Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop Keeps Freezing..


  • This topic is locked This topic is locked
7 replies to this topic

#1 DiCanio

DiCanio

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 06 August 2008 - 11:30 PM

on startup or just randomly.. it keeps freezing.. it's a miracle ive got this laptop working for more than 10 mins straight..

anyways i did virus scans and they found nothing..

heres my hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:25:05 AM, on 8/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Adobe\Acrobat\Acrotray.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [IBM Warranty Notification] "C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Leafs Insider Communicator.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178728926828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1209745328875
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oncampus.local
O17 - HKLM\Software\..\Telephony: DomainName = oncampus.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = oncampus.local
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Distributed - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\ServerNet.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe

--
End of file - 13943 bytes

BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:13 AM

Posted 17 August 2008 - 07:14 PM

Hello, DiCanio.
:thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
We need to run OTScanIt
Before running a new scan let's clean out the temporary folders.
Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Save the file to your desktop or other location where you can find it back.
Use the Add Reply button and attach the file in your next post.

In your next reply, please include the following:
  • OTScanIt report

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 DiCanio

DiCanio
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 18 August 2008 - 12:40 PM

OTScanIt logfile created on: 8/18/2008 1:37:54 PM

OTScanIt by OldTimer - Version 1.0.16.2	 Folder = C:\Documents and Settings\100350691\Desktop\OTScanIt

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.64% Memory free

3.85 Gb Paging File | 3.32 Gb Available in Paging File | 86.27% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 55.66 Gb Total Space | 22.77 Gb Free Space | 40.91% Space Free | Partition Type: NTFS

Drive D: | 56.13 Gb Total Space | 37.81 Gb Free Space | 67.36% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: UOSL07-C924569F

Current User Name: 100350691

NOT logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user



[Processes - Non-Microsoft Only]

ibmpmsvc.exe -> %SystemRoot%\system32\ibmpmsvc.exe -> Lenovo [Ver = 1.41 | Size = 36392 bytes | Modified Date = 11/1/2006 4:15:38 PM | Attr =	]

ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4142 | Size = 413696 bytes | Modified Date = 9/13/2006 8:43:10 AM | Attr =	]

evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.22 | Size = 434176 bytes | Modified Date = 2/26/2007 5:34:26 PM | Attr =	]

s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10, 5, 1, 8 | Size = 950272 bytes | Modified Date = 2/26/2007 5:26:32 PM | Attr =	]

applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:12 PM | Attr =	]

mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]

residentagent.exe -> %ProgramFiles%\LANDesk\Shared Files\residentAgent.exe -> LANDesk Software, Ltd. [Ver = 8.7.0.23 | Size = 122880 bytes | Modified Date = 1/9/2007 11:03:10 AM | Attr =	]

fsgk32st.exe -> %ProgramFiles%\F-Secure\Anti-Virus\fsgk32st.exe -> F-Secure Corporation [Ver = 1.00.11280 | Size = 36947 bytes | Modified Date = 1/24/2007 11:41:02 AM | Attr =	]

fsgk32.exe -> %ProgramFiles%\F-Secure\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.50.13101.21706 | Size = 350720 bytes | Modified Date = 5/22/2007 1:25:37 PM | Attr =	]

fsma32.exe -> %ProgramFiles%\F-Secure\common\FSMA32.EXE -> F-Secure Corporation [Ver = 7.10.9541  | Size = 98354 bytes | Modified Date = 12/5/2006 9:22:32 AM | Attr =	]

localsch.exe -> %ProgramFiles%\LANDesk\LDClient\LocalSch.EXE -> LANDesk Software, Ltd. [Ver = 8.70.5.5   | Size = 86016 bytes | Modified Date = 8/14/2006 7:37:32 AM | Attr =	]

fsmb32.exe -> %ProgramFiles%\F-Secure\common\FSMB32.EXE -> F-Secure Corporation [Ver = 7.10.9541  | Size = 225330 bytes | Modified Date = 12/5/2006 9:22:32 AM | Attr =	]

pds.exe -> %SystemRoot%\system32\cba\pds.exe -> LANDesk Software Ltd. [Ver = 6.12.0.144 E | Size = 32819 bytes | Modified Date = 6/5/2006 12:49:26 PM | Attr =	]

tmcsvc.exe -> %ProgramFiles%\LANDesk\LDClient\tmcsvc.exe -> LANDesk Software, Ltd. [Ver = 8.70.6.1  | Size = 114688 bytes | Modified Date = 1/5/2007 8:18:24 AM | Attr =	]

fch32.exe -> %ProgramFiles%\F-Secure\common\FCH32.EXE -> F-Secure Corporation [Ver = 7.10.9541  | Size = 118833 bytes | Modified Date = 12/5/2006 9:22:32 AM | Attr =	]

issuser.exe -> %ProgramFiles%\LANDesk\LDClient\issuser.exe -> LANDesk Software, Ltd. [Ver = 8.70.7.7	| Size = 354816 bytes | Modified Date = 5/1/2007 6:32:40 AM | Attr =	]

ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4142 | Size = 413696 bytes | Modified Date = 9/13/2006 8:43:10 AM | Attr =	]

rcgui.exe -> %ProgramFiles%\LANDesk\LDClient\rcgui.exe -> LANDesk Software, Ltd. [Ver = 8.70.5.29   | Size = 225280 bytes | Modified Date = 3/12/2007 8:40:36 AM | Attr =	]

collector.exe -> %ProgramFiles%\LANDesk\LDClient\collector.exe -> LANDesk Software, Ltd. [Ver = 8.70.7.3   | Size = 237568 bytes | Modified Date = 4/13/2007 7:01:28 AM | Attr =	]

fameh32.exe -> %ProgramFiles%\F-Secure\common\FAMEH32.EXE -> F-Secure Corporation [Ver = 7.10.9541  | Size = 385024 bytes | Modified Date = 12/5/2006 9:22:32 AM | Attr =	]

fsqh.exe -> %ProgramFiles%\F-Secure\Anti-Virus\fsqh.exe -> F-Secure Corporation [Ver = 6.00.100  | Size = 36928 bytes | Modified Date = 1/24/2007 11:41:02 AM | Attr =	]

regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.6  | Size = 327680 bytes | Modified Date = 2/26/2007 5:19:32 PM | Attr =	]

softmon.exe -> %ProgramFiles%\LANDesk\LDClient\SoftMon.exe -> LANDesk Software, Ltd. [Ver = 8.70.7.8   | Size = 266240 bytes | Modified Date = 4/27/2007 5:53:44 AM | Attr =	]

suservice.exe -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 2/12/2007 2:35:42 AM | Attr =	]

tvt_reg_monitor_svc.exe -> %CommonProgramFiles%\Lenovo\tvt_reg_monitor_svc.exe -> Lenovo Group Limited [Ver = 1.20.0111.00 | Size = 644672 bytes | Modified Date = 2/8/2007 12:48:14 PM | Attr =	]

tphdexlg.exe -> %SystemRoot%\system32\TPHDEXLG.exe -> Lenovo. [Ver = 1.52.0.7 | Size = 37680 bytes | Modified Date = 3/2/2007 5:49:00 PM | Attr =	]

tpkmpsvc.exe -> %SystemRoot%\system32\TpKmpSvc.exe ->  [Ver =  | Size = 32768 bytes | Modified Date = 6/6/2005 9:26:22 PM | Attr =	]

rrpservice.exe -> %ProgramFiles%\Lenovo\Rescue and Recovery\rrpservice.exe ->  [Ver = 4,0,123,0 | Size = 569344 bytes | Modified Date = 2/8/2007 1:11:32 PM | Attr =	]

rrservice.exe -> %ProgramFiles%\Lenovo\Rescue and Recovery\rrservice.exe -> Lenovo Group Limited [Ver = 4,0,123,0 | Size = 950272 bytes | Modified Date = 2/8/2007 1:09:58 PM | Attr =	]

tvtsched.exe -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,112,0 | Size = 1118208 bytes | Modified Date = 2/8/2007 1:19:36 PM | Attr =	]

iuservice.exe -> %ProgramFiles%\Lenovo\Rescue and Recovery\ADM\IUService.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 2/8/2007 11:40:16 AM | Attr =	]

webupdatesvc.exe -> %SystemRoot%\system32\WebUpdateSvc.exe -> Data Perceptions / PowerProgrammer [Ver = 3, 0, 0, 21 | Size = 270336 bytes | Modified Date = 4/20/2006 10:01:38 AM | Attr =	]

logmon.exe -> %CommonProgramFiles%\Lenovo\Logger\logmon.exe ->  [Ver =  | Size = 22016 bytes | Modified Date = 2/8/2007 1:00:06 PM | Attr =	]

fsdfwd.exe -> %ProgramFiles%\F-Secure\FWES\program\fsdfwd.exe -> F-Secure Corporation [Ver = 6.14.29 | Size = 344064 bytes | Modified Date = 12/21/2006 9:51:20 AM | Attr =	]

fssm32.exe -> %ProgramFiles%\F-Secure\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.50.13101.21706 | Size = 408064 bytes | Modified Date = 5/22/2007 1:25:37 PM | Attr =	]

