Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Think I have company? [CLOSED]


  • This topic is locked This topic is locked

#61
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts

OK this isn't funny anymore...we certainly have a problem. I got clear to the kill processes step..... then wham... a quick flash of a blue screen with really big type and then a reboot to a serious error recovery message.

A dump in the lake for boat anchor is looking better all the time! :)

Tried several times..... always the same result. :)

:) :) ;) :)


No... That's not funny at all.. skip the Kill All Process step and do the rest.. I'll inform the author of the tool about it.. :D

Oh ya... Please do below step before proceed further more..

IMPORTANT!: Please create a fresh Restore Point before proceed with our fix. Please visit this webpage if you do not know how..

Edited by fenzodahl512, 02 August 2008 - 02:38 AM.

  • 0

Advertisements


#62
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
OK great wise and all knowing fenzodahl512 I hope this didn't leave me with a lifeless shell......

Sure seemed like alot to celete.....

here is the log from GVR 4.1:

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\temp\perflib_perfdata_71c.dat
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\system.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\software.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\security.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\security
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\sam.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\sam
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\default.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\default
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\catroot2\tmp.edb
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\catroot2\edb.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\prefetch\layout.ini
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus..
[Location] - G:\.\
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\temp\perflib_perfdata_6a4.dat
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\system.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\software.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\security.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\security
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\sam.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\sam
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\default.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\config\default
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\catroot2\tmp.edb
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\windows\system32\catroot2\edb.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\program files\common files\symantec shared\ccpd-lc\symlcrst.dll
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\networkservice\ntuser.dat.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\networkservice\ntuser.dat
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\localservice\ntuser.dat.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\localservice\ntuser.dat
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\jordyn\local settings\application data\microsoft\windows\usrclass.dat.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\jordyn\local settings\application data\microsoft\windows\usrclass.dat
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\jordyn\ntuser.dat.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\jordyn\ntuser.dat
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\all users\application data\microsoft\search\data\temp\usgthrsvc\perflib_perfdata_5b4.dat
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\tmp.edb
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\mss.log
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\documents and settings\all users\application data\microsoft\dr watson\user.dmp
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Malware Script
[Location] - c:\combofix\localdrive.vbs
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Malware Script
[Location] - c:\combofix\list-c.bat
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Malware Script
[Location] - c:\combofix\find3m.bat
[Action] - Deleted

[8/2/2008][]
[Virus Name] - Maybe Virus
[Location] - c:\19b8d6da1b45e5e8c627\%temp%dd_msxml_retmsi.txt
[Action] - Deleted

I'm once again totally lost...... :)

BTW ..... NO change in task manager...... :)
  • 0

#63
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Erm... something that I must report to the author of the tool... Looks like false positive..


DON'T reboot your computer now..


Please go to c:\windows\system32\config and verify that these files exist..

security
sam
default



If it exist, that's good. If not, please copy these files below from that folder and paste it to your Desktop

security.bak
sam.bak
default.bak



Rename each file to the original name (without .bak extension) (eg: security.bak rename it to security) and then copy/paste it back to its original folder...


Then please restore your computer to the Restore Point that we've just created earlier.. Please visit here if you do not know how..


Then just tell me about it.. I'm thinking of something else :)
  • 0

#64
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Those files still exist..... and in correct folder! At least it does something its supposed to.

It is running ok. just the [bleep] task manager thing.....

I am removing norton and using something different. Still jacked because it wasn't and doesn't work right. besides it hasn't picked up onn anything bad lately. Not since that first scan a couple of weeks ago.
  • 0

#65
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Hello mate.. Well, firstly, as a GeekU, you don't want to use that "bleep" words much here.. Believe me mate :)


Those files still exist..... and in correct folder! At least it does something its supposed to.


You don't know how glad I am to hear that.. :) If those files were missing, we're in big mess.. Have you check these files if present?

c:\documents and settings\networkservice\ntuser.dat
c:\documents and settings\localservice\ntuser.dat
c:\documents and settings\jordyn\ntuser.dat



And I'm doing a deep scan for you to see if we miss anything.. I have a half mind that you're actually clean and wanna send you to the tech forum.. but lets' see what these deep scanners say first ;)


Please download Dr.Web CureIt to the Desktop:
  • Please reboot into Safe Mode
  • Once you are in Safe Mode, double-click the launch.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.



NEXT


Please download ATF Cleaner to your Desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



NEXT


Please download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • At the top, tick on Scan All Users section
  • In the Processes, Services, Drivers and Registry section set on Non-Microsoft.
  • In the Rootkit Search section, set to Yes
  • In the Files Created Within and Files Modified Within section, set it on 30 Days
  • At the bottom, tick on all Non-Microsoft Only and Include All Unicode Names option
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      Reg - ContolSets
      Reg - Security Settings
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.



Please attach me both Dr.Web CureIt! and OTScanIt result here.. Don't post it as it will be too long to fit in one post..



Oh yeah.. I'm not the great wise or the special one.. I don't know everything :)


Regards
fenzodahl512

Edited by fenzodahl512, 02 August 2008 - 06:46 PM.

  • 0

#66
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Wow..... I needed that ....I slept for like forever last night. As for the bleep word :) I don't even recall doing that...OMG! :) SORRY!!

I will do as instructed and get back with you. Its Sunday, family coming over, not sure how much I can get away...... :)
  • 0

#67
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
OK well i've never attached anything to a post before.... well try this! :)

Hear from you later!!!!

Wont let me upload Dr.Web!! Here it is:

psexec.cfexe;C:\ComboFix;Program.PsExec.171;Incurable.Moved.;
ComboFix.exe\327882R2FWJFW\psexec.cfexe;C:\Documents and Settings\Owner\My Documents\Software\ComboFix.exe;Program.PsExec.171;;
ComboFix.exe;C:\Documents and Settings\Owner\My Documents\Software;Archive contains infected objects;Moved.;
JGScreensaver_3.exe;F:\Disk Contents Backup\Disk Contents\Drivers;Adware.Cashon.120;Incurable.Moved.;

Says OTScanit too big..... let me try another post!! :)
  • 0

#68
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Will not attach says file is too big........ will multi post attach I guess!!!!! :) :)

[code=auto:0]OTScanIt logfile created on: 2008-08-03 10:38:46
OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 79.12% Memory free
3.85 Gb Paging File | 3.57 Gb Available in Paging File | 92.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 45.46 Gb Free Space | 61.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 55.90 Gb Total Space | 36.67 Gb Free Space | 65.60% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 426.29 Gb Free Space | 91.53% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAIN
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users

