Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    NSA shares zero-trust guidance to limit adversaries on the network

Featured Deal: Enjoy quick, compatible data transfers with this $59.99 portable SSD

Latest Buyer's Guide:    Hotspot Shield VPN review

Generic User Avatar

Backdoor Trojan Bifrost

Started by PTerzo , Mar 04 2008 06:10 PM

  • This topic is locked This topic is locked
2 replies to this topic

#1 PTerzo

PTerzo

  • Avatar image
  • Members
  • 3 posts
  • OFFLINE
    •  
  • Local time:11:12 PM

Posted 04 March 2008 - 06:10 PM

/3/2008-10:38:05 PM , Quarantined , Bifrost , Backdoor , Key "hkey_users \S-1-5-21-1644491937-789336058-839522115-500\software\wget" , -1

CA's antispyware caught this last night.



WinPFind35 logfile created on: 3/4/2008 1:29:17 PM
WinPFind35U Version 1.0.3.0	 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 80.88% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 6067 10067;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 120.37 Gb Free Space | 80.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-F362DEAC3B
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
itmrtsvc.exe -> %ProgramFiles%\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -> CA, Inc. [Ver = 1.1.0.33 | Size = 283912 bytes | Modified Date = 9/5/2007 9:43:52 AM | Attr =	]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr =	]
pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 12/24/2007 12:04:16 PM | Attr =	]
pnkbstrb.exe -> %SystemRoot%\system32\PnkBstrB.exe ->  [Ver =  | Size = 107832 bytes | Modified Date = 3/3/2008 8:35:58 PM | Attr =	]
cctray.exe -> %ProgramFiles%\CA\CA Internet Security Suite\cctray\cctray.exe -> CA, Inc. [Ver = Version 4.0.0.172 | Size = 181512 bytes | Modified Date = 1/25/2008 12:40:28 PM | Attr =	]
cappactiveprotection.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe -> CA, Inc. [Ver = 10.0.0.157 | Size = 238856 bytes | Modified Date = 1/11/2008 6:56:12 PM | Attr =	]
ppctlpriv.exe -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -> CA, Inc. [Ver = 10.0.0.157 | Size = 185608 bytes | Modified Date = 1/11/2008 6:56:16 PM | Attr =	]
ccprovsp.exe -> %ProgramFiles%\CA\CA Internet Security Suite\ccprovsp.exe -> CA, Inc. [Ver = Version 4.0.0.172 | Size = 214280 bytes | Modified Date = 1/25/2008 12:40:28 PM | Attr =	]
avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/5/2008 2:19:25 PM | Attr =	]
avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/5/2008 2:19:24 PM | Attr =	]
avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/5/2008 2:19:26 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.3.0 | Size = 310784 bytes | Modified Date = 3/1/2008 1:06:42 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/5/2008 2:19:24 PM | Attr =	]
(Avg7UpdSvc) AVG7 Update Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 1/5/2008 2:19:26 PM | Attr =	]
(AVGEMS) AVG E-mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/5/2008 2:19:25 PM | Attr =	]
(CaCCProvSP) CaCCProvSP [Win32_Own | On_Demand | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\ccprovsp.exe -> CA, Inc. [Ver = Version 4.0.0.172 | Size = 214280 bytes | Modified Date = 1/25/2008 12:40:28 PM | Attr =	]
(Diskeeper) Diskeeper [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 10.0.608.0 | Size = 942080 bytes | Modified Date = 6/7/2006 12:46:24 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(ITMRTSVC) CA Pest Patrol Realtime Protection Service [Win32_Own | Auto | Running] -> %ProgramFiles%\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -> CA, Inc. [Ver = 1.1.0.33 | Size = 283912 bytes | Modified Date = 9/5/2007 9:43:52 AM | Attr =	]
(Marvell RAID) Marvell RAID Event Agent [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Marvell\61xx\svc\mvraidsvc.exe ->  [Ver = 1.0.0.7 | Size = 114688 bytes | Modified Date = 8/9/2006 10:46:16 PM | Attr =	]
(MRUWebService) MRU Web Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Marvell\61xx\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.58 | Size = 20541 bytes | Modified Date = 4/29/2006 4:47:14 AM | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr =	]
(PnkBstrA) PnkBstrA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrA.exe ->  [Ver =  | Size = 66872 bytes | Modified Date = 12/24/2007 12:04:16 PM | Attr =	]
(PnkBstrB) PnkBstrB [Win32_Own | Auto | Running] -> %SystemRoot%\system32\PnkBstrB.exe ->  [Ver =  | Size = 107832 bytes | Modified Date = 3/3/2008 8:35:58 PM | Attr =	]
(PPCtlPriv) PPCtlPriv [Win32_Own | On_Demand | Running] -> %ProgramFiles%\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -> CA, Inc. [Ver = 10.0.0.157 | Size = 185608 bytes | Modified Date = 1/11/2008 6:56:16 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/17/2008 12:11:33 AM | Attr =	]
(Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/17/2008 12:11:35 AM | Attr =	]
(Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/17/2008 12:11:35 AM | Attr =	]
(AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/17/2008 12:11:31 AM | Attr =	]
(AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 2/17/2008 12:11:36 AM | Attr =	]
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(E1000) Intel(R) PRO/1000 Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e1000325.sys -> Intel Corporation [Ver = 8.9.1.0 built by: WinDDK | Size = 171416 bytes | Modified Date = 3/25/2007 8:20:06 PM | Attr =	]
(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e1e5132.sys -> Intel Corporation [Ver = 9.8.20.0 built by: WinDDK | Size = 254872 bytes | Modified Date = 4/13/2007 1:33:34 PM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 7:07:18 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(iANSMiniport) Intel(R) Advanced Network Services Virtual Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ianswxp.sys -> Intel Corporation [Ver = 8.3.13.0 built by: WinDDK | Size = 114576 bytes | Modified Date = 1/31/2007 5:55:26 PM | Attr =	]
(IANSPROTOCOL) Intel(R) Advanced Network Services Protocol [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ianswxp.sys -> Intel Corporation [Ver = 8.3.13.0 built by: WinDDK | Size = 114576 bytes | Modified Date = 1/31/2007 5:55:26 PM | Attr =	]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(MEMSWEEP2) MEMSWEEP2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\1.tmp -> File not found
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(mv61xx) mv61xx [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\mv61xx.sys -> Marvell Semiconductor, Inc. [Ver =  1.1.0.41  built by: WinDDK | Size = 70784 bytes | Modified Date = 8/30/2006 2:43:14 AM | Attr =	]
(NAL) Nal Service  [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iqvw32.sys -> Intel Corporation  [Ver = 1.03.0.4 built by: WinDDK | Size = 31072 bytes | Modified Date = 3/9/2007 5:04:42 PM | Attr =	]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 6853088 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr =	]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(PnkBstrK) PnkBstrK [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PnkBstrK.sys ->  [Ver =  | Size = 22328 bytes | Modified Date = 3/3/2008 8:36:05 PM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(SABProcEnum) SABProcEnum [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Internet Explorer\SABProcEnum.sys -> File not found
(Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]
(sfng32) Sonic Focus Plugin for Sigmatel HDA [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sfng32.sys -> Sonic Focus, Inc [Ver = 9, 0, 0, 54 | Size = 41728 bytes | Modified Date = 12/2/2005 4:38:04 AM | Attr =	]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SMBios) Intel (R) System Management BIOS Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SMBios.sys -> Intel Corporation [Ver = 1.0.0.14 | Size = 36484 bytes | Modified Date = 9/17/2003 9:06:00 AM | Attr =	]
(smbusp) Intel(R) SMBus 2.0 Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\intelsmb.sys -> Intel Corporation [Ver = 6.1.0.1001 | Size = 21248 bytes | Modified Date = 10/12/2007 11:59:06 AM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> SigmaTel, Inc. [Ver = 5.10.5143.0  nd491 cp1 | Size = 1171464 bytes | Modified Date = 7/27/2006 1:24:28 AM | Attr =	]
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(tmcomm) tmcomm [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 8/1/2007 10:47:26 PM | Attr =	]
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2/17/2008 12:11:27 AM | Attr =	]
cctray -> %ProgramFiles%\CA\CA Internet Security Suite\cctray\cctray.exe -> CA, Inc. [Ver = Version 4.0.0.172 | Size = 181512 bytes | Modified Date = 1/25/2008 12:40:28 PM | Attr =	]
DiskeeperSystray -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkIcon.exe -> Diskeeper Corporation [Ver = 10.0.608.0 | Size = 319488 bytes | Modified Date = 6/7/2006 12:35:14 PM | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 8491008 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr =	]
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
WgaLogon ->  -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 1 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> 
< HOSTS File > (698 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.foxnews.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.foxnews.com/ -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{1E40AF3F-B98C-48A1-8172-F1F6AB84C877} ->	(1394 Net Adapter) -> 
{43820BA3-3CA9-4114-B8B7-C226418E46C8} ->	(Intel(R) PRO/1000 PL Network Connection) -> 
{7B156565-2C7A-441C-A9D0-0F10FFC03E26} ->	(Intel(R) PRO/1000 GT Desktop Adapter) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
java script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Key does not exist or could not be opened.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Key does not exist or could not be opened.] -> File not found