fsaua.exe -> %ProgramFiles%\F-Secure\FSAUA\program\fsaua.exe -> F-Secure Corporation [Ver = 8.10.251  | Size = 417792 bytes | Modified Date = 1/17/2007 6:59:00 AM | Attr =	]

fnrb32.exe -> %ProgramFiles%\F-Secure\common\FNRB32.exe -> F-Secure Corporation [Ver = 7.10.9541  | Size = 151602 bytes | Modified Date = 12/5/2006 9:26:28 AM | Attr =	]

fih32.exe -> %ProgramFiles%\F-Secure\common\FIH32.exe -> F-Secure Corporation [Ver = 7.10.9541  | Size = 94257 bytes | Modified Date = 12/5/2006 9:26:28 AM | Attr =	]

syntplpr.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 110592 bytes | Modified Date = 2/14/2006 2:17:28 PM | Attr =	]

syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 512000 bytes | Modified Date = 2/14/2006 2:16:28 PM | Attr =	]

scheduler_proxy.exe -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe -> Lenovo Group Limited [Ver = 4,0,112,0 | Size = 536576 bytes | Modified Date = 2/8/2007 1:19:44 PM | Attr =	]

tpshocks.exe -> %SystemRoot%\system32\TpShocks.exe -> Lenovo. [Ver = 1.52.0.2 | Size = 181808 bytes | Modified Date = 3/29/2007 6:40:48 PM | Attr =	]

ezejmnap.exe -> %ProgramFiles%\ThinkPad\Utilities\EZEJMNAP.EXE -> Lenovo Group Limited [Ver = 1, 0, 0, 0 | Size = 243248 bytes | Modified Date = 11/29/2006 2:30:00 AM | Attr =	]

tphkmgr.exe -> %ProgramFiles%\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ->  [Ver =  | Size = 94208 bytes | Modified Date = 10/2/2006 10:19:48 AM | Attr =	]

smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 5/20/2005 9:11:06 AM | Attr =	]

tponscr.exe -> %ProgramFiles%\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe ->  [Ver =  | Size = 77824 bytes | Modified Date = 7/5/2005 2:57:12 PM | Attr =	]

tpscrex.exe -> %ProgramFiles%\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe -> Lenovo Group Limited [Ver = 1.17 | Size = 86016 bytes | Modified Date = 5/30/2006 3:05:42 PM | Attr =	]

lpmgr.exe -> %ProgramFiles%\ThinkVantage\PrdCtr\LPMGR.EXE -> Lenovo Group Limited [Ver = 1, 0, 0, 2 | Size = 120368 bytes | Modified Date = 3/23/2007 2:02:00 AM | Attr =	]

fsm32.exe -> %ProgramFiles%\F-Secure\common\FSM32.EXE -> F-Secure Corporation [Ver = 7.10.9541  | Size = 176177 bytes | Modified Date = 12/5/2006 9:22:32 AM | Attr =	]

acrotray.exe -> %ProgramFiles%\Adobe\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 10/22/2006 11:24:02 PM | Attr =	]

sdclientmonitor.exe -> %ProgramFiles%\LANDesk\LDClient\WebPortal\SDClientMonitor.exe -> LANDesk Software, Ltd. [Ver = 8.70.6.3  | Size = 258048 bytes | Modified Date = 11/1/2006 8:06:20 AM | Attr =	]

ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 7/30/2008 10:47:56 AM | Attr =	]

fsav32.exe -> %ProgramFiles%\F-Secure\Anti-Virus\fsav32.exe -> F-Secure Corporation [Ver = 7.10.12490 | Size = 305152 bytes | Modified Date = 1/24/2007 11:41:02 AM | Attr =	]

ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 7/30/2008 10:47:48 AM | Attr =	]

fsguidll.exe -> %ProgramFiles%\F-Secure\FSGUI\fsguidll.exe -> F-Secure Corporation [Ver = 6, 76, 1090, 0 | Size = 438272 bytes | Modified Date = 1/8/2007 3:10:26 PM | Attr =	]

fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 6/26/2007 11:08:46 AM | Attr =	]

firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.14: 2008040413 | Size = 7660656 bytes | Modified Date = 4/7/2008 2:58:47 AM | Attr =	]

otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple Inc. [Ver = 2.1.29.0 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:12 PM | Attr =	]

(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4142 | Size = 413696 bytes | Modified Date = 9/13/2006 8:43:10 AM | Attr =	]

(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]

(CBA8) LANDesk(R) Management Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\LANDesk\Shared Files\residentAgent.exe -> LANDesk Software, Ltd. [Ver = 8.7.0.23 | Size = 122880 bytes | Modified Date = 1/9/2007 11:03:10 AM | Attr =	]

(Distributed) Distributed [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Microsoft Shared\MSINFO\ServerNet.exe -> File not found

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

(EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.22 | Size = 434176 bytes | Modified Date = 2/26/2007 5:34:26 PM | Attr =	]

(F-Secure Gatekeeper Handler Starter) FSGKHS [Win32_Own | Auto | Running] -> %ProgramFiles%\F-Secure\Anti-Virus\fsgk32st.exe -> F-Secure Corporation [Ver = 1.00.11280 | Size = 36947 bytes | Modified Date = 1/24/2007 11:41:02 AM | Attr =	]

(F-Secure Network Request Broker) F-Secure Network Request Broker [Win32_Own | On_Demand | Running] -> %ProgramFiles%\F-Secure\common\FNRB32.exe -> F-Secure Corporation [Ver = 7.10.9541  | Size = 151602 bytes | Modified Date = 12/5/2006 9:26:28 AM | Attr =	]

(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 6/26/2007 11:08:46 AM | Attr =	]

(FSAUA) F-Secure Automatic Update Agent [Win32_Own | On_Demand | Running] -> %ProgramFiles%\F-Secure\FSAUA\program\fsaua.exe -> F-Secure Corporation [Ver = 8.10.251  | Size = 417792 bytes | Modified Date = 1/17/2007 6:59:00 AM | Attr =	]

(FSDFWD) F-Secure Anti-Virus Firewall Daemon [Win32_Own | On_Demand | Running] -> %ProgramFiles%\F-Secure\FWES\program\fsdfwd.exe -> F-Secure Corporation [Ver = 6.14.29 | Size = 344064 bytes | Modified Date = 12/21/2006 9:51:20 AM | Attr =	]

(FSMA) F-Secure Management Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\F-Secure\common\FSMA32.EXE -> F-Secure Corporation [Ver = 7.10.9541  | Size = 98354 bytes | Modified Date = 12/5/2006 9:22:32 AM | Attr =	]

(IBMPMSVC) ThinkPad PM Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ibmpmsvc.exe -> Lenovo [Ver = 1.41 | Size = 36392 bytes | Modified Date = 11/1/2006 4:15:38 PM | Attr =	]

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =	]

(Intel Local Scheduler Service) Intel Local Scheduler Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LANDesk\LDClient\LocalSch.EXE -> LANDesk Software, Ltd. [Ver = 8.70.5.5   | Size = 86016 bytes | Modified Date = 8/14/2006 7:37:32 AM | Attr =	]

(Intel PDS) Intel PDS [Win32_Own | Auto | Running] -> %SystemRoot%\system32\cba\pds.exe -> LANDesk Software Ltd. [Ver = 6.12.0.144 E | Size = 32819 bytes | Modified Date = 6/5/2006 12:49:26 PM | Attr =	]

(Intel Targeted Multicast) LANDesk Targeted Multicast [Win32_Own | Auto | Running] -> %ProgramFiles%\LANDesk\LDClient\tmcsvc.exe -> LANDesk Software, Ltd. [Ver = 8.70.6.1  | Size = 114688 bytes | Modified Date = 1/5/2007 8:18:24 AM | Attr =	]

(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.7.1.11 | Size = 532264 bytes | Modified Date = 7/30/2008 10:47:48 AM | Attr =	]

(ISSUSER) LANDesk Remote Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LANDesk\LDClient\issuser.exe -> LANDesk Software, Ltd. [Ver = 8.70.7.7	| Size = 354816 bytes | Modified Date = 5/1/2007 6:32:40 AM | Attr =	]

(RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.6  | Size = 327680 bytes | Modified Date = 2/26/2007 5:19:32 PM | Attr =	]

(S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation  [Ver = 10, 5, 1, 8 | Size = 950272 bytes | Modified Date = 2/26/2007 5:26:32 PM | Attr =	]

(Softmon) LANDesk(R) Software Monitoring Service [Win32_Own | Auto | Running] -> %ProgramFiles%\LANDesk\LDClient\SoftMon.exe -> LANDesk Software, Ltd. [Ver = 8.70.7.8   | Size = 266240 bytes | Modified Date = 4/27/2007 5:53:44 AM | Attr =	]

(SUService) System Update [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\System Update\SUService.exe -> Lenovo Group Limited [Ver = 3.0.23.0 | Size = 13312 bytes | Modified Date = 2/12/2007 2:35:42 AM | Attr =	]

