessExplorer -> [Folder | Created Date = 5/26/2008 7:15:38 PM | Attr = ]
ProcessExplorer.zip -> %UserProfile%\Desktop\ProcessExplorer.zip -> [Ver = | Size = 1604124 bytes | Created Date = 5/26/2008 7:14:54 PM | Attr = ]
scan.htm -> %UserProfile%\Desktop\scan.htm -> [Ver = | Size = 607047 bytes | Created Date = 5/27/2008 12:09:28 PM | Attr = ]
sdasetup.exe -> %UserProfile%\Desktop\sdasetup.exe -> PC Tools [Ver = 5.5.1.322 | Size = 31403344 bytes | Created Date = 5/26/2008 7:10:55 PM | Attr = ]
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe -> [Ver = | Size = 1681135 bytes | Created Date = 5/28/2008 7:55:45 PM | Attr = ]
PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Created Date = 5/26/2008 7:48:01 PM | Attr = ]
s?curity -> %CommonProgramFiles%\sеcurity -> [Folder | Modified Date = 6/30/2007 9:21:49 PM | Attr = ]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor -> [Folder | Created Date = 5/26/2008 7:47:51 PM | Attr = ]
uTorrent -> %ProgramFiles%\uTorrent -> [Folder | Created Date = 5/24/2008 6:38:54 PM | Attr = ]
?ystem32 -> %ProgramFiles%\ѕystem32 -> [Folder | Modified Date = 8/11/2007 1:56:59 PM | Attr = ]
[Files/Folders - Modified Within 30 days]
327882R2FWJFW -> %SystemDrive%\327882R2FWJFW -> [Folder | Modified Date = 5/29/2008 7:28:58 PM | Attr = ]
1 C:\*.tmp files -> C:\*.tmp ->
Music -> %SystemDrive%\Music -> [Folder | Modified Date = 6/3/2008 3:35:28 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/27/2008 3:03:59 PM | Attr = ]
quarantine -> %SystemDrive%\quarantine -> [Folder | Modified Date = 5/25/2008 7:18:46 PM | Attr = ]
SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 6/4/2008 11:32:31 AM | Attr = ]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 6/3/2008 4:23:30 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/4/2008 11:33:45 AM | Attr = ]
etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 5/28/2008 8:15:44 PM | Attr = ]
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [Ver = | Size = 686 bytes | Modified Date = 5/28/2008 8:15:44 PM | Attr = ]
1064a -> %SystemRoot%\System32\1064a -> [Folder | Modified Date = 5/24/2008 7:52:20 PM | Attr = ]
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 5/5/2008 7:19:53 PM | Attr = ]
at1 -> %SystemRoot%\System32\at1 -> [Folder | Modified Date = 5/24/2008 7:52:20 PM | Attr = ]
blphc762j0eaep.scr -> %SystemRoot%\System32\blphc762j0eaep.scr -> Peter's Productions [Ver = 2.00.0002 | Size = 52736 bytes | Modified Date = 6/4/2008 11:31:47 AM | Attr = ]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/3/2008 4:43:51 PM | Attr = ]
dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 5/27/2008 12:07:24 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 6/4/2008 11:33:54 AM | Attr = ]
dvd2 -> %SystemRoot%\System32\dvd2 -> [Folder | Modified Date = 5/24/2008 6:39:01 PM | Attr = ]
epempsdh.ini -> %SystemRoot%\System32\epempsdh.ini -> [Ver = | Size = 1433886 bytes | Modified Date = 5/26/2008 7:47:46 PM | Attr = HS]