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\\DisableMonitoring -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\\DisableMonitoring -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 724 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11484 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe -> C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe [C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe:*:Disabled:Apache HTTP Server] -> Apache Software Foundation [Ver = 2.0.58 | Size = 20541 bytes | Modified Date = 4/29/2006 4:47:14 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrA.exe -> C:\WINDOWS\system32\PnkBstrA.exe [C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA] ->  [Ver =  | Size = 66872 bytes | Modified Date = 12/24/2007 12:04:16 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\PnkBstrB.exe -> C:\WINDOWS\system32\PnkBstrB.exe [C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB] ->  [Ver =  | Size = 107832 bytes | Modified Date = 3/3/2008 8:35:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\rundll32.exe -> C:\WINDOWS\system32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Disabled:Run a DLL as an App] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 33280 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Call of Duty\CoDMP.exe -> C:\Program Files\Call of Duty\CoDMP.exe [C:\Program Files\Call of Duty\CoDMP.exe:*:Enabled:CoDMP] ->  [Ver =  | Size = 1830912 bytes | Modified Date = 11/18/2004 8:43:44 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 625664 bytes | Modified Date = 12/6/2007 6:01:25 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpvsetup.exe -> C:\WINDOWS\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 83456 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 2/17/2008 12:11:28 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 1/5/2008 2:19:24 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2/17/2008 12:11:27 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgemc.exe -> C:\Program Files\Grisoft\AVG7\avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 1/5/2008 2:19:25 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe -> C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe [C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) ] ->  [Ver =  | Size = 3325952 bytes | Modified Date = 1/23/2008 3:57:46 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
32b254ada79847b5c4bcdd -> %SystemDrive%\32b254ada79847b5c4bcdd ->  [Folder | Created Date = 2/27/2008 8:41:45 AM | Attr =	]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Created Date = 3/4/2008 12:18:16 AM | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Created Date = 2/20/2008 12:46:58 PM | Attr =	]
HijackThis -> %SystemDrive%\HijackThis ->  [Folder | Created Date = 2/20/2008 1:58:44 PM | Attr =	]
Motorola_CableModem -> %SystemDrive%\Motorola_CableModem ->  [Folder | Created Date = 2/12/2008 2:52:30 PM | Attr =	]
New Folder -> %SystemDrive%\New Folder ->  [Folder | Created Date = 2/20/2008 1:58:28 PM | Attr =	]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Created Date = 2/24/2008 8:38:19 PM | Attr =	]
avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/17/2008 12:11:33 AM | Attr =	]
avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/17/2008 12:11:35 AM | Attr =	]
avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/17/2008 12:11:35 AM | Attr =	]
avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/17/2008 12:11:31 AM | Attr =	]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 2/17/2008 12:11:36 AM | Attr =	]
avgtdi.sys -> %SystemRoot%\System32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 2/17/2008 12:11:36 AM | Attr =	]
intelsmb.sys -> %SystemRoot%\System32\drivers\intelsmb.sys -> Intel Corporation [Ver = 6.1.0.1001 | Size = 21248 bytes | Modified Date = 10/12/2007 11:59:06 AM | Attr =	]
SMBios.sys -> %SystemRoot%\System32\drivers\SMBios.sys -> Intel Corporation [Ver = 1.0.0.14 | Size = 36484 bytes | Modified Date = 9/17/2003 9:06:00 AM | Attr =	]
tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 8/1/2007 10:47:26 PM | Attr =	]
ASPRO -> %SystemRoot%\System32\ASPRO ->  [Folder | Created Date = 2/27/2008 8:41:29 AM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
atasnt40.dll -> %SystemRoot%\System32\atasnt40.dll -> WebEx Communications, Inc [Ver = 2, 2, 33, 3 | Size = 186443 bytes | Modified Date = 2/13/2008 5:59:39 PM | Attr =	]
fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =	]
grep.exe -> %SystemRoot%\System32\grep.exe ->  [Ver =  | Size = 80412 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =	]
java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:28 PM | Attr =	]
javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 69632 bytes | Modified Date = 9/24/2007 11:31:42 PM | Attr =	]
javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 9/24/2007 10:30:30 PM | Attr =	]
javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Modified Date = 9/24/2007 11:31:42 PM | Attr =	]
KeyHelp.ocx -> %SystemRoot%\System32\KeyHelp.ocx -> KeyWorks Software [Ver = 1, 1, 2200,0 | Size = 250544 bytes | Modified Date = 1/11/2008 6:56:12 PM | Attr =	]
OGACheckControl.DLL -> %SystemRoot%\System32\OGACheckControl.DLL ->  [Ver =  | Size = 693792 bytes | Modified Date = 2/4/2008 6:23:10 PM | Attr =	]