(ThinkVantage Registry Monitor Service) ThinkVantage Registry Monitor Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Lenovo\tvt_reg_monitor_svc.exe -> Lenovo Group Limited [Ver = 1.20.0111.00 | Size = 644672 bytes | Modified Date = 2/8/2007 12:48:14 PM | Attr =	]

(TPHDEXLGSVC) ThinkPad HDD APS Logging Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\TPHDEXLG.exe -> Lenovo. [Ver = 1.52.0.7 | Size = 37680 bytes | Modified Date = 3/2/2007 5:49:00 PM | Attr =	]

(TpKmpSVC) IBM KCU Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\TpKmpSvc.exe ->  [Ver =  | Size = 32768 bytes | Modified Date = 6/6/2005 9:26:22 PM | Attr =	]

(TVT Backup Protection Service) TVT Backup Protection Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\Rescue and Recovery\rrpservice.exe ->  [Ver = 4,0,123,0 | Size = 569344 bytes | Modified Date = 2/8/2007 1:11:32 PM | Attr =	]

(TVT Backup Service) TVT Backup Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\Rescue and Recovery\rrservice.exe -> Lenovo Group Limited [Ver = 4,0,123,0 | Size = 950272 bytes | Modified Date = 2/8/2007 1:09:58 PM | Attr =	]

(TVT Scheduler) TVT Scheduler [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Lenovo\Scheduler\tvtsched.exe -> Lenovo Group Limited [Ver = 4,0,112,0 | Size = 1118208 bytes | Modified Date = 2/8/2007 1:19:36 PM | Attr =	]

(tvtnetwk) tvtnetwk [Win32_Own | Auto | Running] -> %ProgramFiles%\Lenovo\Rescue and Recovery\ADM\IUService.exe ->  [Ver =  | Size = 45056 bytes | Modified Date = 2/8/2007 11:40:16 AM | Attr =	]

(WebUpdate) Web Update Service by PowerProgrammer [Win32_Own | Auto | Running] -> %SystemRoot%\system32\WebUpdateSvc.exe -> Data Perceptions / PowerProgrammer [Ver = 3, 0, 0, 21 | Size = 270336 bytes | Modified Date = 4/20/2006 10:01:38 AM | Attr =	]



[Driver Services - Non-Microsoft Only]

(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ADIHdAud.sys -> Analog Devices, Inc. [Ver = 5.10.01.4326 built by: WinDDK | Size = 178688 bytes | Modified Date = 6/20/2006 11:56:48 AM | Attr =	]

(AEAudioService) AEAudio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.2.32.5 | Size = 93952 bytes | Modified Date = 8/7/2006 7:57:30 AM | Attr =	]

(AegisP) AEGIS Protocol (IEEE 802.1x) v3.6.0.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.6.0.0 | Size = 21425 bytes | Modified Date = 5/9/2007 2:26:56 PM | Attr =	]

(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6635 | Size = 1724416 bytes | Modified Date = 9/13/2006 8:49:52 AM | Attr =	]

(atmeltpm) atmeltpm [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\atmeltpm.sys -> Atmel, Inc. [Ver = 3.0.0.15 built by: WinDDK | Size = 15872 bytes | Modified Date = 5/17/2005 10:20:06 AM | Attr =	]

(b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\b57xp32.sys -> Broadcom Corporation [Ver = 9.25.0.0 built by: WinDDK | Size = 152064 bytes | Modified Date = 3/9/2006 5:20:10 PM | Attr =	]

(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

(dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

(dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e1e5132.sys -> Intel Corporation [Ver = 9.6.31.1 built by: WinDDK | Size = 246680 bytes | Modified Date = 1/12/2007 3:05:58 PM | Attr =	]

(F-Secure Filter) F-Secure File System Filter [Kernel | Disabled | Stopped] -> %ProgramFiles%\F-Secure\Anti-Virus\win2k\fsfilter.sys ->  [Ver =  | Size = 33024 bytes | Modified Date = 1/24/2007 11:41:02 AM | Attr =	]

(F-Secure Gatekeeper) F-Secure Gatekeeper [Kernel | On_Demand | Running] -> %ProgramFiles%\F-Secure\Anti-Virus\minifilter\fsgk.sys ->  [Ver =  | Size = 51712 bytes | Modified Date = 1/24/2007 11:41:02 AM | Attr =	]

(F-Secure Recognizer) F-Secure File System Recognizer [Kernel | Disabled | Stopped] -> %ProgramFiles%\F-Secure\Anti-Virus\win2k\fsrec.sys ->  [Ver =  | Size = 18432 bytes | Modified Date = 1/24/2007 11:41:02 AM | Attr =	]

(FSFW) F-Secure Firewall Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\fsdfw.sys -> F-Secure Corporation [Ver = 6.14.29 | Size = 50240 bytes | Modified Date = 12/21/2006 9:51:20 AM | Attr =	]

(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr =	]

(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr =	]

(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWAZL.sys -> Conexant Systems, Inc. [Ver = 7.56.00 built by: WinDDK | Size = 208384 bytes | Modified Date = 8/28/2006 10:11:00 PM | Attr =	]

(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.sys -> Conexant Systems, Inc. [Ver = 7.56.00 built by: WinDDK | Size = 990592 bytes | Modified Date = 8/28/2006 10:12:00 PM | Attr =	]

(iastor) Intel AHCI Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\iaStor.sys -> Intel Corporation [Ver = 5.5.2.1003 | Size = 874624 bytes | Modified Date = 3/21/2007 1:51:49 PM | Attr =	]

(IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ibmpmdrv.sys -> Lenovo. [Ver = 1.41 | Size = 20016 bytes | Modified Date = 11/1/2006 4:15:22 PM | Attr =	]

(ldblank) Screen Blanking driver for Remote Control [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ldblank.sys -> LANDesk Software, Ltd. [Ver = 8.6 built by: WinDDK | Size = 11904 bytes | Modified Date = 7/1/2005 5:48:34 PM | Attr =	]

(ldmirror) ldmirror [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ldmirror.sys -> LANDesk Software, Ltd. [Ver = 8.6 built by: WinDDK | Size = 3328 bytes | Modified Date = 7/1/2005 5:48:34 PM | Attr =	]

(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.012 | Size = 12672 bytes | Modified Date = 6/18/2006 10:26:00 PM | Attr =	]

(mirrorflt) Mirror Filter Driver for Uninstall [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mirrorflt.sys -> LANDesk Software, Ltd. [Ver = 8.6 built by: WinDDK | Size = 3712 bytes | Modified Date = 7/1/2005 5:48:34 PM | Attr =	]

(NETw3x32) Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows XP 32 Bit [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NETw3x32.sys -> Intel® Corporation [Ver = 10, 5, 1, 89 | Size = 1783936 bytes | Modified Date = 2/27/2007 11:43:42 PM | Attr =	]

(NSCIRDA) NSC Infrared Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nscirda.sys -> National Semiconductor Corporation [Ver = 5,02,00,011 (xpsp_sp2_rtm.040803-2158) | Size = 28672 bytes | Modified Date = 8/3/2004 11:00:52 PM | Attr =	]

(psadd) Lenovo Parties Service Access Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\psadd.sys -> Lenovo (United States) Inc. [Ver = 6.1.1008.0 | Size = 28224 bytes | Modified Date = 9/13/2006 1:42:18 AM | Attr =	]

(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 2/20/2008 10:05:38 PM | Attr =	]

(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> Intel Corporation [Ver = 10.5.1.0   | Size = 12544 bytes | Modified Date = 2/26/2007 5:24:30 PM | Attr =	]

(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys ->  [Ver =  | Size = 27440 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

(Shockprf) Shockprf [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ApsX86.sys -> Lenovo. [Ver = 1.52.0.7 | Size = 100656 bytes | Modified Date = 3/2/2007 5:49:00 PM | Attr =	]

(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 177664 bytes | Modified Date = 2/14/2006 2:04:58 PM | Attr =	]

(TDSMAPI) TDSMAPI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\TDSMAPI.SYS ->  [Ver =  | Size = 9343 bytes | Modified Date = 10/2/2006 1:55:00 AM | Attr =	]

(TPDIGIMN) TPDIGIMN [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ApsHM86.sys -> Lenovo. [Ver = 1.52.0.7 built by: WinDDK | Size = 19760 bytes | Modified Date = 3/2/2007 5:47:00 PM | Attr =	]

(tpflhlp) tpflhlp [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Lenovo\System Update\session\7cuj19us\tpflhlp.sys -> Lenovo Group Limited [Ver = 1.00 built by: WinDDK | Size = 13616 bytes | Modified Date = 4/9/2007 6:51:48 PM | Attr =	]

(TPHKDRV) TPHKDRV [Kernel | System | Running] -> %SystemRoot%\System32\drivers\TPHKDRV.sys -> IBM Corporation [Ver = 3.00 | Size = 17699 bytes | Modified Date = 7/5/2005 2:57:06 PM | Attr =	]

(TPPWRIF) TPPWRIF [Kernel | System | Running] -> %SystemRoot%\system32\drivers\TPPWRIF.SYS ->  [Ver =  | Size = 4442 bytes | Modified Date = 12/20/2006 1:14:00 AM | Attr =	]