[Processes - Non-Microsoft Only]
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 2008-07-22 20:42:12 | Attr = ]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 2007-07-24 15:17:08 | Attr = ]
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 2006-02-17 10:17:08 | Attr = ]
incdsrv.exe -> %ProgramFiles%\Nero\Nero 7\InCD\InCDsrv.exe -> Nero AG [Ver = 5, 5, 0, 11 | Size = 864816 bytes | Modified Date = 2007-05-07 11:32:40 | Attr = ]
lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.142.1 | Size = 61440 bytes | Modified Date = 2007-01-17 11:20:10 | Attr = ]
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 2006-02-17 10:17:08 | Attr = ]
syncservices.exe -> %ProgramFiles%\Maxtor\Sync\SyncServices.exe -> Seagate Technology LLC [Ver = 4, 0, 3, 1 | Size = 156976 bytes | Modified Date = 2007-09-28 12:24:36 | Attr = ]
nsvclog.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA [Ver = 2, 2, 0, 464 | Size = 61503 bytes | Modified Date = 2006-02-17 10:35:42 | Attr = ]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 2007-09-17 01:07:00 | Attr = ]
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 2007-08-09 02:27:52 | Attr = ]
rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.1.1 | Size = 16270848 bytes | Modified Date = 2006-11-14 04:21:28 | Attr = R ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 2008-06-10 04:27:04 | Attr = ]
incd.exe -> %ProgramFiles%\Nero\Nero 7\InCD\InCD.exe -> Nero AG [Ver = 5, 5, 0, 11 | Size = 1057328 bytes | Modified Date = 2007-05-07 11:32:12 | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 2007-05-08 16:24:20 | Attr = ]
wkufind.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe -> Microsoft® Corporation [Ver = 7.00.0709.0 | Size = 28672 bytes | Modified Date = 2002-07-09 21:45:18 | Attr = ]
syslogin.exe -> %SystemRoot%\system32\FCyberAlert\Syslogin.exe -> InfoWorks Technology Company [Ver = 4.00.0008 | Size = 1671168 bytes | Modified Date = 2008-04-22 12:20:18 | Attr = ]
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 2008-07-30 10:47:56 | Attr = ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 5, 17, 0 | Size = 149040 bytes | Modified Date = 2007-05-07 11:40:06 | Attr = ]
nmindexingservice.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 17, 0 | Size = 271920 bytes | Modified Date = 2007-05-07 11:40:22 | Attr = ]
nmindexstoresvr.exe -> %CommonProgramFiles%\Ahead\Lib\NMIndexStoreSvr.exe -> Nero AG [Ver = 1, 5, 17, 0 | Size = 910896 bytes | Modified Date = 2007-05-07 11:40:26 | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 2008-07-30 10:47:48 | Attr = ]
hpzinw12.exe -> %SystemRoot%\system32\HPZinw12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 61440 bytes | Modified Date = 2004-09-29 12:08:08 | Attr = ]
otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 2008-07-12 09:29:54 | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 2008-07-22 20:42:12 | Attr = ]
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 2007-07-24 15:17:08 | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
(ForcewareWebInterface) Forceware Web Interface [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 2006-02-17 10:17:08 | Attr = ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero 7\InCD\InCDsrv.exe -> Nero AG [Ver = 5, 5, 0, 11 | Size = 864816 bytes | Modified Date = 2007-05-07 11:32:40 | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 2008-07-30 10:47:48 | Attr = ]
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.142.1 | Size = 61440 bytes | Modified Date = 2007-01-17 11:20:10 | Attr = ]
(Maxtor Sync Service) Maxtor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Maxtor\Sync\SyncServices.exe -> Seagate Technology LLC [Ver = 4, 0, 3, 1 | Size = 156976 bytes | Modified Date = 2007-09-28 12:24:36 | Attr = ]
(NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 1, 5, 17, 0 | Size = 271920 bytes | Modified Date = 2007-05-07 11:40:22 | Attr = ]
(nSvcLog) ForceWare user log service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA [Ver = 2, 2, 0, 464 | Size = 61503 bytes | Modified Date = 2006-02-17 10:35:42 | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 2007-09-17 01:07:00 | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 2007-08-09 02:27:52 | Attr = ]
(Symantec RemoteAssist) Symantec RemoteAssist [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\Support Controls\ssrc.exe -> Symantec, Inc. [Ver = 6.9.2894.0 | Size = 394704 bytes | Modified Date = 2008-02-01 18:08:50 | Attr = ]

[Driver Services - Non-Microsoft Only]
(AsIO) AsIO [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AsIO.sys -> [Ver = | Size = 12664 bytes | Modified Date = 2006-10-18 14:12:16 | Attr = R ]
(CamDrL) Logitech QuickCam Pro 3000(CamDrl) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\Camdrl.sys -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 2008-01-29 12:01:28 | Attr = ]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows ® Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 2005-01-07 17:07:18 | Attr = ]
(InCDfs) InCD File System [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\InCDfs.sys -> Nero AG [Ver = 5, 5, 0, 11 | Size = 108592 bytes | Modified Date = 2007-05-07 11:32:26 | Attr = ]
(InCDPass) InCDPass [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDPass.sys -> Nero AG [Ver = 5, 5, 0, 11 | Size = 37040 bytes | Modified Date = 2007-05-07 11:32:32 | Attr = ]
(incdrm) InCD Reader [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDRm.sys -> Nero AG [Ver = 5, 5, 0, 11 | Size = 39472 bytes | Modified Date = 2007-05-07 11:32:36 | Attr = ]
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.Sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5324 built by: WinDDK | Size = 4225920 bytes | Modified Date = 2006-11-15 01:34:40 | Attr = R ]
(JGOGO) JMicron Hot-Plug Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\JGOGO.sys -> JMicron [Ver = 5.0.3790.1 | Size = 6912 bytes | Modified Date = 2006-02-07 06:52:58 | Attr = R ]
(JRAID) JRAID [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\jraid.sys -> JMicron Technology Corp. [Ver = 1.17.05.01 built by: WinDDK | Size = 43648 bytes | Modified Date = 2006-10-29 22:31:58 | Attr = R ]
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\lvusbsta.sys -> File not found
(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %CommonProgramFiles%\Motive\MRENDIS5.sys -> Motive, Inc. [Ver = 503.1658.0 | Size = 18003 bytes | Modified Date = 2004-11-22 11:36:40 | Attr = ]
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ASACPI.sys -> [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Modified Date = 2004-08-12 21:56:20 | Attr = R ]
(MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mxopswd.sys -> Maxtor Corp. [Ver = 1,0,8,0 | Size = 22152 bytes | Modified Date = 2007-05-03 13:37:08 | Attr = ]