pavaspro.ico -> %SystemRoot%\System32\pavaspro.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/12/2008 2:02:29 PM | Attr =	]
sed.exe -> %SystemRoot%\System32\sed.exe ->  [Ver =  | Size = 98816 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =	]
Shortcut to services.msc.lnk -> %SystemRoot%\System32\Shortcut to services.msc.lnk ->  [Ver =  | Size = 590 bytes | Modified Date = 2/6/2008 8:32:47 PM | Attr =	]
swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =	]
swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =	]
swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =	]
URTTemp -> %SystemRoot%\System32\URTTemp ->  [Folder | Created Date = 2/28/2008 5:50:28 PM | Attr =	]
VFind.exe -> %SystemRoot%\System32\VFind.exe ->  [Ver =  | Size = 49152 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =	]
zip.exe -> %SystemRoot%\System32\zip.exe ->  [Ver =  | Size = 68096 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =	]
Drivers -> %SystemRoot%\Drivers ->  [Folder | Created Date = 3/3/2008 4:41:55 PM | Attr =	]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Created Date = 2/20/2008 12:47:17 PM | Attr =	]
ExplorerXP.INI -> %SystemRoot%\ExplorerXP.INI ->  [Ver =  | Size = 26 bytes | Modified Date = 2/22/2008 8:10:58 PM | Attr =	]
Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Modified Date = 8/31/2000 8:00:00 AM | Attr =	]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Created Date = 3/4/2008 12:18:55 AM | Attr =	]
Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 5632 bytes | Modified Date = 2/25/2008 11:11:01 AM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job ->  [Ver =  | Size = 352 bytes | Modified Date = 2/21/2008 5:06:29 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Avg7 -> %AllUsersProfile%\Application Data\Avg7 ->  [Folder | Created Date = 2/17/2008 12:00:39 AM | Attr =	]
CA -> %AllUsersProfile%\Application Data\CA ->  [Folder | Created Date = 2/10/2008 2:23:38 PM | Attr =	]
Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage ->  [Folder | Created Date = 3/2/2008 12:55:17 PM | Attr =	]
AVG7 -> %AppData%\AVG7 ->  [Folder | Created Date = 2/17/2008 12:11:42 AM | Attr =	]
Macromedia -> %AppData%\Macromedia ->  [Folder | Created Date = 3/4/2008 12:25:48 AM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Created Date = 2/28/2008 5:53:52 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 13664 bytes | Modified Date = 2/25/2008 10:44:37 AM | Attr =	]
Help -> %UserProfile%\Local Settings\Application Data\Help ->  [Folder | Created Date = 3/1/2008 1:18:32 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 3594382 bytes | Modified Date = 3/4/2008 12:26:12 AM | Attr =  H ]
a-squared -> %UserProfile%\My Documents\a-squared ->  [Folder | Created Date = 3/2/2008 4:57:33 PM | Attr =	]
cc_20080303_2304.reg -> %UserProfile%\My Documents\cc_20080303_2304.reg ->  [Ver =  | Size = 5100 bytes | Modified Date = 3/3/2008 11:04:14 PM | Attr =	]
CoD4MW-1.4-1.5MP-PatchSetup.exe -> %UserProfile%\My Documents\CoD4MW-1.4-1.5MP-PatchSetup.exe -> Activision												 [Ver = 1.5										   | Size = 11167560 bytes | Modified Date = 2/14/2008 8:33:53 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\CoD4MW-1.4-1.5MP-PatchSetup.exe:Zone.Identifier
d6332605_en.pdf -> %UserProfile%\My Documents\d6332605_en.pdf ->  [Ver =  | Size = 4911980 bytes | Modified Date = 2/24/2008 12:31:24 PM | Attr =	]
AVG 7.5.lnk -> %AllUsersProfile%\Desktop\AVG 7.5.lnk ->  [Ver =  | Size = 1532 bytes | Modified Date = 2/17/2008 12:11:36 AM | Attr =	]
Diskeeper.lnk -> %AllUsersProfile%\Desktop\Diskeeper.lnk ->  [Ver =  | Size = 1733 bytes | Modified Date = 2/6/2008 9:14:26 PM | Attr =	]
a-squared HiJackFree Analysis.mht -> %UserProfile%\Desktop\a-squared HiJackFree Analysis.mht ->  [Ver =  | Size = 123299 bytes | Modified Date = 3/2/2008 6:38:23 PM | Attr =	]
a2AntiMalwareSetup.exe -> %UserProfile%\Desktop\a2AntiMalwareSetup.exe -> Emsi Software GmbH										   [Ver = 3.1				  | Size = 27448192 bytes | Modified Date = 3/2/2008 4:57:13 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\a2AntiMalwareSetup.exe:Zone.Identifier
Admin url -> %UserProfile%\Desktop\Admin url ->  [Folder | Created Date = 2/15/2008 5:06:59 PM | Attr =	]
aspy_en_32.exe -> %UserProfile%\Desktop\aspy_en_32.exe -> CA, Inc.													 [Ver = 10.0														 | Size = 21161784 bytes | Modified Date = 2/10/2008 2:21:06 PM | Attr =	]
avg75f_516a1262.exe -> %UserProfile%\Desktop\avg75f_516a1262.exe ->  [Ver =  | Size = 61748376 bytes | Modified Date = 2/17/2008 12:05:05 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avg75f_516a1262.exe:Zone.Identifier
ccsetup205.exe -> %UserProfile%\Desktop\ccsetup205.exe -> Piriform Ltd [Ver = 2.0.0.0 | Size = 2733520 bytes | Modified Date = 2/22/2008 10:23:00 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ccsetup205.exe:Zone.Identifier
Clansite -> %UserProfile%\Desktop\Clansite ->  [Folder | Created Date = 2/15/2008 5:09:24 PM | Attr =	]
CleanUp452.exe -> %UserProfile%\Desktop\CleanUp452.exe ->  [Ver =  | Size = 339257 bytes | Modified Date = 2/17/2008 1:10:56 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\CleanUp452.exe:Zone.Identifier
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe ->  [Ver =  | Size = 1573245 bytes | Modified Date = 2/24/2008 8:24:42 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier
cwshredder.exe -> %UserProfile%\Desktop\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 2/17/2008 1:46:52 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\cwshredder.exe:Zone.Identifier
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/17/2008 2:10:15 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
hijackthis_sfx.exe -> %UserProfile%\Desktop\hijackthis_sfx.exe ->  [Ver =  | Size = 251392 bytes | Modified Date = 2/16/2008 2:13:41 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\hijackthis_sfx.exe:Zone.Identifier
hijackthis_v2.0.2.zip -> %UserProfile%\Desktop\hijackthis_v2.0.2.zip ->  [Ver =  | Size = 499568 bytes | Modified Date = 2/20/2008 1:57:33 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\hijackthis_v2.0.2.zip:Zone.Identifier
HostsXpert.zip -> %UserProfile%\Desktop\HostsXpert.zip ->  [Ver =  | Size = 353386 bytes | Modified Date = 2/28/2008 8:25:31 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HostsXpert.zip:Zone.Identifier
IDCC_2.2.0005.exe -> %UserProfile%\Desktop\IDCC_2.2.0005.exe -> Intel(R) Corporation [Ver = 2.2.0005 | Size = 15113154 bytes | Modified Date = 3/3/2008 4:41:31 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\IDCC_2.2.0005.exe:Zone.Identifier
KillBitGui-Feb08.exe -> %UserProfile%\Desktop\KillBitGui-Feb08.exe ->  [Ver =  | Size = 4096 bytes | Modified Date = 2/27/2008 12:27:49 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\KillBitGui-Feb08.exe:Zone.Identifier
LAN_allOS_12.1_PV_Intel_141678 -> %UserProfile%\Desktop\LAN_allOS_12.1_PV_Intel_141678 ->  [Folder | Created Date = 2/18/2008 8:36:06 PM | Attr =	]
ntregopt-setup.exe -> %UserProfile%\Desktop\ntregopt-setup.exe -> Lars Hederer												 [Ver =					  | Size = 483809 bytes | Modified Date = 2/16/2008 1:43:27 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ntregopt-setup.exe:Zone.Identifier
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk ->  [Ver =  | Size = 695 bytes | Modified Date = 2/16/2008 1:50:25 PM | Attr =	]
oji.pdf -> %UserProfile%\Desktop\oji.pdf ->  [Ver =  | Size = 16561 bytes | Modified Date = 3/3/2008 11:40:49 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\oji.pdf:Zone.Identifier
pbsvc.exe -> %UserProfile%\Desktop\pbsvc.exe ->  [Ver =  | Size = 674600 bytes | Modified Date = 3/1/2008 12:30:52 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\pbsvc.exe:Zone.Identifier
PSHLD100.ZIP -> %UserProfile%\Desktop\PSHLD100.ZIP ->  [Ver =  | Size = 350279 bytes | Modified Date = 2/17/2008 2:02:50 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\PSHLD100.ZIP:Zone.Identifier
Shortcut to Cleanup.exe.lnk -> %UserProfile%\Desktop\Shortcut to Cleanup.exe.lnk ->  [Ver =  | Size = 615 bytes | Modified Date = 2/27/2008 7:37:24 PM | Attr =	]
Shortcut to services.msc.lnk -> %UserProfile%\Desktop\Shortcut to services.msc.lnk ->  [Ver =  | Size = 590 bytes | Modified Date = 2/6/2008 8:32:52 PM | Attr =	]
Tcpview.exe -> %UserProfile%\Desktop\Tcpview.exe -> Sysinternals - www.sysinternals.com [Ver = 2.53 | Size = 148520 bytes | Modified Date = 1/9/2008 3:38:00 PM | Attr =	]
TWC Ohio RDC Bandwidth Speed Test.url -> %UserProfile%\Desktop\TWC Ohio RDC Bandwidth Speed Test.url ->  [Ver =  | Size = 121 bytes | Modified Date = 3/4/2008 12:14:53 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 3/4/2008 1:25:55 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 482000 bytes | Modified Date = 3/4/2008 1:25:26 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
Java -> %CommonProgramFiles%\Java ->  [Folder | Created Date = 2/18/2008 1:01:26 PM | Attr =	]
Scanner -> %CommonProgramFiles%\Scanner ->  [Folder | Created Date = 2/10/2008 2:23:42 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
32b254ada79847b5c4bcdd -> %SystemDrive%\32b254ada79847b5c4bcdd ->  [Folder | Modified Date = 2/27/2008 8:41:48 AM | Attr =	]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 222 bytes | Modified Date = 3/1/2008 6:04:45 PM | Attr =  HS]
ComboFix -> %SystemDrive%\ComboFix ->  [Folder | Modified Date = 3/4/2008 12:18:57 AM | Attr =	]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Modified Date = 3/1/2008 1:00:23 PM | Attr =	]
Deckard -> %SystemDrive%\Deckard ->  [Folder | Modified Date = 2/20/2008 12:46:58 PM | Attr =	]
HijackThis -> %SystemDrive%\HijackThis ->  [Folder | Modified Date = 2/24/2008 9:03:18 PM | Attr =	]
index.ini -> %SystemDrive%\index.ini ->  [Ver =  | Size = 96 bytes | Modified Date = 3/3/2008 5:54:36 PM | Attr =	]
Motorola_CableModem -> %SystemDrive%\Motorola_CableModem ->  [Folder | Modified Date = 2/12/2008 2:52:30 PM | Attr =	]
New Folder -> %SystemDrive%\New Folder ->  [Folder | Modified Date = 2/20/2008 1:58:28 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/2/2008 4:57:33 PM | Attr = R  ]
QooBox -> %SystemDrive%\QooBox ->  [Folder | Modified Date = 3/4/2008 12:18:38 AM | Attr =	]
SMCLpav -> %SystemDrive%\SMCLpav ->  [Folder | Modified Date = 3/4/2008 11:19:27 AM | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 3/3/2008 11:57:54 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/4/2008 1:24:43 PM | Attr =	]
avg7core.sys -> %SystemRoot%\System32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 2/17/2008 12:11:33 AM | Attr =	]
avg7rsw.sys -> %SystemRoot%\System32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 2/17/2008 12:11:35 AM | Attr =	]
avg7rsxp.sys -> %SystemRoot%\System32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 2/17/2008 12:11:35 AM | Attr =	]