(TSMAPIP) TSMAPIP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\TSMAPIP.SYS ->  [Ver =  | Size = 7168 bytes | Modified Date = 1/10/2007 2:56:00 AM | Attr =	]

(tvtfilter) tvtfilter [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\tvtfilter.sys -> Lenovo [Ver = 4.10 built by: WinDDK | Size = 33536 bytes | Modified Date = 5/25/2007 1:37:58 PM | Attr =	]

(TVTI2C) Lenovo SM bus driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tvti2c.sys -> Lenovo (United States) Inc. [Ver = 6.5.1008.0 built by: WinDDK | Size = 35264 bytes | Modified Date = 9/13/2006 12:42:44 PM | Attr =	]

(TVTPktFilter) TVT Packet Filter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tvtpktfilter.sys -> Lenovo Group Limited [Ver = 1.00.00.003 | Size = 17664 bytes | Modified Date = 2/8/2007 12:30:28 PM | Attr =	]

(VMnetAdapter) VMware Virtual Ethernet Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\vmnetadapter.sys -> File not found

(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.56.00 built by: WinDDK | Size = 728576 bytes | Modified Date = 8/28/2006 10:10:00 PM | Attr =	]



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

 ->  [] -> File not found

Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat\acrotray.exe ["C:\Program Files\Adobe\Acrobat\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 10/22/2006 11:24:02 PM | Attr =	]

AppleSyncNotifier -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> Apple Inc. [Ver = 1, 0, 0, 9 | Size = 116040 bytes | Modified Date = 7/22/2008 8:42:24 PM | Attr =	]

BLOG -> %ProgramFiles%\ThinkPad\Utilities\BATLOGEX.DLL [rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog] ->  [Ver =  | Size = 208896 bytes | Modified Date = 12/20/2006 1:14:00 AM | Attr =	]

EZEJMNAP -> %ProgramFiles%\ThinkPad\Utilities\EZEJMNAP.EXE [C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe] -> Lenovo Group Limited [Ver = 1, 0, 0, 0 | Size = 243248 bytes | Modified Date = 11/29/2006 2:30:00 AM | Attr =	]

F-Secure Manager -> %ProgramFiles%\F-Secure\common\FSM32.EXE ["C:\Program Files\F-Secure\Common\FSM32.EXE" /splash] -> F-Secure Corporation [Ver = 7.10.9541  | Size = 176177 bytes | Modified Date = 12/5/2006 9:22:32 AM | Attr =	]

F-Secure TNB -> %ProgramFiles%\F-Secure\FSGUI\tnbutil.exe ["C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW] -> F-Secure Corporation [Ver = 1.09.5230 | Size = 724992 bytes | Modified Date = 1/8/2007 3:10:26 PM | Attr =	]

IBM Warranty Notification -> %ProgramFiles%\IBM\acp\ERTS0749\ERTS0749.exe ["C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro"] -> IBM Corporation [Ver = 1, 0, 0, 3 | Size = 106496 bytes | Modified Date = 3/12/2004 6:24:58 PM | Attr =	]

IntelAPMClient -> %ProgramFiles%\LANDesk\LDClient\AMCLIENT.EXE ["C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart] -> LANDesk Software, Ltd. [Ver = 8.70.7.3   | Size = 327680 bytes | Modified Date = 3/30/2007 5:56:12 AM | Attr =	]

ISUSPM Startup -> %SystemDrive%\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> File not found

ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> File not found

iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.7.1.11 | Size = 289064 bytes | Modified Date = 7/30/2008 10:47:56 AM | Attr =	]

LPManager -> %ProgramFiles%\ThinkVantage\PrdCtr\LPMGR.EXE [C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe] -> Lenovo Group Limited [Ver = 1, 0, 0, 2 | Size = 120368 bytes | Modified Date = 3/23/2007 2:02:00 AM | Attr =	]

PWRMGRTR -> %ProgramFiles%\ThinkPad\Utilities\PWRMGRTR.DLL [rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor] -> Lenovo Group Limited [Ver = 1, 0, 0, 0 | Size = 159744 bytes | Modified Date = 12/20/2006 1:14:00 AM | Attr =	]

QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr =	]

SDClientMonitor -> %ProgramFiles%\LANDesk\LDClient\WebPortal\SDClientMonitor.exe ["C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"] -> LANDesk Software, Ltd. [Ver = 8.70.6.3  | Size = 258048 bytes | Modified Date = 11/1/2006 8:06:20 AM | Attr =	]

SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe [C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray] -> Analog Devices, Inc. [Ver = 5, 2, 0, 8 | Size = 716800 bytes | Modified Date = 5/6/2005 3:06:12 PM | Attr =	]

SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> Analog Devices, Inc. [Ver = 6, 0, 0, 20 | Size = 925696 bytes | Modified Date = 5/20/2005 9:11:06 AM | Attr =	]

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr =	]

SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 512000 bytes | Modified Date = 2/14/2006 2:16:28 PM | Attr =	]

SynTPLpr -> %ProgramFiles%\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> Synaptics, Inc. [Ver = 7.5.17.20 14Feb06 | Size = 110592 bytes | Modified Date = 2/14/2006 2:17:28 PM | Attr =	]

TP4EX -> %SystemRoot%\system32\TP4EX.exe [tp4ex.exe] -> Lenovo Group Limited [Ver = 1.11.00 | Size = 65536 bytes | Modified Date = 10/17/2005 1:11:00 AM | Attr =	]

TPHOTKEY -> %ProgramFiles%\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe] ->  [Ver =  | Size = 94208 bytes | Modified Date = 10/2/2006 10:19:48 AM | Attr =	]

TPKMAPHELPER -> %ProgramFiles%\ThinkPad\Utilities\TpKmapAp.exe [C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper] -> Lenovo [Ver = 1, 3, 0, 0 | Size = 856064 bytes | Modified Date = 6/2/2006 10:00:18 PM | Attr =	]

TpShocks -> %SystemRoot%\system32\TpShocks.exe [TpShocks.exe] -> Lenovo. [Ver = 1.52.0.2 | Size = 181808 bytes | Modified Date = 3/29/2007 6:40:48 PM | Attr =	]

TVT Scheduler Proxy -> %CommonProgramFiles%\Lenovo\Scheduler\scheduler_proxy.exe [C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe] -> Lenovo Group Limited [Ver = 4,0,112,0 | Size = 536576 bytes | Modified Date = 2/8/2007 1:19:44 PM | Attr =	]

< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 

IMAIL-> Installed = 1 -> 

MAPI-> Installed = 1 -> 

MSFS-> Installed = 1 -> 

< 100350691 Startup Folder > -> C:\Documents and Settings\100350691\Start Menu\Programs\Startup -> 

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

%AllUsersProfile%\Start Menu\Programs\Startup\Leafs Insider Communicator.lnk -> %ProgramFiles%\Leafs Insider Desktop\leafsComm.exe -> File not found

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 AM | Attr =	]

*MultiFile Done* -> -> 

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 

C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

*MultiFile Done* -> -> 

*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 

logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

*MultiFile Done* -> -> 

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 

rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316) | Size = 8453632 bytes | Modified Date = 12/19/2006 5:52:18 PM | Attr =	]

Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4142 | Size = 86016 bytes | Modified Date = 9/13/2006 8:44:12 AM | Attr =	]

tpfnf2 -> %SystemRoot%\system32\notifyf2.dll ->  [Ver =  | Size = 28672 bytes | Modified Date = 7/5/2005 11:45:08 PM | Attr =	]

tphotkey -> %SystemRoot%\system32\tphklock.dll ->  [Ver =  | Size = 24576 bytes | Modified Date = 11/30/2005 8:16:02 PM | Attr =	]

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWelcomeScreen -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\disablecad -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousMachineGroupPolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousUserGroupPolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableStatusMessages -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\LogonType -> 0 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate -> 1 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceStartMenuLogOff -> 1 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWelcomeScreen -> 1 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAutoUpdate -> 0 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartMenuNetworkPlaces -> 1 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetHood -> 1 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSecurityTab -> 1 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoEntireNetwork -> 1 -> 

< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->

*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 

SCSI miniport ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 

*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 

NEC	 MBR-7	->  -> File not found

NEC	 MBR-7.4  ->  -> File not found

PIONEER CHANGR DRM-1804X ->  -> File not found

PIONEER CD-ROM DRM-6324X ->  -> File not found

PIONEER CD-ROM DRM-624X  ->  -> File not found

TORiSAN CD-ROM CDR_C36 ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomMATbleepA_DVD-RAM_UJ-842_________________RB01____\5&633cdd6&0&0.0.0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 

< Drives - Autoruns > ->  -> 

AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 5/9/2007 11:33:44 AM | Attr =	]

AutoRun.0nf [[AutoRun] | open=ServerNet.exe | shellexecute=ServerNet.exe | shell\Auto\command=ServerNet.exe | ] -> %SystemDrive%\AutoRun.0nf [ NTFS ] ->  [Ver =  | Size = 93 bytes | Modified Date = 4/2/2008 2:16:07 PM | Attr = RH ]