(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Modified Date = 2007-09-17 01:07:00 | Attr = ]
(nvata) nvata [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\nvata.sys -> NVIDIA Corporation [Ver = 5.10.2600.0666 built by: WinDDK | Size = 100736 bytes | Modified Date = 2006-04-24 12:52:28 | Attr = R ]
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.03.05023 | Size = 34176 bytes | Modified Date = 2006-02-17 06:28:30 | Attr = R ]
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.00.05023 | Size = 13056 bytes | Modified Date = 2006-02-17 06:28:32 | Attr = R ]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 2007-11-13 05:25:53 | Attr = ]
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 2008-02-18 11:16:24 | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 2008-01-11 22:16:38 | Attr = ]
AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 2008-07-22 20:42:24 | Attr = ]
AsusStartupHelp -> %ProgramFiles%\ASUS\AASP\1.00.17\AsRunHelp.exe [C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe] -> [Ver = | Size = 363008 bytes | Modified Date = 2006-11-14 01:25:40 | Attr = ]
FamilyCyberAlert -> %SystemRoot%\system32\FCyberAlert\Syslogin.exe [C:\WINDOWS\system32\FCyberAlert\syslogin.exe] -> InfoWorks Technology Company [Ver = 4.00.0008 | Size = 1671168 bytes | Modified Date = 2008-04-22 12:20:18 | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 2007-05-08 16:24:20 | Attr = ]
InCD -> %ProgramFiles%\Nero\Nero 7\InCD\InCD.exe [C:\Program Files\Nero\Nero 7\InCD\InCD.exe] -> Nero AG [Ver = 5, 5, 0, 11 | Size = 1057328 bytes | Modified Date = 2007-05-07 11:32:12 | Attr = ]
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 2008-07-30 10:47:56 | Attr = ]
JMB36X Configure -> %SystemRoot%\system32\JMRaidSetup.exe [C:\WINDOWS\system32\JMRaidSetup.exe boot] -> JMicron Technology Corp. [Ver = 1.17.06.03 | Size = 1953792 bytes | Modified Date = 2006-10-30 07:44:18 | Attr = R ]
JMB36X IDE Setup -> %SystemRoot%\JM\JMInsIDE.exe [C:\WINDOWS\JM\JMInsIDE.exe] -> [Ver = | Size = 36864 bytes | Modified Date = 2006-10-30 07:44:18 | Attr = R ]
Microsoft Works Update Detection -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkUFind.exe [C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe] -> Microsoft® Corporation [Ver = 7.00.0709.0 | Size = 28672 bytes | Modified Date = 2002-07-09 21:45:18 | Attr = ]
mxomssmenu -> %ProgramFiles%\Maxtor\OneTouch Status\MaxMenuMgr.exe ["C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"] -> Maxtor Corporation [Ver = 2, 2, 0, 4 | Size = 169264 bytes | Modified Date = 2007-09-06 14:53:40 | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 2007-03-15 21:02:00 | Attr = ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 8491008 bytes | Modified Date = 2007-09-17 01:07:00 | Attr = ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 81920 bytes | Modified Date = 2007-09-17 01:07:00 | Attr = ]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [Ver = | Size = 1626112 bytes | Modified Date = 2007-09-17 01:07:00 | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 2008-05-27 10:50:30 | Attr = ]
RTHDCPL -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.1.1.1 | Size = 16270848 bytes | Modified Date = 2006-11-14 04:21:28 | Attr = R ]
SkyTel -> %SystemRoot%\SkyTel.exe [SkyTel.EXE] -> Realtek Semiconductor Corp. [Ver = 1.0.0.0 | Size = 2879488 bytes | Modified Date = 2006-05-16 05:04:26 | Attr = R ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 2008-06-10 04:27:04 | Attr = ]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL-> Installed = 1 ->
MAPI-> Installed = 1 ->
MSFS-> Installed = 1 ->
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 1, 5, 17, 0 | Size = 149040 bytes | Modified Date = 2007-05-07 11:40:06 | Attr = ]
< Run [HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\] > -> HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 1, 5, 17, 0 | Size = 149040 bytes | Modified Date = 2007-05-07 11:40:06 | Attr = ]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\Exif Launcher S.lnk -> %ProgramFiles%\FinePixViewerS\QuickDCF2.exe -> FUJIFILM Corporation [Ver = 1, 1, 0, 0 | Size = 303104 bytes | Modified Date = 2006-12-04 23:20:18 | Attr = ]
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 2005-05-11 23:23:26 | Attr = ]
< Alyc Startup Folder > -> C:\Documents and Settings\Alyc\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Jordyn Startup Folder > -> C:\Documents and Settings\Jordyn\Start Menu\Programs\Startup ->
< Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup ->
< Tammy Startup Folder > -> C:\Documents and Settings\Tammy\Start Menu\Programs\Startup ->
< Torey Startup Folder > -> C:\Documents and Settings\Torey\Start Menu\Programs\Startup ->
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{fbeb8a05-beee-4442-804e-409d6c4515e9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [CDBurn] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 2007-06-13 05:23:07 | Attr = ]
*MultiFile Done* -> ->
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit ->
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
*MultiFile Done* -> ->
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost ->
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 2007-10-25 22:36:51 | Attr = ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
*MultiFile Done* -> ->
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003] > -> HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 157 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003] > -> HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 157 ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> ->
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup ->
SCSI miniport -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 2004-08-04 07:00:00 | Attr = ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 ->
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable ->
NEC MBR-7 -> -> File not found
NEC MBR-7.4 -> -> File not found
PIONEER CHANGR DRM-1804X -> -> File not found
PIONEER CD-ROM DRM-6324X -> -> File not found
PIONEER CD-ROM DRM-624X -> -> File not found
TORiSAN CD-ROM CDR_C36 -> -> File not found
*MultiFile Done* -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomLITEON_DVD-ROM_LTD163___________________GDHG____\5&ad42fb8&0&0.0.0 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomMemorex_DVD+-RAM_530L_v1________________5M64____\5&ad42fb8&0&0.1.0 ->
< Drives - Autoruns > -> ->
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 2008-05-23 14:18:26 | Attr = ]
autorun.inf [[autorun] | icon = .\mxoicon6.ico | ] -> G:\autorun.inf [ NTFS ] -> [Ver = | Size = 32 bytes | Modified Date = 2007-05-10 08:48:26 | Attr = ]
< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] ->
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] ->
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\Search Page -> [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] ->
HKEY_LOCAL_MACHINE\: Main\\Start Page -> [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] ->
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm[/url] ->
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> [url="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"]http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm[/url] ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\Search Page -> [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[/url] ->
HKEY_CURRENT_USER\: Main\\Start Page -> [url="http://www.msn.com/?wl=true"]http://www.msn.com/?wl=true[/url] ->
HKEY_CURRENT_USER\: ProxyEnable -> 0 ->
HKEY_CURRENT_USER\: ProxyOverride -> *.local ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\\Search Page -> [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[/url] ->
HKEY_USERS\.DEFAULT\: Main\\Start Page -> [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome"]http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome[/url] ->
HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\\Search Page -> [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[/url] ->
HKEY_USERS\S-1-5-18\: Main\\Start Page -> [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome"]http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome[/url] ->
HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\] > -> ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\: Main\\Search Page -> [url="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch[/url] ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\: Main\\Start Page -> [url="http://www.msn.com/?wl=true"]http://www.msn.com/?wl=true[/url] ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\: ProxyEnable -> 0 ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\: ProxyOverride -> *.local ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3323 domain(s) found. ->
26 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\] > -> HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3323 domain(s) found. ->
26 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\] > -> HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr = ]
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 2008-06-10 04:27:02 | Attr = ]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\] > -> HKEY_USERS\S-1-5-21-746137067-839522115-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 2008-06-10 04:27:02 | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 2008-06-10 04:27:02 | Attr = ]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> [url="http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s"]http://activex.microsoft.com/controls/find...=%s&mime=%s[/url] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{07F168D4-8D39-44D0-A5DC-83F26594A0AB} -> (NVIDIA nForce Networking Controller) ->
{405C000A-00C0-4F30-AAEF-65168E3B0440} -> () ->
{74730615-60CB-4D46-9550-68496D44F1A0} -> (1394 Net Adapter) ->
{A0E838D2-29C0

Edited by ScittS, 03 August 2008 - 10:44 AM.