avgclean.sys -> %SystemRoot%\System32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 2/17/2008 12:11:31 AM | Attr =	]
avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 26952 bytes | Modified Date = 2/17/2008 12:11:36 AM | Attr =	]
avgtdi.sys -> %SystemRoot%\System32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 2/17/2008 12:11:36 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/24/2008 8:40:45 PM | Attr =	]
hosts -> %SystemRoot%\System32\drivers\etc\hosts ->  [Ver =  | Size = 698 bytes | Modified Date = 2/28/2008 8:29:25 PM | Attr = R  ]
PnkBstrK.sys -> %SystemRoot%\System32\drivers\PnkBstrK.sys ->  [Ver =  | Size = 22328 bytes | Modified Date = 3/3/2008 8:36:05 PM | Attr =	]
.ico -> %SystemRoot%\System32\.ico ->  [Ver =  | Size = 3377 bytes | Modified Date = 2/12/2008 2:02:30 PM | Attr =	]
ASPRO -> %SystemRoot%\System32\ASPRO ->  [Folder | Modified Date = 2/27/2008 8:41:31 AM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
atasnt40.dll -> %SystemRoot%\System32\atasnt40.dll -> WebEx Communications, Inc [Ver = 2, 2, 33, 3 | Size = 186443 bytes | Modified Date = 2/13/2008 5:59:39 PM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/27/2008 11:32:28 AM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/3/2008 11:57:36 PM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 3/3/2008 7:38:03 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 3/3/2008 11:57:46 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/4/2008 12:18:22 AM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 95072 bytes | Modified Date = 2/24/2008 9:54:57 PM | Attr =	]
Helppro.ico -> %SystemRoot%\System32\Helppro.ico ->  [Ver =  | Size = 1406 bytes | Modified Date = 2/12/2008 2:02:29 PM | Attr =	]
LogFiles -> %SystemRoot%\System32\LogFiles ->  [Folder | Modified Date = 3/4/2008 12:13:59 PM | Attr =	]
Macromed -> %SystemRoot%\System32\Macromed ->  [Folder | Modified Date = 2/24/2008 4:15:33 PM | Attr =	]
NtmsData -> %SystemRoot%\System32\NtmsData ->  [Folder | Modified Date = 2/18/2008 1:45:27 PM | Attr =	]
OGACheckControl.DLL -> %SystemRoot%\System32\OGACheckControl.DLL ->  [Ver =  | Size = 693792 bytes | Modified Date = 2/4/2008 6:23:10 PM | Attr =	]
pavaspro.ico -> %SystemRoot%\System32\pavaspro.ico ->  [Ver =  | Size = 30590 bytes | Modified Date = 2/12/2008 2:02:29 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 67248 bytes | Modified Date = 2/29/2008 12:12:53 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 413394 bytes | Modified Date = 2/29/2008 12:12:53 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 467846 bytes | Modified Date = 2/29/2008 12:12:53 PM | Attr =	]
PnkBstrB.exe -> %SystemRoot%\System32\PnkBstrB.exe ->  [Ver =  | Size = 107832 bytes | Modified Date = 3/3/2008 8:35:58 PM | Attr =	]
ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups ->  [Folder | Modified Date = 2/18/2008 8:38:20 PM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 3/3/2008 11:57:54 PM | Attr =	]
Shortcut to services.msc.lnk -> %SystemRoot%\System32\Shortcut to services.msc.lnk ->  [Ver =  | Size = 590 bytes | Modified Date = 2/6/2008 8:32:47 PM | Attr =	]
Uninstallpro.ico -> %SystemRoot%\System32\Uninstallpro.ico ->  [Ver =  | Size = 2550 bytes | Modified Date = 2/12/2008 2:02:29 PM | Attr =	]
URTTemp -> %SystemRoot%\System32\URTTemp ->  [Folder | Modified Date = 2/28/2008 5:51:00 PM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 2/27/2008 8:41:59 AM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13728 bytes | Modified Date = 3/3/2008 12:18:36 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/28/2008 4:17:47 PM | Attr =  H ]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 2/12/2008 2:33:50 PM | Attr =	]
assembly -> %SystemRoot%\assembly ->  [Folder | Modified Date = 2/29/2008 1:01:58 PM | Attr = R S]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/4/2008 11:19:34 AM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 2/28/2008 5:12:06 PM | Attr =	]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/4/2008 12:13:40 AM | Attr =   S]
Drivers -> %SystemRoot%\Drivers ->  [Folder | Modified Date = 3/3/2008 4:41:55 PM | Attr =	]
ERDNT -> %SystemRoot%\ERDNT ->  [Folder | Modified Date = 2/24/2008 8:39:15 PM | Attr =	]
ExplorerXP.INI -> %SystemRoot%\ExplorerXP.INI ->  [Ver =  | Size = 26 bytes | Modified Date = 2/22/2008 8:10:58 PM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2/27/2008 8:48:41 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 3/3/2008 4:41:56 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 3/1/2008 1:00:24 PM | Attr =  HS]
Microsoft.NET -> %SystemRoot%\Microsoft.NET ->  [Folder | Modified Date = 2/29/2008 1:01:58 PM | Attr =	]
pav.sig -> %SystemRoot%\pav.sig ->  [Ver =  | Size = 80885643 bytes | Modified Date = 2/12/2008 2:16:47 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 2/29/2008 4:54:46 PM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 2/28/2008 5:54:20 PM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/5/2008 3:18:11 AM | Attr =	]
Sun -> %SystemRoot%\Sun ->  [Folder | Modified Date = 2/18/2008 1:02:29 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 2/17/2008 12:09:43 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 3/4/2008 12:18:41 AM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/4/2008 11:19:27 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 2/24/2008 9:25:11 PM | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 3/4/2008 12:18:39 PM | Attr =	]
Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 5632 bytes | Modified Date = 2/25/2008 11:11:01 AM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 620 bytes | Modified Date = 3/1/2008 6:04:45 PM | Attr =	]
WinSxS -> %SystemRoot%\WinSxS ->  [Folder | Modified Date = 2/29/2008 12:12:46 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/4/2008 1:24:43 PM | Attr =  H ]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job ->  [Ver =  | Size = 352 bytes | Modified Date = 2/21/2008 5:06:29 PM | Attr =	]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 5965 bytes | Modified Date = 1/5/2008 1:43:04 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5462 bytes | Modified Date = 2/29/2008 12:35:46 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 2/29/2008 12:35:46 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
Avg7 -> %AllUsersProfile%\Application Data\Avg7 ->  [Folder | Modified Date = 2/17/2008 5:06:10 PM | Attr =	]
CA -> %AllUsersProfile%\Application Data\CA ->  [Folder | Modified Date = 2/10/2008 2:27:20 PM | Attr =	]
Grisoft -> %AllUsersProfile%\Application Data\Grisoft ->  [Folder | Modified Date = 2/17/2008 12:11:26 AM | Attr =	]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Modified Date = 2/22/2008 11:03:05 AM | Attr =   S]
Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage ->  [Folder | Modified Date = 3/2/2008 12:55:17 PM | Attr =	]
AVG7 -> %AppData%\AVG7 ->  [Folder | Modified Date = 3/4/2008 12:49:18 PM | Attr =	]
Identities -> %AppData%\Identities ->  [Folder | Modified Date = 2/27/2008 8:41:28 AM | Attr =	]
Macromedia -> %AppData%\Macromedia ->  [Folder | Modified Date = 3/4/2008 12:25:48 AM | Attr =	]
Microsoft -> %AppData%\Microsoft ->  [Folder | Modified Date = 2/29/2008 12:03:32 PM | Attr =   S]
Sun -> %AppData%\Sun ->  [Folder | Modified Date = 2/18/2008 1:02:29 PM | Attr =	]
Adobe -> %UserProfile%\Local Settings\Application Data\Adobe ->  [Folder | Modified Date = 2/22/2008 8:12:01 PM | Attr =	]
ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory ->  [Folder | Modified Date = 2/28/2008 5:54:47 PM | Attr =	]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 13664 bytes | Modified Date = 2/25/2008 10:44:37 AM | Attr =	]
Help -> %UserProfile%\Local Settings\Application Data\Help ->  [Folder | Modified Date = 3/1/2008 1:18:32 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 3594382 bytes | Modified Date = 3/4/2008 12:26:12 AM | Attr =  H ]
Identities -> %UserProfile%\Local Settings\Application Data\Identities ->  [Folder | Modified Date = 2/26/2008 7:03:11 PM | Attr =	]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 3/3/2008 10:12:36 PM | Attr =	]
a-squared -> %UserProfile%\My Documents\a-squared ->  [Folder | Modified Date = 3/2/2008 4:57:33 PM | Attr =	]
cc_20080303_2304.reg -> %UserProfile%\My Documents\cc_20080303_2304.reg ->  [Ver =  | Size = 5100 bytes | Modified Date = 3/3/2008 11:04:14 PM | Attr =	]
CoD4MW-1.4-1.5MP-PatchSetup.exe -> %UserProfile%\My Documents\CoD4MW-1.4-1.5MP-PatchSetup.exe -> Activision												 [Ver = 1.5										   | Size = 11167560 bytes | Modified Date = 2/14/2008 8:33:53 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\CoD4MW-1.4-1.5MP-PatchSetup.exe:Zone.Identifier
d6332605_en.pdf -> %UserProfile%\My Documents\d6332605_en.pdf ->  [Ver =  | Size = 4911980 bytes | Modified Date = 2/24/2008 12:31:24 PM | Attr =	]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 2/27/2008 9:22:28 AM | Attr = R  ]
My Received Files -> %UserProfile%\My Documents\My Received Files ->  [Folder | Modified Date = 2/16/2008 1:20:05 PM | Attr =	]
AVG 7.5.lnk -> %AllUsersProfile%\Desktop\AVG 7.5.lnk ->  [Ver =  | Size = 1532 bytes | Modified Date = 2/17/2008 12:11:36 AM | Attr =	]
Diskeeper.lnk -> %AllUsersProfile%\Desktop\Diskeeper.lnk ->  [Ver =  | Size = 1733 bytes | Modified Date = 2/6/2008 9:14:26 PM | Attr =	]
192.168.100.1.url -> %UserProfile%\Desktop\192.168.100.1.url ->  [Ver =  | Size = 181 bytes | Modified Date = 3/3/2008 11:58:26 PM | Attr =	]
a-squared HiJackFree Analysis.mht -> %UserProfile%\Desktop\a-squared HiJackFree Analysis.mht ->  [Ver =  | Size = 123299 bytes | Modified Date = 3/2/2008 6:38:23 PM | Attr =	]
a2AntiMalwareSetup.exe -> %UserProfile%\Desktop\a2AntiMalwareSetup.exe -> Emsi Software GmbH										   [Ver = 3.1				  | Size = 27448192 bytes | Modified Date = 3/2/2008 4:57:13 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\a2AntiMalwareSetup.exe:Zone.Identifier
Admin url -> %UserProfile%\Desktop\Admin url ->  [Folder | Modified Date = 2/15/2008 5:08:42 PM | Attr =	]
aspy_en_32.exe -> %UserProfile%\Desktop\aspy_en_32.exe -> CA, Inc.													 [Ver = 10.0														 | Size = 21161784 bytes | Modified Date = 2/10/2008 2:21:06 PM | Attr =	]
avg75f_516a1262.exe -> %UserProfile%\Desktop\avg75f_516a1262.exe ->  [Ver =  | Size = 61748376 bytes | Modified Date = 2/17/2008 12:05:05 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avg75f_516a1262.exe:Zone.Identifier
Call of Duty Multiplayer.lnk -> %UserProfile%\Desktop\Call of Duty Multiplayer.lnk ->  [Ver =  | Size = 827 bytes | Modified Date = 2/21/2008 7:48:13 PM | Attr =	]