AutoRun.0nf [[AutoRun] | open=ServerNet.exe | shellexecute=ServerNet.exe | shell\Auto\command=ServerNet.exe | ] -> D:\AutoRun.0nf [ NTFS ] ->  [Ver =  | Size = 93 bytes | Modified Date = 4/2/2008 2:16:07 PM | Attr = RH ]

< HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://google.ca/ -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

HKEY_CURRENT_USER\: ProxyOverride -> *.local -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 

1 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]

{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

{AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]

< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> 

{182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]

WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr =	]

CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]

Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]

Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]

Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]

Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]

Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]

Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]

Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 10/22/2006 11:20:26 PM | Attr =	]

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 

SV1 ->  -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{41966710-91DB-475A-B1AE-0697CC0A7F3B} ->	(Intel(R) PRO/Wireless 3945ABG Network Connection) -> 

{43010E5B-E582-4DD0-9038-3C645B6DA403} ->	(1394 Net Adapter) -> 

{66994E70-07FA-4CBF-8A70-7CDE09DFB34D} ->	(1394 Net Adapter) -> 

{7CF38091-330A-416F-BD48-9D220987F4C0} ->	(Intel(R) PRO/1000 PL Network Connection) -> 

{B6E70C47-A64C-4AFD-B303-454B01DD80D4} ->	(Broadcom NetXtreme Gigabit Ethernet) -> 

{CEC172FF-00DC-44C2-A42E-A8EE94AA077B} ->	(1394 Net Adapter) -> 

{DC7BB139-D71B-4548-8330-F5DD765688A4} ->	(1394 Net Adapter) -> 

< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 

NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{070CA17A-4BD2-4612-83B4-32B1B9159B47}[HKEY_LOCAL_MACHINE] -> http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab[ULiveCtrl Control] -> 

{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}[HKEY_LOCAL_MACHINE] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab[OnlineScanner Control] -> 

{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178728926828[WUWebControl Class] -> 

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209745328875[MUWebControl Class] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 

{C3F79A2B-B9B4-4A66-B012-3EE46475B072}[HKEY_LOCAL_MACHINE] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> 

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\.Owner -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MessengerStatsPAClient.dll\\{C3F79A2B-B9B4-4A66-B012-3EE46475B072} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/weblive.exe\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/weblive.exe\\.Owner -> {070CA17A-4BD2-4612-83B4-32B1B9159B47} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/weblive.exe\\{070CA17A-4BD2-4612-83B4-32B1B9159B47} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableRemoteConnect -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\ElevateNonAdmins -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\WUServer -> http://itsoswsus01.oncampus.local -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\WUStatusServer -> http://itsoswsus01.oncampus.local -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AutoInstallMinorUpdates -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAutoUpdate -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\AUOptions -> 4 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\ScheduledInstallDay -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\ScheduledInstallTime -> 9 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\NoAUShutdownOption -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\UseWUServer -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\DetectionFrequencyEnabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\DetectionFrequency -> 12 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RebootRelaunchTimeoutEnabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RebootRelaunchTimeout -> 60 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RebootWarningTimeoutEnabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\\RebootWarningTimeout -> 15 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\\EnableFirewall -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

nwprovau -> %SystemRoot%\system32\nwprovau.dll -> Microsoft Corporation [Ver = 5.1.2600.3015 (xpsp_sp2_gdr.061013-0145) | Size = 142336 bytes | Modified Date = 10/13/2006 8:35:12 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr =	]

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr =	]

wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1416 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 86 BB C8 A9 1F 23 00 D6 79 BD 57 15 9A DB 3A 45 36 38 66 35 65 64 33 39 00 00 00 00 C8 10 00 00 9C D1 1B 00 99 D0 BF 71 88 D1 1B 00 10 00 00 00 00 00 00 00 97 BB 1A 02 A7 6D F5 83 7D 96 84 68  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 40 44 AC EC D4 55 85 1B D3  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> A9 1E 46 44 19 12  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> CA E6 A5 DB E4 A8 DF 08 0E 28 97 A8 EB A4 BB 53  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> F4 6C BD 95 59 92 C7 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 80 72 18 3C 7A C4 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 80 72 18 3C 7A C4 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 80 72 18 3C 7A C4 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 33260 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\cba\pds.exe -> %SystemRoot%\system32\cba\pds.exe [C:\WINDOWS\system32\cba\pds.exe:*:Enabled:LANDesk Ping Discovery Service] -> LANDesk Software Ltd. [Ver = 6.12.0.144 E | Size = 32819 bytes | Modified Date = 6/5/2006 12:49:26 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\msgsys.exe -> %SystemRoot%\system32\msgsys.exe [C:\WINDOWS\system32\msgsys.exe:*:Enabled:LANDesk Message Service] -> LANDesk Software Ltd. [Ver = 6.12.0.144 E | Size = 28729 bytes | Modified Date = 6/5/2006 12:49:24 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\LANDesk\LDClient\issuser.exe -> %ProgramFiles%\LANDesk\LDClient\issuser.exe [C:\Program Files\LANDesk\LDClient\issuser.exe:*:Enabled:LANDesk Remote Control Agent] -> LANDesk Software, Ltd. [Ver = 8.70.7.7	| Size = 354816 bytes | Modified Date = 5/1/2007 6:32:40 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\LANDesk\LDClient\tmcsvc.exe -> %ProgramFiles%\LANDesk\LDClient\tmcsvc.exe [C:\Program Files\LANDesk\LDClient\tmcsvc.exe:*:Enabled:LANDesk Targeted Multicast] -> LANDesk Software, Ltd. [Ver = 8.70.6.1  | Size = 114688 bytes | Modified Date = 1/5/2007 8:18:24 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 12:34:02 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 6:18:24 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> BitTorrent, Inc. [Ver = 1.8.0.11813 | Size = 267056 bytes | Modified Date = 8/17/2008 1:08:28 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\LANDesk\Shared Files\residentagent.exe -> %ProgramFiles%\LANDesk\Shared Files\residentAgent.exe [C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent] -> LANDesk Software, Ltd. [Ver = 8.7.0.23 | Size = 122880 bytes | Modified Date = 1/9/2007 11:03:10 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> BitTorrent, Inc. [Ver = 1.8.0.11813 | Size = 267056 bytes | Modified Date = 8/17/2008 1:08:28 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 12:34:02 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 6:18:24 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.7.1.11 | Size = 20252968 bytes | Modified Date = 7/30/2008 10:47:50 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LANDesk\Shared Files\residentagent.exe -> %ProgramFiles%\LANDesk\Shared Files\residentAgent.exe [C:\Program Files\LANDesk\Shared Files\residentagent.exe:*:Enabled:LANDesk(R) Management Agent] -> LANDesk Software, Ltd. [Ver = 8.7.0.23 | Size = 122880 bytes | Modified Date = 1/9/2007 11:03:10 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 12:00:00 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr =	]

TCPIP ->  -> File not found

NTLMSSP ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2145832960 bytes | Created Date = 8/6/2008 6:54:17 PM | Attr =  HS]

Adobe -> %SystemRoot%\System32\Adobe ->  [Folder | Created Date = 7/26/2008 6:10:36 PM | Attr =	]

2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Created Date = 7/24/2008 2:28:16 PM | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

uTorrent -> %AppData%\uTorrent ->  [Folder | Created Date = 8/8/2008 2:52:47 PM | Attr =	]

DISC -> D:\My Documents\DISC ->  [Folder | Created Date = 8/6/2008 6:39:13 PM | Attr =	]

quote.doc -> D:\My Documents\quote.doc ->  [Ver =  | Size = 24064 bytes | Created Date = 8/4/2008 3:00:56 PM | Attr =	]

The Smashing Pumpkins - Adore -> D:\My Documents\The Smashing Pumpkins - Adore ->  [Folder | Created Date = 8/6/2008 6:39:12 PM | Attr =	]

Videos -> D:\My Documents\Videos ->  [Folder | Created Date = 8/6/2008 8:40:43 PM | Attr =	]

QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk ->  [Ver =  | Size = 1604 bytes | Created Date = 8/4/2008 2:01:50 PM | Attr =	]

AlbumArtSmall.jpg -> %UserProfile%\Desktop\AlbumArtSmall.jpg ->  [Ver =  | Size = 1861 bytes | Created Date = 7/28/2008 4:01:34 PM | Attr =  HS]

AlbumArt_{32CBB4E0-B72A-4005-B1A0-6A9A00F66AED}_Large.jpg -> %UserProfile%\Desktop\AlbumArt_{32CBB4E0-B72A-4005-B1A0-6A9A00F66AED}_Large.jpg ->  [Ver =  | Size = 6261 bytes | Created Date = 8/5/2008 2:38:34 AM | Attr =  HS]

AlbumArt_{32CBB4E0-B72A-4005-B1A0-6A9A00F66AED}_Small.jpg -> %UserProfile%\Desktop\AlbumArt_{32CBB4E0-B72A-4005-B1A0-6A9A00F66AED}_Small.jpg ->  [Ver =  | Size = 1861 bytes | Created Date = 8/5/2008 2:38:34 AM | Attr =  HS]