g39.exe -> %SystemRoot%\System32\g39.exe -> [Ver = | Size = 401963 bytes | Modified Date = 5/24/2008 6:39:14 PM | Attr = ]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Modified Date = 5/25/2008 10:05:18 PM | Attr = H ]
hI2 -> %SystemRoot%\System32\hI2 -> [Folder | Modified Date = 5/24/2008 7:52:20 PM | Attr = ]
jjbmnktq.exe -> %SystemRoot%\System32\jjbmnktq.exe -> [Ver = | Size = 2560 bytes | Modified Date = 5/24/2008 6:52:01 PM | Attr = ]
Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 5/27/2008 2:38:30 PM | Attr = ]
lphc762j0eaep.exe -> %SystemRoot%\System32\lphc762j0eaep.exe -> [Ver = | Size = 93184 bytes | Modified Date = 6/2/2008 5:31:36 PM | Attr = ]
lwyestqy.dll -> %SystemRoot%\System32\lwyestqy.dll -> [Ver = | Size = 90960 bytes | Modified Date = 5/24/2008 6:47:46 PM | Attr = ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 59780 bytes | Modified Date = 5/26/2008 7:29:14 PM | Attr = ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 397560 bytes | Modified Date = 5/26/2008 7:29:14 PM | Attr = ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 464860 bytes | Modified Date = 5/26/2008 7:29:13 PM | Attr = ]
phc762j0eaep.bmp -> %SystemRoot%\System32\phc762j0eaep.bmp -> [Ver = | Size = 90838 bytes | Modified Date = 6/4/2008 11:31:43 AM | Attr = ]
vbpdtvdp.exe -> %SystemRoot%\System32\vbpdtvdp.exe -> Microsoft [Ver = 2.34.0799 | Size = 87513 bytes | Modified Date = 5/24/2008 6:38:45 PM | Attr = ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 6/4/2008 11:33:45 AM | Attr = ]
Ycfggfii.ini -> %SystemRoot%\System32\Ycfggfii.ini -> [Ver = | Size = 919094 bytes | Modified Date = 5/26/2008 7:54:15 PM | Attr = HS]
Ycfggfii.ini2 -> %SystemRoot%\System32\Ycfggfii.ini2 -> [Ver = | Size = 919094 bytes | Modified Date = 5/26/2008 7:52:28 PM | Attr = HS]
?dobe -> %SystemRoot%\System32\Αdobe -> [Folder | Modified Date = 7/1/2007 1:41:11 AM | Attr = ]
??pPatch -> %SystemRoot%\System32\ΑрpPatch -> [Folder | Modified Date = 5/25/2008 7:17:46 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/20/2008 4:37:07 PM | Attr = H ]
36 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
accesss.exe -> %SystemRoot%\accesss.exe -> [Ver = | Size = 28416 bytes | Modified Date = 5/28/2008 8:36:29 PM | Attr = ]
astctl32.ocx -> %SystemRoot%\astctl32.ocx -> [Ver = | Size = 26112 bytes | Modified Date = 5/28/2008 8:36:29 PM | Attr = ]
avpcc.dll -> %SystemRoot%\avpcc.dll -> [Ver = | Size = 29696 bytes | Modified Date = 5/28/2008 8:36:29 PM | Attr = ]
BM33d6f161.xml -> %SystemRoot%\BM33d6f161.xml -> [Ver = | Size = 109812 bytes | Modified Date = 6/3/2008 2:49:22 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/4/2008 11:31:33 AM | Attr = S]
clrssn.exe -> %SystemRoot%\clrssn.exe -> [Ver = | Size = 26368 bytes | Modified Date = 5/28/2008 8:36:30 PM | Attr = ]
cpan.dll -> %SystemRoot%\cpan.dll -> [Ver = | Size = 22784 bytes | Modified Date = 5/28/2008 8:36:30 PM | Attr = ]
ctfmon32.exe -> %SystemRoot%\ctfmon32.exe -> [Ver = | Size = 19200 bytes | Modified Date = 5/28/2008 8:36:30 PM | Attr = ]