  • 0

#69
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
OK next part:

{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211585209718[MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> 
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniffdlgs.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniffdlgs.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniffdlgs.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ecmldr32.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ecmldr32.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ecmldr32.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\.Owner -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\{644E432F-49D3-41A1-8DD5-E099162EEEC5} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-15 12:49:30 | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-25 09:21:15 | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 2006-03-23 23:37:50 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 772 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> AF 09 52 CF 86 DC 7A 76 BB B3 05 17 4D 9B 99 6A 36 39 37 34 35 63 38 32 00 FD 07 00 84 39 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 9C 57 90 BA 61 D4 74 C7 08 0C A0 69  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> ED 66 71 BE F1 F1 08 FC 0D  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 3A D4 66 9C F0 79  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 94 E8 AF 3E 89 0D A7 B9 E3 F3 C1 AA 11 E8 CF 24  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 50 FE 7A D6 BB F2 C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11604 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 07:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2007-10-18 11:34:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-10-02 17:18:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer| -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer| -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost| -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost| -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server] -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 2006-02-17 10:17:08 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 07:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 2005-05-11 23:23:26 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 2005-05-12 00:40:38 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 225280 bytes | Modified Date = 2005-06-03 09:50:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 40960 bytes | Modified Date = 2005-06-03 09:50:14 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 81920 bytes | Modified Date = 2005-06-03 09:45:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] ->  [Ver = 3, 2, 0,940 | Size = 200704 bytes | Modified Date = 2005-05-10 21:50:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> Hewlett-Packard [Ver = 5.1.0.940 | Size = 1081344 bytes | Modified Date = 2005-05-10 21:07:26 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 172032 bytes | Modified Date = 2005-06-03 10:12:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> Hewlett-Packard [Ver = 2.4 | Size = 151635 bytes | Modified Date = 2005-05-10 21:34:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 458752 bytes | Modified Date = 2005-06-03 09:51:06 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] ->  [Ver = 5.0.0.247 | Size = 417792 bytes | Modified Date = 2005-03-15 15:12:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] ->   [Ver = 5.0.0.247 | Size = 704512 bytes | Modified Date = 2005-03-15 15:17:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 57344 bytes | Modified Date = 2005-06-03 10:06:04 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 2007-07-24 15:17:08 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2007-10-18 11:34:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-10-02 17:18:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.7.1.11 | Size = 20252968 bytes | Modified Date = 2008-07-30 10:47:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> 0 -> 
< ControlSets >

  • 0

#70
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Maybe just one more post!!

HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 2 -> 
< Security Settings > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> 
RpcSs -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-25 23:39:49 | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> %SystemRoot%\system32\qmgr.dll [%systemroot%\system32\qmgr.dll] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11604 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 07:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2007-10-18 11:34:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-10-02 17:18:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer| -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer| -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost| -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost| -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server] -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 2006-02-17 10:17:08 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 07:44:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 2005-05-11 23:23:26 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqste08.exe [C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 204800 bytes | Modified Date = 2005-05-12 00:40:38 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 225280 bytes | Modified Date = 2005-06-03 09:50:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 40960 bytes | Modified Date = 2005-06-03 09:50:14 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hposid01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 81920 bytes | Modified Date = 2005-06-03 09:45:46 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] ->  [Ver = 3, 2, 0,940 | Size = 200704 bytes | Modified Date = 2005-05-10 21:50:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> Hewlett-Packard [Ver = 5.1.0.940 | Size = 1081344 bytes | Modified Date = 2005-05-10 21:07:26 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 172032 bytes | Modified Date = 2005-06-03 10:12:34 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> Hewlett-Packard [Ver = 2.4 | Size = 151635 bytes | Modified Date = 2005-05-10 21:34:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 458752 bytes | Modified Date = 2005-06-03 09:51:06 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] ->  [Ver = 5.0.0.247 | Size = 417792 bytes | Modified Date = 2005-03-15 15:12:10 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe -> %ProgramFiles%\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] ->   [Ver = 5.0.0.247 | Size = 704512 bytes | Modified Date = 2005-03-15 15:17:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> Hewlett-Packard Co. [Ver = 50.0.214.000 | Size = 57344 bytes | Modified Date = 2005-06-03 10:06:04 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 2007-07-24 15:17:08 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 2007-10-18 11:34:02 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 2007-10-02 17:18:24 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.7.1.11 | Size = 20252968 bytes | Modified Date = 2008-07-30 10:47:50 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-04 07:00:00 | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 