AlbumArt_{D4C3D501-0837-4C7E-B56F-FC69FB35A469}_Large.jpg -> %UserProfile%\Desktop\AlbumArt_{D4C3D501-0837-4C7E-B56F-FC69FB35A469}_Large.jpg ->  [Ver =  | Size = 12613 bytes | Created Date = 7/28/2008 4:01:34 PM | Attr =  HS]

AlbumArt_{D4C3D501-0837-4C7E-B56F-FC69FB35A469}_Small.jpg -> %UserProfile%\Desktop\AlbumArt_{D4C3D501-0837-4C7E-B56F-FC69FB35A469}_Small.jpg ->  [Ver =  | Size = 2915 bytes | Created Date = 7/28/2008 4:01:34 PM | Attr =  HS]

ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 8/18/2008 2:55:45 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier

cphilcrit.doc -> %UserProfile%\Desktop\cphilcrit.doc ->  [Ver =  | Size = 38912 bytes | Created Date = 8/13/2008 1:46:42 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\cphilcrit.doc:Zone.Identifier

desktop.ini -> %UserProfile%\Desktop\desktop.ini ->  [Ver =  | Size = 352 bytes | Created Date = 7/28/2008 4:01:34 PM | Attr =  HS]

DISC -> %UserProfile%\Desktop\DISC ->  [Folder | Created Date = 8/4/2008 1:52:34 PM | Attr =	]

Folder.jpg -> %UserProfile%\Desktop\Folder.jpg ->  [Ver =  | Size = 6261 bytes | Created Date = 7/28/2008 4:01:34 PM | Attr =  HS]

Friends of Mine.mp3 -> %UserProfile%\Desktop\Friends of Mine.mp3 ->  [Ver =  | Size = 7267510 bytes | Created Date = 7/28/2008 3:43:42 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Friends of Mine.mp3:Zone.Identifier

LukacsGramsci.doc -> %UserProfile%\Desktop\LukacsGramsci.doc ->  [Ver =  | Size = 44544 bytes | Created Date = 8/12/2008 2:56:19 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\LukacsGramsci.doc:Zone.Identifier

OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 8/18/2008 1:33:52 PM | Attr =	]

OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Created Date = 8/18/2008 3:01:47 AM | Attr =	]

philcrit.doc -> %UserProfile%\Desktop\philcrit.doc ->  [Ver =  | Size = 38912 bytes | Created Date = 8/13/2008 1:43:48 AM | Attr =	]

PhilEssay.doc -> %UserProfile%\Desktop\PhilEssay.doc ->  [Ver =  | Size = 31744 bytes | Created Date = 8/12/2008 2:30:36 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\PhilEssay.doc:Zone.Identifier

philosophyfinal.doc -> %UserProfile%\Desktop\philosophyfinal.doc ->  [Ver =  | Size = 45568 bytes | Created Date = 8/12/2008 2:56:13 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\philosophyfinal.doc:Zone.Identifier

The Beginning is the End is the Beginning.mp3 -> %UserProfile%\Desktop\The Beginning is the End is the Beginning.mp3 ->  [Ver =  | Size = 3639842 bytes | Created Date = 8/4/2008 4:22:57 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\The Beginning is the End is the Beginning.mp3:Zone.Identifier

The Smashing Pumpkins - Adore -> %UserProfile%\Desktop\The Smashing Pumpkins - Adore ->  [Folder | Created Date = 8/5/2008 11:00:38 AM | Attr =	]

The_Smashing_Pumpkins_-_Adore__Mp3_160_Kbps_Full_Album_.zip -> %UserProfile%\Desktop\The_Smashing_Pumpkins_-_Adore__Mp3_160_Kbps_Full_Album_.zip ->  [Ver =  | Size = 86933995 bytes | Created Date = 8/4/2008 3:52:08 PM | Attr =	]

µTorrent.lnk -> %UserProfile%\Desktop\µTorrent.lnk ->  [Ver =  | Size = 630 bytes | Created Date = 8/8/2008 2:52:52 PM | Attr =	]

Apple Software Update -> %ProgramFiles%\Apple Software Update ->  [Folder | Created Date = 7/24/2008 2:28:12 PM | Attr =	]

iPod -> %ProgramFiles%\iPod ->  [Folder | Created Date = 8/4/2008 2:03:42 PM | Attr =	]

iTunes -> %ProgramFiles%\iTunes ->  [Folder | Created Date = 8/4/2008 2:03:35 PM | Attr =	]

QuickTime -> %ProgramFiles%\QuickTime ->  [Folder | Created Date = 8/4/2008 2:01:27 PM | Attr =	]

uTorrent -> %ProgramFiles%\uTorrent ->  [Folder | Created Date = 8/8/2008 2:52:51 PM | Attr =	]

Windows Live Safety Center -> %ProgramFiles%\Windows Live Safety Center ->  [Folder | Created Date = 8/8/2008 2:47:24 PM | Attr =	]



[Files/Folders - Modified Within 30 days]

hiberfil.sys -> %SystemDrive%\hiberfil.sys ->  [Ver =  | Size = 2145832960 bytes | Modified Date = 8/18/2008 1:22:13 PM | Attr =  HS]

minint -> %SystemDrive%\minint ->  [Folder | Modified Date = 8/6/2008 9:43:32 PM | Attr = RHS]

Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/8/2008 2:52:51 PM | Attr = R  ]

SWSHARE -> %SystemDrive%\SWSHARE ->  [Folder | Modified Date = 8/18/2008 12:59:51 AM | Attr =	]

WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/18/2008 1:22:49 PM | Attr =	]

Adobe -> %SystemRoot%\System32\Adobe ->  [Folder | Modified Date = 7/30/2008 11:01:29 PM | Attr =	]

2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 8/18/2008 1:23:14 PM | Attr =	]

dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 8/6/2008 7:23:21 PM | Attr = RHS]

drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 8/6/2008 8:46:17 PM | Attr =	]

DRVSTORE -> %SystemRoot%\System32\DRVSTORE ->  [Folder | Modified Date = 8/4/2008 2:00:10 PM | Attr =	]

perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 90284 bytes | Modified Date = 8/6/2008 8:46:06 PM | Attr =	]

perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 488542 bytes | Modified Date = 8/6/2008 8:46:06 PM | Attr =	]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 8/18/2008 1:24:25 PM | Attr =	]

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/18/2008 1:22:20 PM | Attr =   S]

CSC -> %SystemRoot%\CSC ->  [Folder | Modified Date = 8/13/2008 1:13:31 PM | Attr =  HS]

5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/13/2008 1:44:14 AM | Attr =  H ]

Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 8/6/2008 8:46:25 PM | Attr =  HS]

Minidump -> %SystemRoot%\Minidump ->  [Folder | Modified Date = 8/13/2008 12:22:07 AM | Attr =	]

Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/18/2008 1:35:32 PM | Attr =	]

QTFont.qfn -> %SystemRoot%\QTFont.qfn ->  [Ver =  | Size = 54156 bytes | Modified Date = 8/4/2008 12:33:11 AM | Attr =  H ]

security -> %SystemRoot%\security ->  [Folder | Modified Date = 8/6/2008 4:35:15 PM | Attr =	]

system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 8/6/2008 8:46:17 PM | Attr =	]

Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 7/24/2008 2:28:16 PM | Attr =   S]

Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 8/18/2008 1:38:23 PM | Attr =	]

AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job ->  [Ver =  | Size = 284 bytes | Modified Date = 7/24/2008 2:28:16 PM | Attr =	]

PMTask.job -> %SystemRoot%\tasks\PMTask.job ->  [Ver =  | Size = 298 bytes | Modified Date = 8/18/2008 1:24:43 PM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/18/2008 1:22:30 PM | Attr =  H ]

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 5/9/2007 12:44:21 PM | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2/28/2008 9:40:13 PM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 5464 bytes | Modified Date = 2/28/2008 9:40:13 PM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 5/11/2007 9:36:26 AM | Attr =	]

opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 5/14/2007 11:07:07 AM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\VJSExpress\8.0\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\VJSExpress\8.0 ->  [Folder | Modified Date = 9/7/2007 7:39:20 PM | Attr =	]

VJSExpress000223.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\VJSExpress\8.0\VJSExpress000223.dat ->  [Ver =  | Size = 677178 bytes | Modified Date = 9/7/2007 7:39:03 PM | Attr =  H ]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\2XW7HM4S\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\2XW7HM4S ->  [Folder | Modified Date = 8/9/2008 1:24:18 AM | Attr =   S]

dref=http%253A%252F%252Fhfboards[1].com%252F -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\2XW7HM4S\dref=http%253A%252F%252Fhfboards[1].com ->  [Ver =  | Size = 1345 bytes | Modified Date = 5/6/2008 4:19:12 PM | Attr =	]

dref=http%253A%252F%252Fhfboards[2].com%252F -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\2XW7HM4S\dref=http%253A%252F%252Fhfboards[2].com ->  [Ver =  | Size = 1385 bytes | Modified Date = 8/8/2008 2:26:36 PM | Attr =	]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\AKKH41OC\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\AKKH41OC ->  [Folder | Modified Date = 8/9/2008 1:54:36 AM | Attr =   S]

dref=http%253A%252F%252Fhfboards[1].com%252F -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\AKKH41OC\dref=http%253A%252F%252Fhfboards[1].com ->  [Ver =  | Size = 409 bytes | Modified Date = 8/8/2008 1:56:21 PM | Attr =	]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\O94TARWX\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\O94TARWX ->  [Folder | Modified Date = 8/9/2008 2:15:59 AM | Attr =   S]