ctrlpan.dll -> %SystemRoot%\ctrlpan.dll -> [Ver = | Size = 27136 bytes | Modified Date = 5/28/2008 8:36:30 PM | Attr = ]
default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1853 bytes | Modified Date = 6/4/2008 11:33:43 AM | Attr = ]
directx32.exe -> %SystemRoot%\directx32.exe -> [Ver = | Size = 26624 bytes | Modified Date = 5/28/2008 8:36:31 PM | Attr = ]
dnsrelay.dll -> %SystemRoot%\dnsrelay.dll -> [Ver = | Size = 9984 bytes | Modified Date = 5/28/2008 8:36:31 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 5/28/2008 8:02:56 PM | Attr = ]
explore.exe -> %SystemRoot%\explore.exe -> [Ver = | Size = 19968 bytes | Modified Date = 5/28/2008 8:36:31 PM | Attr = ]
explorer32.exe -> %SystemRoot%\explorer32.exe -> [Ver = | Size = 9728 bytes | Modified Date = 5/28/2008 8:36:31 PM | Attr = ]
funniest.exe -> %SystemRoot%\funniest.exe -> [Ver = | Size = 11776 bytes | Modified Date = 5/28/2008 8:36:31 PM | Attr = ]
funny.exe -> %SystemRoot%\funny.exe -> [Ver = | Size = 12032 bytes | Modified Date = 5/28/2008 8:36:32 PM | Attr = ]
gfmnaaa.dll -> %SystemRoot%\gfmnaaa.dll -> [Ver = | Size = 19712 bytes | Modified Date = 5/28/2008 8:36:32 PM | Attr = ]
helpcvs.exe -> %SystemRoot%\helpcvs.exe -> [Ver = | Size = 18432 bytes | Modified Date = 5/28/2008 8:36:32 PM | Attr = ]
inetinf.exe -> %SystemRoot%\inetinf.exe -> [Ver = | Size = 29184 bytes | Modified Date = 5/28/2008 8:36:33 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/27/2008 2:38:30 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/24/2008 6:46:03 PM | Attr = HS]
loader.exe -> %SystemRoot%\loader.exe -> [Ver = | Size = 25856 bytes | Modified Date = 5/28/2008 8:36:33 PM | Attr = ]
mainms.vpi -> %SystemRoot%\mainms.vpi -> [Ver = | Size = 138 bytes | Modified Date = 5/24/2008 6:38:44 PM | Attr = RHS]
msspi.dll -> %SystemRoot%\msspi.dll -> [Ver = | Size = 15104 bytes | Modified Date = 5/28/2008 8:36:33 PM | Attr = ]
mswsc10.dll -> %SystemRoot%\mswsc10.dll -> [Ver = | Size = 19968 bytes | Modified Date = 5/28/2008 8:36:34 PM | Attr = ]
mswsc20.dll -> %SystemRoot%\mswsc20.dll -> [Ver = | Size = 32512 bytes | Modified Date = 5/28/2008 8:36:34 PM | Attr = ]
mtwirl32.dll -> %SystemRoot%\mtwirl32.dll -> [Ver = | Size = 14848 bytes | Modified Date = 5/28/2008 8:36:34 PM | Attr = ]
olehelp.exe -> %SystemRoot%\olehelp.exe -> [Ver = | Size = 27904 bytes | Modified Date = 5/28/2008 8:36:35 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/4/2008 11:40:09 AM | Attr = ]
pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 21 bytes | Modified Date = 6/3/2008 10:40:30 AM | Attr = ]
Q2hhZA -> %SystemRoot%\Q2hhZA -> [Folder | Modified Date = 5/24/2008 7:54:53 PM | Attr = HS]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 6/3/2008 2:49:35 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/3/2008 2:49:35 PM | Attr = H ]
qttasks.exe -> %SystemRoot%\qttasks.exe -> [Ver = | Size = 21248 bytes | Modified Date = 5/28/2008 8:36:35 PM | Attr = ]
Edited by djprofit, 05 June 2008 - 06:05 PM.