CCleaner.lnk -> %UserProfile%\Desktop\CCleaner.lnk ->  [Ver =  | Size = 1548 bytes | Modified Date = 2/22/2008 10:29:51 AM | Attr =	]
ccsetup205.exe -> %UserProfile%\Desktop\ccsetup205.exe -> Piriform Ltd [Ver = 2.0.0.0 | Size = 2733520 bytes | Modified Date = 2/22/2008 10:23:00 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ccsetup205.exe:Zone.Identifier
Clansite -> %UserProfile%\Desktop\Clansite ->  [Folder | Modified Date = 2/15/2008 5:09:47 PM | Attr =	]
CleanUp452.exe -> %UserProfile%\Desktop\CleanUp452.exe ->  [Ver =  | Size = 339257 bytes | Modified Date = 2/17/2008 1:10:56 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\CleanUp452.exe:Zone.Identifier
ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe ->  [Ver =  | Size = 1573245 bytes | Modified Date = 2/24/2008 8:24:42 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier
cwshredder.exe -> %UserProfile%\Desktop\cwshredder.exe -> Trend Micro Incorporated [Ver = 2.19-1099 | Size = 532480 bytes | Modified Date = 2/17/2008 1:46:52 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\cwshredder.exe:Zone.Identifier
dss.exe -> %UserProfile%\Desktop\dss.exe ->  [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/17/2008 2:10:15 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier
hijackthis_sfx.exe -> %UserProfile%\Desktop\hijackthis_sfx.exe ->  [Ver =  | Size = 251392 bytes | Modified Date = 2/16/2008 2:13:41 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\hijackthis_sfx.exe:Zone.Identifier
hijackthis_v2.0.2.zip -> %UserProfile%\Desktop\hijackthis_v2.0.2.zip ->  [Ver =  | Size = 499568 bytes | Modified Date = 2/20/2008 1:57:33 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\hijackthis_v2.0.2.zip:Zone.Identifier
HostsXpert.zip -> %UserProfile%\Desktop\HostsXpert.zip ->  [Ver =  | Size = 353386 bytes | Modified Date = 2/28/2008 8:25:31 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HostsXpert.zip:Zone.Identifier
IDCC_2.2.0005.exe -> %UserProfile%\Desktop\IDCC_2.2.0005.exe -> Intel(R) Corporation [Ver = 2.2.0005 | Size = 15113154 bytes | Modified Date = 3/3/2008 4:41:31 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\IDCC_2.2.0005.exe:Zone.Identifier
KillBitGui-Feb08.exe -> %UserProfile%\Desktop\KillBitGui-Feb08.exe ->  [Ver =  | Size = 4096 bytes | Modified Date = 2/27/2008 12:27:49 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\KillBitGui-Feb08.exe:Zone.Identifier
LAN_allOS_12.1_PV_Intel_141678 -> %UserProfile%\Desktop\LAN_allOS_12.1_PV_Intel_141678 ->  [Folder | Modified Date = 2/18/2008 8:36:33 PM | Attr =	]
Logs -> %UserProfile%\Desktop\Logs ->  [Folder | Modified Date = 3/4/2008 1:15:58 PM | Attr =	]
my mods -> %UserProfile%\Desktop\my mods ->  [Folder | Modified Date = 3/1/2008 6:10:04 PM | Attr =	]
ntregopt-setup.exe -> %UserProfile%\Desktop\ntregopt-setup.exe -> Lars Hederer												 [Ver =					  | Size = 483809 bytes | Modified Date = 2/16/2008 1:43:27 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ntregopt-setup.exe:Zone.Identifier
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk ->  [Ver =  | Size = 695 bytes | Modified Date = 2/16/2008 1:50:25 PM | Attr =	]
Ohio Unemployment Compensation Online.url -> %UserProfile%\Desktop\Ohio Unemployment Compensation Online.url ->  [Ver =  | Size = 200 bytes | Modified Date = 3/2/2008 12:59:17 PM | Attr =	]
oji.pdf -> %UserProfile%\Desktop\oji.pdf ->  [Ver =  | Size = 16561 bytes | Modified Date = 3/3/2008 11:40:49 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\oji.pdf:Zone.Identifier
pbsvc.exe -> %UserProfile%\Desktop\pbsvc.exe ->  [Ver =  | Size = 674600 bytes | Modified Date = 3/1/2008 12:30:52 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\pbsvc.exe:Zone.Identifier
PSHLD100.ZIP -> %UserProfile%\Desktop\PSHLD100.ZIP ->  [Ver =  | Size = 350279 bytes | Modified Date = 2/17/2008 2:02:50 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\PSHLD100.ZIP:Zone.Identifier
setup.exe -> %UserProfile%\Desktop\setup.exe -> Diskeeper Corporation									  [Ver = 10.0.608									   | Size = 21671064 bytes | Modified Date = 2/6/2008 9:13:53 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\setup.exe:Zone.Identifier
Shortcut to Cleanup.exe.lnk -> %UserProfile%\Desktop\Shortcut to Cleanup.exe.lnk ->  [Ver =  | Size = 615 bytes | Modified Date = 2/27/2008 7:37:24 PM | Attr =	]
Shortcut to services.msc.lnk -> %UserProfile%\Desktop\Shortcut to services.msc.lnk ->  [Ver =  | Size = 590 bytes | Modified Date = 2/6/2008 8:32:52 PM | Attr =	]
stuff -> %UserProfile%\Desktop\stuff ->  [Folder | Modified Date = 2/14/2008 10:24:22 PM | Attr =	]
TWC Ohio RDC Bandwidth Speed Test.url -> %UserProfile%\Desktop\TWC Ohio RDC Bandwidth Speed Test.url ->  [Ver =  | Size = 121 bytes | Modified Date = 3/4/2008 12:14:53 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 3/4/2008 1:25:55 PM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 482000 bytes | Modified Date = 3/4/2008 1:25:26 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\WinPFind35u.exe:Zone.Identifier
InstallShield -> %CommonProgramFiles%\InstallShield ->  [Folder | Modified Date = 3/3/2008 7:18:19 PM | Attr =	]
Java -> %CommonProgramFiles%\Java ->  [Folder | Modified Date = 2/18/2008 1:01:26 PM | Attr =	]
Scanner -> %CommonProgramFiles%\Scanner ->  [Folder | Modified Date = 2/10/2008 2:23:43 PM | Attr =	]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/13/2008 4:57:52 PM | Attr =	]