CALBV9RD.com%2F&r=0 -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\O94TARWX\CALBV9RD.com ->  [Ver =  | Size = 1781 bytes | Modified Date = 8/9/2008 1:24:18 AM | Attr =	]

imp[1].com%2F&r=0 -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\O94TARWX\imp[1].com ->  [Ver =  | Size = 539 bytes | Modified Date = 8/9/2008 1:24:53 AM | Attr =	]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q5G3I1Q5\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q5G3I1Q5 ->  [Folder | Modified Date = 8/9/2008 2:15:57 AM | Attr =   S]

imp[1].com%2F&r=0 -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q5G3I1Q5\imp[1].com ->  [Ver =  | Size = 1008 bytes | Modified Date = 8/9/2008 1:54:36 AM | Attr =	]

C:\Documents and Settings\100350691\Local Settings\Temp\ICD1.tmp\ -> C:\Documents and Settings\100350691\Local Settings\Temp\ICD1.tmp\ ->  [Folder | Modified Date = 5/2/2008 12:13:55 PM | Attr =	]

jinstall.exe -> C:\Documents and Settings\100350691\Local Settings\Temp\ICD1.tmp\jinstall.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.19 | Size = 376832 bytes | Modified Date = 4/2/2008 3:18:28 PM | Attr =	]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\AKKH41OC\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\AKKH41OC ->  [Folder | Modified Date = 8/9/2008 1:54:36 AM | Attr =   S]

utorrent[1].exe -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\AKKH41OC\utorrent[1].exe ->  [Ver =  | Size = 219952 bytes | Modified Date = 8/8/2008 2:52:43 PM | Attr =	]

C:\Documents and Settings\100350691\Local Settings\Temp\ -> C:\Documents and Settings\100350691\Local Settings\Temp ->  [Folder | Modified Date = 8/18/2008 1:33:22 PM | Attr =	]

secuniasi4778.dll -> C:\Documents and Settings\100350691\Local Settings\Temp\secuniasi4778.dll ->  [Ver =  | Size = 143360 bytes | Modified Date = 5/2/2008 12:58:19 PM | Attr =	]

2230 C:\Documents and Settings\100350691\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\100350691\Local Settings\Temp\*.tmp -> 

C:\Documents and Settings\100350691\Local Settings\Temp\rninst~0\ -> C:\Documents and Settings\100350691\Local Settings\Temp\rninst~0 ->  [Folder | Modified Date = 5/2/2008 12:55:00 PM | Attr =	]

control.dll -> C:\Documents and Settings\100350691\Local Settings\Temp\rninst~0\control.dll -> RealNetworks, Inc. [Ver = 1.0.6.80 | Size = 42528 bytes | Modified Date = 5/2/2008 12:40:59 PM | Attr =	]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 8/8/2008 3:46:23 PM | Attr =   S]

index.dat -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 2473984 bytes | Modified Date = 8/9/2008 2:15:59 AM | Attr =	]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 8/8/2008 3:46:23 PM | Attr =   S]

desktop.ini -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 5/6/2008 3:47:16 PM | Attr =  HS]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\2XW7HM4S\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\2XW7HM4S ->  [Folder | Modified Date = 8/9/2008 1:24:18 AM | Attr =   S]

desktop.ini -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\2XW7HM4S\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 5/6/2008 3:47:16 PM | Attr =  HS]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\AKKH41OC\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\AKKH41OC ->  [Folder | Modified Date = 8/9/2008 1:54:36 AM | Attr =   S]

desktop.ini -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\AKKH41OC\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 5/6/2008 3:47:16 PM | Attr =  HS]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\EVU7QTIF\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\EVU7QTIF ->  [Folder | Modified Date = 8/9/2008 2:15:56 AM | Attr =   S]

desktop.ini -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\EVU7QTIF\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/8/2008 3:46:23 PM | Attr =  HS]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\JHLFT5VU\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\JHLFT5VU ->  [Folder | Modified Date = 8/9/2008 1:54:40 AM | Attr =   S]

desktop.ini -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\JHLFT5VU\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 5/6/2008 3:47:16 PM | Attr =  HS]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\K10ZC7C3\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\K10ZC7C3 ->  [Folder | Modified Date = 8/9/2008 2:15:59 AM | Attr =   S]

desktop.ini -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\K10ZC7C3\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/8/2008 3:46:23 PM | Attr =  HS]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\O94TARWX\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\O94TARWX ->  [Folder | Modified Date = 8/9/2008 2:15:59 AM | Attr =   S]

desktop.ini -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\O94TARWX\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/8/2008 3:46:23 PM | Attr =  HS]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q5G3I1Q5\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q5G3I1Q5 ->  [Folder | Modified Date = 8/9/2008 2:15:57 AM | Attr =   S]

desktop.ini -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q5G3I1Q5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 8/8/2008 3:46:23 PM | Attr =  HS]

C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z91KU0J2\ -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z91KU0J2 ->  [Folder | Modified Date = 8/9/2008 1:55:10 AM | Attr =   S]

desktop.ini -> C:\Documents and Settings\100350691\Local Settings\Temp\Temporary Internet Files\Content.IE5\Z91KU0J2\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 5/6/2008 3:47:16 PM | Attr =  HS]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet ->  [Folder | Modified Date = 7/26/2008 2:44:27 AM | Attr =	]

VMware -> %AllUsersProfile%\Application Data\VMware ->  [Folder | Modified Date = 8/6/2008 8:46:14 PM | Attr =	]

vulScan -> %AllUsersProfile%\Application Data\vulScan ->  [Folder | Modified Date = 8/18/2008 1:22:46 PM | Attr =	]

Adobe -> %AppData%\Adobe ->  [Folder | Modified Date = 7/26/2008 6:12:13 PM | Attr =	]

uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 8/17/2008 5:52:07 PM | Attr =	]

Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer ->  [Folder | Modified Date = 8/5/2008 10:54:49 AM | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 58368 bytes | Modified Date = 8/17/2008 5:53:43 PM | Attr =	]

Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 8/8/2008 2:47:24 PM | Attr =	]

DISC -> D:\My Documents\DISC ->  [Folder | Modified Date = 8/6/2008 6:39:20 PM | Attr =	]

Downloads -> D:\My Documents\Downloads ->  [Folder | Modified Date = 8/17/2008 6:41:41 PM | Attr =	]

My Pictures -> D:\My Documents\My Pictures ->  [Folder | Modified Date = 7/22/2008 2:28:17 AM | Attr = R  ]

My Received Files -> D:\My Documents\My Received Files ->  [Folder | Modified Date = 8/12/2008 2:30:04 AM | Attr =	]

My Sharing Folders.lnk -> D:\My Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 399 bytes | Modified Date = 8/18/2008 1:26:15 PM | Attr =	]

My Videos -> D:\My Documents\My Videos ->  [Folder | Modified Date = 8/7/2008 2:25:04 AM | Attr = R  ]

quote.doc -> D:\My Documents\quote.doc ->  [Ver =  | Size = 24064 bytes | Modified Date = 8/14/2008 2:05:33 AM | Attr =	]

The Smashing Pumpkins - Adore -> D:\My Documents\The Smashing Pumpkins - Adore ->  [Folder | Modified Date = 8/6/2008 6:39:44 PM | Attr =	]

Videos -> D:\My Documents\Videos ->  [Folder | Modified Date = 8/6/2008 8:40:44 PM | Attr =	]

QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk ->  [Ver =  | Size = 1604 bytes | Modified Date = 8/4/2008 2:01:50 PM | Attr =	]

AlbumArtSmall.jpg -> %UserProfile%\Desktop\AlbumArtSmall.jpg ->  [Ver =  | Size = 1861 bytes | Modified Date = 8/5/2008 2:38:34 AM | Attr =  HS]

AlbumArt_{32CBB4E0-B72A-4005-B1A0-6A9A00F66AED}_Large.jpg -> %UserProfile%\Desktop\AlbumArt_{32CBB4E0-B72A-4005-B1A0-6A9A00F66AED}_Large.jpg ->  [Ver =  | Size = 6261 bytes | Modified Date = 8/5/2008 2:38:34 AM | Attr =  HS]

AlbumArt_{32CBB4E0-B72A-4005-B1A0-6A9A00F66AED}_Small.jpg -> %UserProfile%\Desktop\AlbumArt_{32CBB4E0-B72A-4005-B1A0-6A9A00F66AED}_Small.jpg ->  [Ver =  | Size = 1861 bytes | Modified Date = 8/5/2008 2:38:34 AM | Attr =  HS]