[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 2008-07-31 01:07:40 | Attr =	]
BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 211 bytes | Created Date = 2008-07-30 22:05:06 | Attr =	]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Created Date = 2008-07-30 22:04:39 | Attr =	]
cmldr -> %SystemDrive%\cmldr ->  [Ver =  | Size = 260272 bytes | Created Date = 2008-07-30 22:05:03 | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 2008-07-31 00:05:51 | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 2008-07-30 16:06:56 | Attr =	]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 2008-07-30 21:46:05 | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Created Date = 2008-07-30 23:12:12 | Attr =  HS]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 2008-07-17 11:46:35 | Attr =	]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 2008-07-18 10:51:32 | Attr =	]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 2008-07-18 23:04:04 | Attr =	]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 2008-07-19 10:19:13 | Attr =	]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 2008-07-19 16:17:54 | Attr =	]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 2008-07-27 21:16:58 | Attr =	]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 2008-08-01 21:21:44 | Attr =	]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 2008-08-02 00:26:14 | Attr =	]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 2008-08-02 00:29:35 | Attr =	]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 2008-08-02 00:35:14 | Attr =	]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 2008-08-02 00:38:25 | Attr =	]
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 2008-08-02 01:11:03 | Attr =	]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 2008-08-02 05:05:55 | Attr =  H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 2008-08-02 17:52:12 | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 2008-07-17 11:46:35 | Attr =	]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 2008-07-18 10:51:32 | Attr =	]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 2008-07-18 23:04:04 | Attr =	]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 2008-07-19 10:19:13 | Attr =	]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 2008-07-19 16:17:54 | Attr =	]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 2008-07-27 21:16:58 | Attr =	]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 2008-08-01 21:21:44 | Attr =	]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 2008-08-02 00:26:14 | Attr =	]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 2008-08-02 00:29:35 | Attr =	]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 2008-08-02 00:35:14 | Attr =	]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 2008-08-02 00:38:25 | Attr =	]
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 2008-08-02 01:11:03 | Attr =	]
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 2008-08-02 05:05:55 | Attr =  H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 2008-08-02 17:52:12 | Attr =  H ]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Created Date = 2008-07-30 20:55:10 | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 2008-07-27 18:11:34 | Attr =	]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 2008-07-27 18:11:33 | Attr =	]
GeeKz_db.dll -> %SystemRoot%\System32\GeeKz_db.dll ->  [Ver =  | Size = 171008 bytes | Created Date = 2008-08-02 03:01:58 | Attr =	]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Created Date = 2008-07-28 21:20:26 | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 2008-07-19 18:08:32 | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 2008-07-19 18:08:33 | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 2008-07-19 18:08:33 | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 2008-07-30 16:07:29 | Attr =	]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 2008-07-30 22:06:33 | Attr =	]
grep.exe -> %SystemRoot%\grep.exe ->  [Ver =  | Size = 80412 bytes | Created Date = 2008-07-30 22:06:33 | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Created Date = 2008-08-02 03:04:31 | Attr =	]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 2008-07-30 22:06:33 | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Created Date = 2008-07-27 15:31:43 | Attr =	]
PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI ->  [Ver =  | Size = 151 bytes | Created Date = 2008-07-19 18:30:56 | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Created Date = 2008-07-27 21:15:30 | Attr =	]
sed.exe -> %SystemRoot%\sed.exe ->  [Ver =  | Size = 98816 bytes | Created Date = 2008-07-30 22:06:33 | Attr =	]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Created Date = 2008-07-30 22:04:38 | Attr =	]
setupupd -> %SystemRoot%\setupupd ->  [Folder | Created Date = 2008-07-30 22:03:06 | Attr =	]
swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2008-07-30 22:06:33 | Attr =	]
swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008-07-30 22:06:33 | Attr =	]
swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2008-07-30 22:06:33 | Attr =	]
VFind.exe -> %SystemRoot%\VFind.exe ->  [Ver =  | Size = 49152 bytes | Created Date = 2008-07-30 22:06:33 | Attr =	]
zip.exe -> %SystemRoot%\zip.exe ->  [Ver =  | Size = 68096 bytes | Created Date = 2008-07-30 22:06:33 | Attr =	]
Uniblue SpeedUpMyPC Nag.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC Nag.job ->  [Ver =  | Size = 270 bytes | Created Date = 2008-07-21 15:50:53 | Attr =	]
Uniblue SpeedUpMyPC.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC.job ->  [Ver =  | Size = 392 bytes | Created Date = 2008-07-21 15:50:53 | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 2008-07-27 18:11:33 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Created Date = 2008-07-28 17:44:45 | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 2008-07-28 18:25:53 | Attr =	]
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller ->  [Folder | Created Date = 2008-07-17 10:13:27 | Attr =	]
HouseCall 6.6 -> %AppData%\HouseCall 6.6 ->  [Folder | Created Date = 2008-07-21 14:24:07 | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 2008-07-27 18:11:35 | Attr =	]
Mozilla -> %AppData%\Mozilla ->  [Folder | Created Date = 2008-07-27 15:31:36 | Attr =	]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Created Date = 2008-07-28 17:44:41 | Attr =	]
Symantec -> %AppData%\Symantec ->  [Folder | Created Date = 2008-07-29 22:09:37 | Attr =	]
Uniblue -> %AppData%\Uniblue ->  [Folder | Created Date = 2008-07-21 15:50:55 | Attr =	]
Windows Desktop Search -> %AppData%\Windows Desktop Search ->  [Folder | Created Date = 2008-07-28 21:20:46 | Attr =	]
Windows Search -> %AppData%\Windows Search ->  [Folder | Created Date = 2008-07-30 21:49:37 | Attr =	]
Identities -> %UserProfile%\Local Settings\Application Data\Identities ->  [Folder | Created Date = 2008-07-15 17:07:34 | Attr =	]
Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla ->  [Folder | Created Date = 2008-07-27 15:31:36 | Attr =	]
Symantec -> %UserProfile%\Local Settings\Application Data\Symantec ->  [Folder | Created Date = 2008-07-28 20:14:59 | Attr =	]
microsoft -> %AllUsersProfile%\Documents\microsoft ->  [Folder | Created Date = 2008-07-18 10:51:07 | Attr =	]
current.spg -> %UserProfile%\My Documents\current.spg ->  [Ver =  | Size = 2484 bytes | Created Date = 2008-07-21 15:43:42 | Attr =	]
My Received Files -> %UserProfile%\My Documents\My Received Files ->  [Folder | Created Date = 2008-07-17 10:24:56 | Attr =	]
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 580 bytes | Created Date = 2008-07-18 11:07:21 | Attr =	]
My Stationery -> %UserProfile%\My Documents\My Stationery ->  [Folder | Created Date = 2008-07-27 19:59:46 | Attr =	]
Software -> %UserProfile%\My Documents\Software ->  [Folder | Created Date = 2008-07-27 15:27:18 | Attr =	]
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Created Date = 2008-07-27 15:31:33 | Attr =	]
cureit.exe -> %UserProfile%\Desktop\cureit.exe -> Doctor Web, Ltd. [Ver = 4, 44, 0, 0 | Size = 11029408 bytes | Created Date = 2008-08-03 06:42:50 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\cureit.exe:Zone.Identifier
DrWeb.csv -> %UserProfile%\Desktop\DrWeb.csv ->  [Ver =  | Size = 405 bytes | Created Date = 2008-08-03 10:26:20 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 2008-08-03 10:36:25 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Created Date = 2008-08-03 10:35:27 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Windows Search.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk ->  [Ver =  | Size = 1787 bytes | Created Date = 2008-07-28 21:20:33 | Attr =	]
Download Manager -> %CommonProgramFiles%\Download Manager ->  [Folder | Created Date = 2008-07-27 18:11:01 | Attr =	]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller ->  [Folder | Created Date = 2008-07-17 10:13:45 | Attr =	]
ERUNT -> %ProgramFiles%\ERUNT ->  [Folder | Created Date = 2008-08-02 02:59:51 | Attr =	]
iPod -> %ProgramFiles%\iPod ->  [Folder | Created Date = 2008-08-01 21:11:08 | Attr =	]
iTunes -> %ProgramFiles%\iTunes ->  [Folder | Created Date = 2008-08-01 21:11:05 | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 2008-07-27 18:11:33 | Attr =	]
Mozilla Firefox -> %ProgramFiles%\Mozilla Firefox ->  [Folder | Created Date = 2008-07-27 15:31:31 | Attr =	]
QuickTime -> %ProgramFiles%\QuickTime ->  [Folder | Created Date = 2008-08-01 21:10:11 | Attr =	]
Safari -> %ProgramFiles%\Safari ->  [Folder | Created Date = 2008-08-01 20:49:24 | Attr =	]
SpywareBlaster -> %ProgramFiles%\SpywareBlaster ->  [Folder | Created Date = 2008-07-28 17:40:35 | Attr =	]
SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware ->  [Folder | Created Date = 2008-07-28 17:44:42 | Attr =	]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 2008-07-29 15:30:32 | Attr =	]
Windows Desktop Search -> %ProgramFiles%\Windows Desktop Search ->  [Folder | Created Date = 2008-07-28 21:20:27 | Attr =	]
Windows Live -> %ProgramFiles%\Windows Live ->  [Folder | Created Date = 2008-07-17 10:13:41 | Attr =	]