< End of report >

BC AdBot (Login to Remove)

 

#2 Da.One

Da.One

  • Avatar image
  • Banned
  • Member rank image
  • 41 posts
  • OFFLINE
    •  
  • Gender:Male
  • Local time:11:12 PM

Posted 04 March 2008 - 06:47 PM

When posting logs, please use normal text. A code box spaces the text out so far that it does not fit on a standard screen. Though, this is not your fault at all, this log is very, very long and messy. (Did this thing just list all the windows system data streams?!)

Are there any symptoms of an infection on your computer? Could you please tell us where the malware file was found? Any further information would be helpful.

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Avatar image
  • Moderator
  • 41,081 posts
  • OFFLINE
    •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:12 PM

Posted 05 March 2008 - 01:21 AM

Hello PTerzo and welcome to BC :thumbsup:

WinPFind35 logs, or variations thereof, should not to be posted outside the HijackThis forums. Due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by WinPFind35 without supervision from someone who has been properly trained. Doing so may lead to problems with the normal functionality of your computer. At BC, experienced malware removal experts request and analyze these logs ONLY in the HiJack This forums.

Instead, please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is “going wrong” with your computer. Note any tools you have used and their respective results. Also, please tell us what your operating system is: Windows XP, Vista etc.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff

Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.



Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

Back to Am I infected? What do I do?


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Am I infected? What do I do?
  4. Privacy Policy
  5. Rules ·