AlbumArt_{D4C3D501-0837-4C7E-B56F-FC69FB35A469}_Large.jpg -> %UserProfile%\Desktop\AlbumArt_{D4C3D501-0837-4C7E-B56F-FC69FB35A469}_Large.jpg ->  [Ver =  | Size = 12613 bytes | Modified Date = 7/28/2008 4:01:31 PM | Attr =  HS]

AlbumArt_{D4C3D501-0837-4C7E-B56F-FC69FB35A469}_Small.jpg -> %UserProfile%\Desktop\AlbumArt_{D4C3D501-0837-4C7E-B56F-FC69FB35A469}_Small.jpg ->  [Ver =  | Size = 2915 bytes | Modified Date = 7/28/2008 4:01:28 PM | Attr =  HS]

ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 8/18/2008 2:56:02 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier

cphilcrit.doc -> %UserProfile%\Desktop\cphilcrit.doc ->  [Ver =  | Size = 38912 bytes | Modified Date = 8/13/2008 1:46:43 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\cphilcrit.doc:Zone.Identifier

desktop.ini -> %UserProfile%\Desktop\desktop.ini ->  [Ver =  | Size = 352 bytes | Modified Date = 8/5/2008 2:38:34 AM | Attr =  HS]

DISC -> %UserProfile%\Desktop\DISC ->  [Folder | Modified Date = 8/4/2008 4:10:02 PM | Attr =	]

Folder.jpg -> %UserProfile%\Desktop\Folder.jpg ->  [Ver =  | Size = 6261 bytes | Modified Date = 8/5/2008 2:38:34 AM | Attr =  HS]

Friends of Mine.mp3 -> %UserProfile%\Desktop\Friends of Mine.mp3 ->  [Ver =  | Size = 7267510 bytes | Modified Date = 7/28/2008 11:39:40 PM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Friends of Mine.mp3:Zone.Identifier

LukacsGramsci.doc -> %UserProfile%\Desktop\LukacsGramsci.doc ->  [Ver =  | Size = 44544 bytes | Modified Date = 8/12/2008 2:56:19 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\LukacsGramsci.doc:Zone.Identifier

Microsoft Office Word 2003.lnk -> %UserProfile%\Desktop\Microsoft Office Word 2003.lnk ->  [Ver =  | Size = 2497 bytes | Modified Date = 8/17/2008 12:40:05 AM | Attr =	]

OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 8/18/2008 1:33:52 PM | Attr =	]

OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Modified Date = 8/18/2008 3:01:49 AM | Attr =	]

philcrit.doc -> %UserProfile%\Desktop\philcrit.doc ->  [Ver =  | Size = 38912 bytes | Modified Date = 8/13/2008 1:44:02 AM | Attr =	]

PhilEssay.doc -> %UserProfile%\Desktop\PhilEssay.doc ->  [Ver =  | Size = 31744 bytes | Modified Date = 8/12/2008 2:32:01 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\PhilEssay.doc:Zone.Identifier

philosophyfinal.doc -> %UserProfile%\Desktop\philosophyfinal.doc ->  [Ver =  | Size = 45568 bytes | Modified Date = 8/12/2008 2:56:13 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\philosophyfinal.doc:Zone.Identifier

The Beginning is the End is the Beginning.mp3 -> %UserProfile%\Desktop\The Beginning is the End is the Beginning.mp3 ->  [Ver =  | Size = 3639842 bytes | Modified Date = 8/5/2008 2:39:04 AM | Attr =	]

@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\The Beginning is the End is the Beginning.mp3:Zone.Identifier

The Smashing Pumpkins - Adore -> %UserProfile%\Desktop\The Smashing Pumpkins - Adore ->  [Folder | Modified Date = 8/5/2008 2:58:26 PM | Attr =	]

The_Smashing_Pumpkins_-_Adore__Mp3_160_Kbps_Full_Album_.zip -> %UserProfile%\Desktop\The_Smashing_Pumpkins_-_Adore__Mp3_160_Kbps_Full_Album_.zip ->  [Ver =  | Size = 86933995 bytes | Modified Date = 8/5/2008 2:53:52 AM | Attr =	]

µTorrent.lnk -> %UserProfile%\Desktop\µTorrent.lnk ->  [Ver =  | Size = 630 bytes | Modified Date = 8/17/2008 1:08:54 AM | Attr =	]



< End of report >


#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:13 AM

Posted 18 August 2008 - 11:13 PM

Hello, DiCanio.
We need to run an OTScanIt Fix
  • Please reopen Posted Image
  • Click on Posted Image
  • In the Posted Image area copy and paste in the following (Do not include the word CODE)
    [Driver Services - Non-Microsoft Only]
    YY -> (VMnetAdapter) VMware Virtual Ethernet Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\vmnetadapter.sys
    [Registry - Non-Microsoft Only]
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    YN -> ~EmptyValue -> []
    YN -> ISUSPM Startup -> %SystemDrive%\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup]
    YN -> ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start]
    < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
    YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate -> 1
    YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAutoUpdate -> 0
    YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoEntireNetwork -> 1
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    YN -> {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
    YN -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console]
    < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
    YN -> Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll
    YN -> Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll
    YN -> Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat\AcroIEFavClient.dll
    [Files/Folders - Modified Within 30 days]
    NY -> 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
    NY -> Minidump -> %SystemRoot%\Minidump
    NY -> Temp -> %SystemRoot%\Temp
  • Press the Posted Image button.
  • Copy/Paste the resultant report in a reply here
In your next reply, please include the following:
  • OtScanIt Fix Report
  • A New HiJack This log

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 DiCanio

DiCanio
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 19 August 2008 - 10:30 AM

[Driver Services - Non-Microsoft Only]
Service VMnetAdapter stopped successfully.
Service VMnetAdapter deleted successfully.
File C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\~EmptyValue deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAutoUpdate deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\\NoEntireNetwork deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append to existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to Adobe PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Convert link target to existing PDF\ deleted successfully.
[Files/Folders - Modified Within 30 days]
C:\WINDOWS\Minidump folder moved successfully.
C:\WINDOWS\Temp\fsaua.tmp folder moved successfully.
Folder move failed. C:\WINDOWS\Temp scheduled to be moved on reboot.
< End of fix log >
OTScanIt by OldTimer - Version 1.0.16.2 fix logfile created on 08192008_111710

Files moved on Reboot...
C:\WINDOWS\Temp folder moved successfully.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:07 AM, on 8/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\WINDOWS\system32\WebUpdateSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\WINDOWS\system32\TpShocks.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Adobe\Acrobat\Acrotray.exe
C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat\AcroDist.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [IBM Warranty Notification] "C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [IntelAPMClient] "C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart
O4 - HKLM\..\Run: [SDClientMonitor] "C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Leafs Insider Communicator.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1178728926828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1209745328875
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = oncampus.local
O17 - HKLM\Software\..\Telephony: DomainName = oncampus.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = oncampus.local
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: LANDesk® Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Distributed - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\ServerNet.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: LANDesk Targeted Multicast (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LANDesk Remote Control Service (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: LANDesk® Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: tvtnetwk - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
O23 - Service: Web Update Service by PowerProgrammer (WebUpdate) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc.exe

--
End of file - 13201 bytes


NOTE: I am about to leave for about a week (back on Monday) so that is when I will be able to continue this (if not already done)

#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:13 AM

Posted 19 August 2008 - 10:33 AM

Hello, DiCanio.

Looks like we've pretty much got it. Just some housekeeping :thumbsup:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE)6 Update 7...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-Language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u7-windows-i586-p.exe
  • Follow the on screen instructions to install the latest Java version.
I would like us to use ESET (NOD32)'s Online Scanner
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start
  • Should you face a Security Warning that asks if you want to install and run a file called "OnlineScanner.cab", click Yes
  • Click Start
    • Note: (the Onlinescanner will now prepare itself for running on your pc)
  • To do a full-scan, tick: "Remove found threats" and "Scan potentially unwanted applications"
  • Press Scan
  • The Onlinescan will now start and scan your pc (this could take a while)
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window
  • Click Start >> Run... >> type: C:\Program Files\EsetOnlineScanner\log.txt
  • The Scanresults will now open in Notepad
  • Click into the text area, right-click and chose "select all" (or use +A)
  • Right-click again and chose "Copy" (or +C)
  • Close/Exit Notepad
  • Navigate to this thread and post your log along with anything else requested from us, by right-clicking and "paste" (or ctrl+v) in the text area of the reply post you just created.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Your Microsoft Windows installation is out of date.
Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

Please let me know of any problems you may have encountered.

In your next reply, please include the following:
  • ESET OnlineScan's Log
  • A new HJT log

Billy3

Edited by Billy O'Neal, 19 August 2008 - 10:33 AM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:13 AM

Posted 24 August 2008 - 12:26 AM

This is just my reminder that you asked to keep things open until at least monday. This topic will be closed on wednesday if no reply is recieved :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:09:13 AM

Posted 27 August 2008 - 09:02 PM

Hello, DiCanio.
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please send me or another moderator a PM.

Everyone else please begin a new topic.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users