[Files/Folders - Modified Within 30 days]
19b8d6da1b45e5e8c627 -> %SystemDrive%\19b8d6da1b45e5e8c627 ->  [Folder | Modified Date = 2008-08-02 07:10:41 | Attr =	]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 2008-08-01 07:17:49 | Attr =	]
BOOT.BAK -> %SystemDrive%\BOOT.BAK ->  [Ver =  | Size = 211 bytes | Modified Date = 2008-07-30 13:15:40 | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 282 bytes | Modified Date = 2008-08-01 18:44:57 | Attr =	]
cmdcons -> %SystemDrive%\cmdcons ->  [Folder | Modified Date = 2008-07-30 22:05:06 | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 2008-08-02 07:10:40 | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 2008-08-02 00:31:16 | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 2008-07-30 16:06:56 | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2008-07-31 01:03:29 | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 2008-08-02 17:54:11 | Attr =	]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 2008-07-30 23:35:10 | Attr =	]
RECYCLER -> %SystemDrive%\RECYCLER ->  [Folder | Modified Date = 2008-08-01 08:14:50 | Attr =  HS]
sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-07-17 11:46:35 | Attr =	]
sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-07-18 10:51:32 | Attr =	]
sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-07-18 23:04:04 | Attr =	]
sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-07-19 10:19:13 | Attr =	]
sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-07-19 16:17:54 | Attr =	]
sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-07-27 21:16:58 | Attr =	]
sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-08-01 21:21:44 | Attr =	]
sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-08-02 00:26:14 | Attr =	]
sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-08-02 00:29:35 | Attr =	]
sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-08-02 00:35:14 | Attr =	]
sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-08-02 00:38:25 | Attr =	]
sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-08-02 01:11:03 | Attr =	]
sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-08-02 05:05:55 | Attr =  H ]
sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 2008-08-02 17:52:12 | Attr =  H ]
sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-07-17 11:46:35 | Attr =	]
sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-07-18 10:51:32 | Attr =	]
sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-07-18 23:04:04 | Attr =	]
sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-07-19 10:19:13 | Attr =	]
sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-07-19 16:17:54 | Attr =	]
sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-07-27 21:16:58 | Attr =	]
sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-08-01 21:21:44 | Attr =	]
sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-08-02 00:26:14 | Attr =	]
sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-08-02 00:29:35 | Attr =	]
sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-08-02 00:35:14 | Attr =	]
sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-08-02 00:38:25 | Attr =	]
sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-08-02 01:11:03 | Attr =	]
sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-08-02 05:05:55 | Attr =  H ]
sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 2008-08-02 17:52:12 | Attr =  H ]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2008-08-02 05:01:58 | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2008-08-02 17:59:01 | Attr =	]
_OTMoveIt -> %SystemDrive%\_OTMoveIt ->  [Folder | Modified Date = 2008-07-30 20:55:10 | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2008-07-30 22:57:02 | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 2008-07-23 20:09:38 | Attr =	]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 2008-07-23 20:09:44 | Attr =	]
SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT ->  [Ver =  | Size = 10671 bytes | Modified Date = 2008-07-30 08:39:20 | Attr =	]
SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF ->  [Ver =  | Size = 805 bytes | Modified Date = 2008-07-30 08:39:20 | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2008-07-28 21:22:05 | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 2008-08-02 17:52:43 | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2008-07-28 21:20:14 | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2008-08-02 07:40:05 | Attr =	]
DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 2008-08-01 21:09:04 | Attr =	]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 2008-07-28 21:20:30 | Attr =	]
GeeKz_db.dll -> %SystemRoot%\System32\GeeKz_db.dll ->  [Ver =  | Size = 171008 bytes | Modified Date = 2008-08-02 03:01:58 | Attr =	]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Modified Date = 2008-07-28 21:20:26 | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 78508 bytes | Modified Date = 2008-07-28 21:20:32 | Attr =	]

Edited by ScittS, 03 August 2008 - 10:37 AM.

  • 0

Advertisements


#71
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Next part:
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 462558 bytes | Modified Date = 2008-07-28 21:20:32 | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 544106 bytes | Modified Date = 2008-07-28 21:20:32 | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 2008-08-02 05:01:58 | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 2008-07-28 21:20:26 | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13646 bytes | Modified Date = 2008-07-28 21:17:08 | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2008-07-28 21:20:11 | Attr =  H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 2008-07-30 22:08:01 | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 2008-07-18 10:51:19 | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 2008-08-03 10:28:57 | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2008-07-30 16:08:44 | Attr =   S]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 2008-08-02 03:00:29 | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 2008-07-17 10:21:43 | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2008-07-31 13:30:07 | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2008-07-28 21:20:16 | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2008-08-02 07:38:22 | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2008-08-02 07:38:29 | Attr =  HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 2008-07-17 10:27:49 | Attr =	]
Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 2008-08-02 03:16:23 | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 2008-08-03 06:48:18 | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 2008-07-27 15:31:43 | Attr =	]
ODBC.INI -> %SystemRoot%\ODBC.INI ->  [Ver =  | Size = 376 bytes | Modified Date = 2008-07-19 22:15:23 | Attr =	]
PhotoSnapViewer.INI -> %SystemRoot%\PhotoSnapViewer.INI ->  [Ver =  | Size = 151 bytes | Modified Date = 2008-07-22 21:58:15 | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2008-08-03 10:35:58 | Attr =	]
pss -> %SystemRoot%\pss ->  [Folder | Modified Date = 2008-07-27 21:16:50 | Attr =	]
QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 2008-08-01 18:46:56 | Attr =  H ]
setup.pss -> %SystemRoot%\setup.pss ->  [Folder | Modified Date = 2008-07-30 22:04:38 | Attr =	]
setupupd -> %SystemRoot%\setupupd ->  [Folder | Modified Date = 2008-07-30 22:04:05 | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 2008-08-01 18:44:57 | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 2008-08-03 06:46:20 | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2008-07-21 15:50:53 | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 2008-08-03 10:26:48 | Attr =	]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 658 bytes | Modified Date = 2008-08-01 18:44:57 | Attr =	]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 2008-08-01 20:34:00 | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 2008-08-03 10:29:02 | Attr =  H ]
Uniblue SpeedUpMyPC Nag.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC Nag.job ->  [Ver =  | Size = 270 bytes | Modified Date = 2008-07-25 15:21:52 | Attr =	]
Uniblue SpeedUpMyPC.job -> %SystemRoot%\tasks\Uniblue SpeedUpMyPC.job ->  [Ver =  | Size = 392 bytes | Modified Date = 2008-07-21 15:50:53 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 2008-05-23 18:39:39 | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 6714 bytes | Modified Date = 2008-08-03 10:30:20 | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 6714 bytes | Modified Date = 2008-08-03 10:30:21 | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc ->  [Folder | Modified Date = 2008-08-03 10:29:24 | Attr =	]
Perflib_Perfdata_1b4.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_1b4.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 2008-08-03 10:29:24 | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Modified Date = 2008-07-27 18:11:33 | Attr =	]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Modified Date = 2008-07-28 21:20:34 | Attr =	]
SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2008-07-28 17:44:45 | Attr =	]
Symantec -> %AllUsersProfile%\Application Data\Symantec ->  [Folder | Modified Date = 2008-08-02 17:54:12 | Attr =	]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Modified Date = 2008-07-31 01:27:18 | Attr =	]
@Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34
WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller ->  [Folder | Modified Date = 2008-07-17 10:13:27 | Attr =	]
HouseCall 6.6 -> %AppData%\HouseCall 6.6 ->  [Folder | Modified Date = 2008-07-21 17:29:51 | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Modified Date = 2008-07-27 18:11:35 | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 2008-08-01 01:28:25 | Attr =	]
Mozilla -> %AppData%\Mozilla ->  [Folder | Modified Date = 2008-07-27 15:31:37 | Attr =	]
SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com ->  [Folder | Modified Date = 2008-08-01 21:22:51 | Attr =	]
Symantec -> %AppData%\Symantec ->  [Folder | Modified Date = 2008-07-30 08:54:14 | Attr =	]
Uniblue -> %AppData%\Uniblue ->  [Folder | Modified Date = 2008-07-25 15:23:49 | Attr =	]
Windows Desktop Search -> %AppData%\Windows Desktop Search ->  [Folder | Modified Date = 2008-07-28 21:20:46 | Attr =	]
Windows Search -> %AppData%\Windows Search ->  [Folder | Modified Date = 2008-07-30 21:49:37 | Attr =	]
Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Modified Date = 2008-08-01 21:21:59 | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 2008-07-18 10:51:19 | Attr =	]
Axialis -> %UserProfile%\Local Settings\Application Data\Axialis ->  [Folder | Modified Date = 2008-07-30 18:37:18 | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 3712656 bytes | Modified Date = 2008-08-03 10:28:08 | Attr =  H ]
Identities -> %UserProfile%\Local Settings\Application Data\Identities ->  [Folder | Modified Date = 2008-07-15 17:07:34 | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 2008-08-01 01:31:15 | Attr =	]
Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla ->  [Folder | Modified Date = 2008-07-27 15:31:36 | Attr =	]
Symantec -> %UserProfile%\Local Settings\Application Data\Symantec ->  [Folder | Modified Date = 2008-07-28 20:14:59 | Attr =	]
microsoft -> %AllUsersProfile%\Documents\microsoft ->  [Folder | Modified Date = 2008-07-18 10:51:07 | Attr =	]
colters meter trash.xlr -> %UserProfile%\My Documents\colters meter trash.xlr ->  [Ver =  | Size = 30720 bytes | Modified Date = 2008-07-13 13:21:44 | Attr =	]
current.spg -> %UserProfile%\My Documents\current.spg ->  [Ver =  | Size = 2484 bytes | Modified Date = 2008-07-21 15:43:43 | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 2008-07-12 15:28:33 | Attr =	]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2008-08-01 02:35:28 | Attr =	]
My Received Files -> %UserProfile%\My Documents\My Received Files ->  [Folder | Modified Date = 2008-07-17 10:24:56 | Attr =	]
My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 580 bytes | Modified Date = 2008-08-01 18:48:07 | Attr =	]
My Stationery -> %UserProfile%\My Documents\My Stationery ->  [Folder | Modified Date = 2008-07-27 19:59:46 | Attr =	]
Software -> %UserProfile%\My Documents\Software ->  [Folder | Modified Date = 2008-08-03 09:42:14 | Attr =	]
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk ->  [Ver =  | Size = 1602 bytes | Modified Date = 2008-07-27 15:31:33 | Attr =	]
cureit.exe -> %UserProfile%\Desktop\cureit.exe -> Doctor Web, Ltd. [Ver = 4, 44, 0, 0 | Size = 11029408 bytes | Modified Date = 2008-08-03 06:44:20 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\cureit.exe:Zone.Identifier
DrWeb.csv -> %UserProfile%\Desktop\DrWeb.csv ->  [Ver =  | Size = 405 bytes | Modified Date = 2008-08-03 10:26:20 | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 2008-08-03 10:36:25 | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Modified Date = 2008-08-03 10:35:31 | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
Windows Search.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk ->  [Ver =  | Size = 1787 bytes | Modified Date = 2008-07-28 21:20:33 | Attr =	]
Download Manager -> %CommonProgramFiles%\Download Manager ->  [Folder | Modified Date = 2008-07-27 18:11:01 | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 2008-07-18 10:51:06 | Attr =	]
Symantec Shared -> %CommonProgramFiles%\Symantec Shared ->  [Folder | Modified Date = 2008-08-02 17:54:13 | Attr =	]
WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller ->  [Folder | Modified Date = 2008-07-17 10:18:51 | Attr =	]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 120 bytes
C:\Documents and Settings\All Users\Documents\My Music\Lil Bow Wow\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Music\Mannheim Steamroller\Christmas Collection Disc 4\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Music\Mannheim Steamroller\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Music\OutKast\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2003 Events\Alyc's B-Day 2003\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2003 Events\Bobbies Baby Shower 2003\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2003 Events\Dillion James 2003\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2003 Events\Fair 2003\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2003 Events\Fathers Day 2003\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2003 Events\H.S.Christmas Concert 2003\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2003 Events\Mom's Reunion 2003\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2003 Events\Torey's Pizza Party 2003\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2003 Events\X-Mas 2003\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2004 Events\Alyc's B-Day 2004\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2004 Events\Basket ball 2004\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2004 Events\Christmas 2004\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2004 Events\Christmas Concert 2004\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2004 Events\Easter 2004\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2004 Events\Fair 2004\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2004 Events\Green Ridge Fair 2004\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2004 Events\July Party 2004\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2004 Events\Preschool Christmas 2004\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2004 Events\VolleyBall Torey & Malleri 2004\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2005 Events\Alyc's B-Day 2005\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2005 Events\Christmas 2005\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2005 Events\Tanksgiving Preschool 2005\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2006 Events\Alyc's B-Day 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2006 Events\Bobbie & Colter's Wedding 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2006 Events\Christmas 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2006 Events\Christmas Concert 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2006 Events\Community  Appreciation 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2006 Events\Dare Graduation 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2006 Events\Easter Preschool 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2006 Events\Fair 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2006 Events\Family Pics 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2006 Events\First Day of School 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2006 Events\July 4th 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2006 Events\Preschool Graduation 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2006 Events\YearBook Coronation 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2007 Events\Annual Coronation 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2007 Events\Christmas 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2007 Events\Christmas 2007 Jordyn's Camera\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2007 Events\Christmas Concert 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2007 Events\Courtwarming 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2007 Events\Green Ridge Fair 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2008 Events\concert pics 2008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2008 Events\Courtwarming 2008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2008 Events\Dad's Side of Family 2008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2008 Events\monster trucks 2008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2008 Events\Sweet Heart Dance 2008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\2008 Events\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Alyc Misc\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Candy Misc\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Demon Misc\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Doc Misc\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Family Misc\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Field Trips\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Flat Stanly\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Grandma Meyer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Granny Misc\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Jack_Rosie\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Jordyn Misc\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Malleri Misc\Kaysinger Conf. Tourney 2004\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Malleri Misc\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Mary Pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Misc. Pics\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\My Fam\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\RenegadeRail LA Banquet\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Stotts\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Tammy's Projects\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Family & Misc\Torey Misc\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Picture Files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Inbox\153C7E87-00000008.eml:OEStandardProperty 5124 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Inbox\2D12074D-00000005.eml:OEStandardProperty 6076 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Inbox\4DB71547-0000000D.eml:OEStandardProperty 4780 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Inbox\4DC86443-0000000F.eml:OEStandardProperty 6260 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Inbox\507827D8-00000010.eml:OEStandardProperty 5800 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Inbox\54DE39B3-0000000E.eml:OEStandardProperty 5924 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\66455DF4-0000000B.eml:OEStandardProperty 2836 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\03D35E7C-00000007.eml:OEStandardProperty 1332 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\06302F79-00000010.eml:OEStandardProperty 1326 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\09B71659-0000000D.eml:OEStandardProperty 4864 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\0D2E2CFA-0000001C.eml:OEStandardProperty 4332 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\155747F2-00000008.eml:OEStandardProperty 1260 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\1BC3439F-00000011.eml:OEStandardProperty 1326 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\24285021-00000003.eml:OEStandardProperty 1308 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\2AE90C00-00000013.eml:OEStandardProperty 1326 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\2B304F17-00000006.eml:OEStandardProperty 3284 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\2CB331E2-0000001D.eml:OEStandardProperty 1702 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\386302E6-00000019.eml:OEStandardProperty 1440 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\3B6734A0-00000002.eml:OEStandardProperty 1308 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\3B843AF9-0000000F.eml:OEStandardProperty 1326 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\43055926-0000000C.eml:OEStandardProperty 1288 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\47F64C88-00000018.eml:OEStandardProperty 1316 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\49B361A7-00000005.eml:OEStandardProperty 1308 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\4AEA604B-00000015.eml:OEStandardProperty 2432 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\564F4E24-00000012.eml:OEStandardProperty 2138 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\5B636B21-0000000A.eml:OEStandardProperty 2388 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\5BA13801-00000017.eml:OEStandardProperty 3108 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\659203BB-00000001.eml:OEStandardProperty 1308 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\67916B92-00000009.eml:OEStandardProperty 5040 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\6A6B19F0-00000016.eml:OEStandardProperty 3380 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\6ABB25F7-0000001B.eml:OEStandardProperty 1388 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\6FE61593-0000000E.eml:OEStandardProperty 3038 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\70367AC2-0000001E.eml:OEStandardProperty 1392 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\75F97605-00000014.eml:OEStandardProperty 5314 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\76721307-0000001A.eml:OEStandardProperty 1392 bytes
C:\Documents and Settings\Jordyn\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (jo 5c8\Sent items\77F76AE7-00000004.eml:OEStandardProperty 1308 bytes
C:\Documents and Settings\Jordyn\My Documents\My Pictures\Dads Side of the family pics and Jordyns Friend pics 2008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jordyn\My Documents\My Pictures\FinePixViewerS\2007_0215\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jordyn\My Documents\My Pictures\pics of olivia 2008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jordyn\My Documents\My Pictures\school easter pictures 2008\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jordyn\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jordyn\My Documents\My Pictures\volleyball\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Jordyn\My Documents\My Received Files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\Favorites\Bicycle Repair, Bike Repair, Bicycle Tune-Up Guide, Derailleur adjustments and More.url:favicon 3638 bytes
C:\Documents and Settings\Owner\Favorites\CougarNuts.com - Home.url:favicon 1150 bytes
C:\Documents and Settings\Owner\Favorites\NWS Kansas City-Pleasant Hill, MO.url:favicon 822 bytes
C:\Documents and Settings\Owner\Favorites\SpeedGuide.net  TCP Optimizer - Downloads.url:favicon 318 bytes
C:\Documents and Settings\Owner\Favorites\TCCoA.com - Thunderbird & Cougar Club of America.url:favicon 198 bytes
C:\Documents and Settings\Owner\Favorites\Windows Live Hotmail.url:favicon 1406 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (re 43a\Inbox\2EA612DB-00000001.eml:OEStandardProperty 2542 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Hotmail (re 43a\Sent items\305E440D-00000001.eml:OEStandardProperty 1592 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Hugesnet (t a20\Deleted Items\13046BE1-00000002.eml:OEStandardProperty 1666 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Hugesnet (t a20\Deleted Items\56802474-00000001.eml:OEStandardProperty 1548 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\21FB2EEE-00000008.eml:OEStandardProperty 1686 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\01075FED-0000000A.eml:OEStandardProperty 1686 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\03831C69-00000019.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\05881529-00000021.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\080D4D3A-00000022.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\08761E5D-00000014.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\0D8E0EA8-00000005.eml:OEStandardProperty 1686 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\11482E52-0000000D.eml:OEStandardProperty 1744 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\152207E2-00000017.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\16F767DB-00000016.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\188A5B86-0000001B.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\544C171A-0000000E.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\59D55E98-0000001A.eml:OEStandardProperty 1672 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\5A93389B-00000023.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\5C1665EC-00000010.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\5D384E9C-00000020.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\65627D92-00000015.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\6C5E2CC3-00000003.eml:OEStandardProperty 1688 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\6E064A5A-0000001C.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\6FE06ED5-00000009.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\70962193-00000018.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\73DE56AB-0000000C.eml:OEStandardProperty 1642 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\76ED7B0F-00000007.eml:OEStandardProperty 1686 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\7AB45C28-0000000B.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\7CE74BEF-00000011.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\2D580E89-0000001F.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\33401755-00000004.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\3CA93083-0000000F.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\3E7C3A4A-00000006.eml:OEStandardProperty 1686 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\442C76EF-00000013.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\44CE6838-0000001E.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\47517245-0000001D.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Deleted items\4EA1341B-00000012.eml:OEStandardProperty 1684 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Inbox\12383B25-00000009.eml:OEStandardProperty 1440 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Inbox\15B11F37-0000000C.eml:OEStandardProperty 1570 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Inbox\56AA271A-0000000E.eml:OEStandardProperty 1546 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Saved Items\01EB0BB3-00000003.eml:OEStandardProperty 1318 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Saved Items\1AD463CB-00000002.eml:OEStandardProperty 1398 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Saved Items\1E1F6E5D-00000001.eml:OEStandardProperty 1318 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Sent items\030A301C-00000005.eml:OEStandardProperty 1428 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Sent items\0BDB56AE-00000006.eml:OEStandardProperty 1330 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Sent items\260D6B89-00000004.eml:OEStandardProperty 1330 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Sent items\323B2213-00000003.eml:OEStandardProperty 1316 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Sent items\6BFC7F96-00000001.eml:OEStandardProperty 1330 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Live (94cou  d2\Sent items\7FF54E45-00000002.eml:OEStandardProperty 1316 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Saved Items\00E1763E-00000007.eml:OEStandardProperty 2194 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Saved Items\0A355550-00000002.eml:OEStandardProperty 1510 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Saved Items\0EA218FD-00000008.eml:OEStandardProperty 1820 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Saved Items\1C4A642B-00000005.eml:OEStandardProperty 1642 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Saved Items\2C66202F-00000004.eml:OEStandardProperty 1426 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Saved Items\40E73932-00000001.eml:OEStandardProperty 1432 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Saved Items\610935BB-00000003.eml:OEStandardProperty 1432 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Saved Items\67813910-0000000A.eml:OEStandardProperty 1454 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Saved Items\714946DC-00000009.eml:OEStandardProperty 1454 bytes
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Live Mail\Storage Folders\Saved Items\72683511-00000006.eml:OEStandardProperty 1666 bytes
C:\Documents and Settings\Owner\My Documents\Medical Files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Owner\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Torey\My Documents\friend pics-2007\2007_0527\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Torey\My Documents\friend pics-2007\canoe trip\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Torey\My Documents\friend pics-2007\My Pictures\2007_0527\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Torey\My Documents\friend pics-2007\My Pictures\FinePixViewerS\2007_0211\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Torey\My Documents\friend pics-2007\My Pictures\FinePixViewerS\2007_0527\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Torey\My Documents\friend pics-2007\My Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Torey\My Documents\friend pics-2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\Torey\My Documents\misc. pics\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 220

< End of report >

  • 0

#72
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
OK I think thats got it!! I'll look forward to hearing from you!!! :)

Darn I knew I would mess this up......... between the first and second posts should contain the following:

-4804-84F0-E6B85A94C82D} ->	(Windows Mobile-based Device) -> 
{FA4330F6-B9A6-4F59-B7E9-9DCD66F99A57} ->	(Windows Mobile-based Device) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 2007-07-24 15:17:08 | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] ->

Edited by ScittS, 03 August 2008 - 10:51 AM.

  • 0

#73
fenzodahl512

fenzodahl512

  • Malware Removal
  • 9,863 posts
Ok.. That look messy... please upload the OTScanIt log at link below:
http://www.2shared.com/

Then, after you successfully upload it, please copy/paste the link given under Here is your download link: tab..
  • 0

#74
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Sorry dude.....I'm at work! I will do this as soon as I get home in the A.M. :)

Thanks for your patience. :)
  • 0

#75
ScittS

ScittS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Good Morning...... OK here is the link to that file : http://www.2shared.c...c/OTScanIt.html

A few other things i've noticed! :)

1: clock frequently switches to 24hr format. :)
2: The task manager thing. ;)
3:Those ntuser.dat files all have nero video cd file icons. Advanced says.... opens with nero showtime essentials! this cannot be good! :)
4: When I go through my computer and look at jordyn's documents..... its actually not whats in her documents folder... it looks like its been linked to her backup of her folder that I did some time ago on G: drive..... all the files are exactly the same size and everything. It's like i'm asking to see her documents and somehow it has linked to her G: drive folder instead of C:!!! But, if I go to her acct. they differ.! :)

Scott

Edited by ScittS, 04 August 2008 - 07:26 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP