WinPFind35 logfile created on: 1/5/2008 9:32:51 PM WinPFind35U Version Beta20 Folder = C:\WinPfind35U\WinPFind35u Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) 1014.37 Mb Total Physical Memory | 392.18 Mb Available Physical Memory | 38.66% Memory free 2.38 Gb Paging File | 1.78 Gb Available in Paging File | 74.53% Paging File free Paging file location(s): c:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 51.17 Gb Total Space | 13.53 Gb Free Space | 26.45% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Computer Name: D8730MB1 Current User Name: El_Padrino Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.21 | Size = 434176 bytes | Modified Date = 10/18/2006 5:05:18 PM | Attr = ] s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.1.3 | Size = 946176 bytes | Modified Date = 10/18/2006 4:56:52 PM | Attr = ] wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10.5.1.5 | Size = 290816 bytes | Modified Date = 10/18/2006 5:01:34 PM | Attr = ] aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 12:07:32 PM | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.2609 | Size = 266295 bytes | Modified Date = 5/24/2006 5:21:28 PM | Attr = ] creativelicensing.exe -> %CommonProgramFiles%\Creative Labs Shared\Service\CreativeLicensing.exe -> Creative Labs [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 9/24/2006 12:14:05 PM | Attr = ] frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.546 | Size = 104000 bytes | Modified Date = 7/12/2007 3:43:12 PM | Attr = ] mcshield.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 144960 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr = ] vstskmgr.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 54872 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr = ] naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.6.0.546 | Size = 136768 bytes | Modified Date = 7/12/2007 3:43:14 PM | Attr = ] nicconfigsvc.exe -> %ProgramFiles%\Dell\QuickSet\NicConfigSvc.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 4/6/2006 2:57:54 PM | Attr = ] regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.5 | Size = 327680 bytes | Modified Date = 10/18/2006 4:49:52 PM | Attr = ] sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 9:23:56 AM | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 11:48:02 AM | Attr = ] pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Modified Date = 4/11/2004 8:15:14 PM | Attr = ] dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 94208 bytes | Modified Date = 10/5/2005 3:12:00 AM | Attr = ] quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 8, 0 | Size = 1032192 bytes | Modified Date = 4/6/2006 2:58:52 PM | Attr = ] ctsvolfe.exe -> %ProgramFiles%\Creative\Mixer\CTSVolFE.exe -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 57344 bytes | Modified Date = 2/23/2005 3:57:24 PM | Attr = ] issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ] dlactrlw.exe -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr = ] googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.706.29690 | Size = 1836544 bytes | Modified Date = 8/20/2007 7:18:57 PM | Attr = ] hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 12/13/2005 2:41:08 AM | Attr = ] igfxpers.exe -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 12/13/2005 2:45:00 AM | Attr = ] igfxsrvc.exe -> %System32%\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 159744 bytes | Modified Date = 12/13/2005 2:41:00 AM | Attr = ] stsystra.exe -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 3/24/2006 4:30:44 PM | Attr = ] udaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.546 | Size = 136768 bytes | Modified Date = 7/12/2007 3:43:14 PM | Attr = ] googledesktop.exe -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.706.29690 | Size = 1836544 bytes | Modified Date = 8/20/2007 7:18:57 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:35 AM | Attr = ] mctray.exe -> %ProgramFiles%\Network Associates\Common Framework\Mctray.exe -> McAfee, Inc. [Ver = 1.0.0.125 | Size = 86016 bytes | Modified Date = 7/12/2007 3:43:12 PM | Attr = ] gnotify.exe -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 4:48:33 PM | Attr = ] acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.1.0.2007051000 | Size = 624248 bytes | Modified Date = 5/10/2007 9:46:20 PM | Attr = ] apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 3/9/2007 10:09:58 AM | Attr = ] zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 802816 bytes | Modified Date = 10/18/2006 5:04:28 PM | Attr = ] ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.1.18 | Size = 696320 bytes | Modified Date = 10/18/2006 4:58:16 PM | Attr = ] shstat.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 112216 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr = ] avgas.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] netwaiting.exe -> %ProgramFiles%\NetWaiting\netwaiting.exe -> [Ver = | Size = 20480 bytes | Modified Date = 9/10/2003 2:24:00 AM | Attr = ] dot1xcfg.exe -> %ProgramFiles%\Intel\Wireless\Bin\Dot1XCfg.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 479232 bytes | Modified Date = 10/18/2006 4:53:24 PM | Attr = ] ctsyncu.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe -> [Ver = 6.1.9.0 | Size = 700416 bytes | Modified Date = 9/4/2006 5:18:32 PM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 8/22/2007 9:11:49 PM | Attr = ] dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr = ] aim6.exe -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 11/7/2006 10:29:02 AM | Attr = ] sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 9:23:56 AM | Attr = ] aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> America Online, Inc. [Ver = 1.5.6.1 | Size = 50736 bytes | Modified Date = 9/25/2006 7:52:48 PM | Attr = ] bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.0.1.2609 | Size = 622653 bytes | Modified Date = 5/24/2006 5:28:28 PM | Attr = ] dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 2:06:00 AM | Attr = ] yahoowidgetengine.exe -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.1 | Size = 2958896 bytes | Modified Date = 3/22/2007 5:46:00 PM | Attr = ] yahoowidgetengine.exe -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.1 | Size = 2958896 bytes | Modified Date = 3/22/2007 5:46:00 PM | Attr = ] fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 12/15/2006 5:36:19 PM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 12/6/2007 10:37:54 AM | Attr = ] winpfind35u.exe -> %SystemDrive%\WinPfind35U\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.0.0 | Size = 294912 bytes | Modified Date = 1/4/2008 2:00:54 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 12:07:32 PM | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 5/30/2007 7:31:10 AM | Attr = ] (btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> Broadcom Corporation. [Ver = 5.0.1.2609 | Size = 266295 bytes | Modified Date = 5/24/2006 5:21:28 PM | Attr = ] (Creative Labs Licensing Service) Creative Labs Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Creative Labs Shared\Service\CreativeLicensing.exe -> Creative Labs [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 9/24/2006 12:14:05 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ] (DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ] (EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 10.5.1.21 | Size = 434176 bytes | Modified Date = 10/18/2006 5:05:18 PM | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 12/15/2006 5:36:19 PM | Attr = ] (GoogleDesktopManager) GoogleDesktopManager [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.706.29690 | Size = 1836544 bytes | Modified Date = 8/20/2007 7:18:57 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/8/2007 1:19:22 PM | Attr = ] (McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.546 | Size = 104000 bytes | Modified Date = 7/12/2007 3:43:12 PM | Attr = ] (McShield) McAfee McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 144960 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr = ] (McTaskManager) McAfee Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 54872 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr = ] (NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\QuickSet\NicConfigSvc.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 4/6/2006 2:57:54 PM | Attr = ] (RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 10.5.1.5 | Size = 327680 bytes | Modified Date = 10/18/2006 4:49:52 PM | Attr = ] (S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 10.5.1.3 | Size = 946176 bytes | Modified Date = 10/18/2006 4:56:52 PM | Attr = ] (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 9:23:56 AM | Attr = ] (WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel(R) Corporation [Ver = 10.5.1.5 | Size = 290816 bytes | Modified Date = 10/18/2006 5:01:34 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> -> File not found !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 6/11/2007 4:25:42 AM | Attr = ] {0228e555-4f9c-4e35-a3ec-b109a192b4c2} -> %ProgramFiles%\Google\Gmail Notifier\gnotify.exe -> Google Inc. [Ver = 1.0.25.0 | Size = 479232 bytes | Modified Date = 7/15/2005 4:48:33 PM | Attr = ] Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.1.0.2007051000 | Size = 624248 bytes | Modified Date = 5/10/2007 9:46:20 PM | Attr = ] Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 3/9/2007 10:09:58 AM | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 7:51:55 PM | Attr = ] Babylon Client -> %ProgramFiles%\Babylon\Babylon-Pro\Babylon.exe -> Babylon Ltd. [Ver = 7.0.0.13 | Size = 2997984 bytes | Modified Date = 10/10/2007 3:06:36 PM | Attr = ] CTSVolFE.exe -> %ProgramFiles%\Creative\Mixer\CTSVolFE.exe -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 57344 bytes | Modified Date = 2/23/2005 3:57:24 PM | Attr = ] Dell QuickSet -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 8, 0 | Size = 1032192 bytes | Modified Date = 4/6/2006 2:58:52 PM | Attr = ] DLA -> %System32%\DLA\DLACTRLW.EXE -> Sonic Solutions [Ver = 5.20.08a | Size = 122940 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr = ] DMXLauncher -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [Ver = | Size = 94208 bytes | Modified Date = 10/5/2005 3:12:00 AM | Attr = ] dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe -> [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 11/15/2007 9:24:00 AM | Attr = ] Google Desktop Search -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktop.exe -> Google [Ver = 5.1.706.29690 | Size = 1836544 bytes | Modified Date = 8/20/2007 7:18:57 PM | Attr = ] igfxhkcmd -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 77824 bytes | Modified Date = 12/13/2005 2:41:08 AM | Attr = ] igfxpers -> %System32%\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 118784 bytes | Modified Date = 12/13/2005 2:45:00 AM | Attr = ] igfxtray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3.0.0.4446 | Size = 98304 bytes | Modified Date = 12/13/2005 2:44:18 AM | Attr = ] IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 10.5.1.18 | Size = 696320 bytes | Modified Date = 10/18/2006 4:58:16 PM | Attr = ] IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> Intel Corporation [Ver = 10.5.1.9 | Size = 802816 bytes | Modified Date = 10/18/2006 5:04:28 PM | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 249856 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 50, 100, 33433 | Size = 81920 bytes | Modified Date = 6/10/2005 10:44:02 AM | Attr = ] McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.546 | Size = 136768 bytes | Modified Date = 7/12/2007 3:43:14 PM | Attr = ] MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.3 | Size = 1117184 bytes | Modified Date = 7/12/2005 7:05:30 PM | Attr = ] PCMService -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Modified Date = 4/11/2004 8:15:14 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 2:57:48 PM | Attr = ] ShStatEXE -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 112216 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr = ] SigmatelSysTrayApp -> %SystemRoot%\stsystra.exe -> SigmaTel, Inc. [Ver = 1.0.4995.1 nd446 cp1 | Size = 282624 bytes | Modified Date = 3/24/2006 4:30:44 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:35 AM | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 11:48:02 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 11/7/2006 10:29:02 AM | Attr = ] CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe -> [Ver = 6.1.9.0 | Size = 700416 bytes | Modified Date = 9/4/2006 5:18:32 PM | Attr = ] DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr = ] DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 11/15/2007 9:23:56 AM | Attr = ] ModemOnHold -> %ProgramFiles%\NetWaiting\netwaiting.exe -> [Ver = | Size = 20480 bytes | Modified Date = 9/10/2003 2:24:00 AM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 8/22/2007 9:11:49 PM | Attr = ] *MultiFile Done* -> -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersStartup%\Bluetooth.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> Broadcom Corporation. [Ver = 5.0.1.2609 | Size = 622653 bytes | Modified Date = 5/24/2006 5:28:28 PM | Attr = ] -> %AllUsersStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/22/2006 9:50:12 AM | Attr = HS] %AllUsersStartup%\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 10/29/2003 2:06:00 AM | Attr = ] < El_Padrino Startup Folder > -> C:\Documents and Settings\El_Padrino\Start Menu\Programs\Startup -> -> %UserStartup%\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 8/10/2004 1:04:12 PM | Attr = HS] %UserStartup%\Yahoo! Widget Engine.lnk -> %ProgramFiles%\Yahoo!\Widgets\YahooWidgetEngine.exe -> Yahoo! Inc. [Ver = 4.0.1 | Size = 2958896 bytes | Modified Date = 3/22/2007 5:46:00 PM | Attr = ] < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL -> %ProgramFiles%\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> Google [Ver = 5.1.706.29690 | Size = 145408 bytes | Modified Date = 8/20/2007 7:18:59 PM | Attr = ] *MultiFile Done* -> -> < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {D60944C3-D2E7-4AC0-B91E-20E07695C9BD} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\ampkfst.dll [ampkfst] -> [Ver = 1, 0, 0, 1 | Size = 278528 bytes | Modified Date = 1/3/2008 6:53:16 AM | Attr = ] {FD727704-21A6-4FCB-BF48-A26584FFC149} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bklgvsf.dll [bklgvsf] -> [Ver = | Size = 282624 bytes | Modified Date = 1/3/2008 6:53:22 AM | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 5/30/2007 7:29:58 AM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *MultiFile Done* -> -> *MultiFile Done* -> -> *MultiFile Done* -> -> *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %System32%\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4446 | Size = 139264 bytes | Modified Date = 12/13/2005 2:40:12 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> online_musicmatch.com [https] -> Trusted sites -> 2 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {059947A2-838E-4773-9EE2-8AB8F53C2EDE} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\dxpvqlmgtv.dll [BDEX System] -> [Ver = 1, 0, 0, 1 | Size = 311296 bytes | Modified Date = 1/3/2008 6:53:38 AM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 10:08:42 PM | Attr = ] {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar BHO] -> AOL LLC [Ver = 5.1.14.2 | Size = 1185120 bytes | Modified Date = 12/13/2007 11:49:42 AM | Attr = ] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.2.7.dll [BitComet Helper] -> BitComet [Ver = 20070207 | Size = 158272 bytes | Modified Date = 2/8/2007 12:04:02 AM | Attr = ] {5CA3D70E-1895-11CF-8E15-001234567890} [HKEY_LOCAL_MACHINE] -> %System32%\DLA\DLASHX_W.DLL [DriveLetterAccess] -> Sonic Solutions [Ver = 5.20.08a | Size = 110652 bytes | Modified Date = 9/8/2005 5:20:00 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:33 AM | Attr = ] {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan Enterprise\ScriptCl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 67136 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] {AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 0, 301, 7164 | Size = 325048 bytes | Modified Date = 8/22/2007 9:11:49 PM | Attr = ] {CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BAE\BAE.dll [CBrowserHelperObject Object] -> Dell Inc. [Ver = 1.1.0.1 | Size = 94208 bytes | Modified Date = 7/26/2006 10:05:34 AM | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ] {7D1AD5EB-9902-4FF0-986F-CA498179A53B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\ensfolr.dll [The ensfolr] -> [Ver = 1, 0, 0, 1 | Size = 204800 bytes | Modified Date = 1/3/2008 6:53:42 AM | Attr = ] {965B54B0-71E0-4611-8DE7-F73FA0B20E26} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [Babylon] -> Babylon Ltd. [Ver = 2.0.1.4 | Size = 264416 bytes | Modified Date = 10/10/2007 3:05:30 PM | Attr = ] {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC [Ver = 5.1.14.2 | Size = 1185120 bytes | Modified Date = 12/13/2007 11:49:42 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 9:47:03 PM | Attr = ] WebBrowser\\{965B54B0-71E0-4611-8DE7-F73FA0B20E26} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Babylon\Babylon Toolbar\BabylonIEToolBar.dll [Babylon] -> Babylon Ltd. [Ver = 2.0.1.4 | Size = 264416 bytes | Modified Date = 10/10/2007 3:05:30 PM | Attr = ] WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Winamp Toolbar\winamptb.dll [Winamp Toolbar] -> AOL LLC [Ver = 5.1.14.2 | Size = 1185120 bytes | Modified Date = 12/13/2007 11:49:42 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:33 AM | Attr = ] {92780B25-18CC-41C8-B9BE-3C9C571A8263}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found {A5ABA0BB-F195-40d8-A5E9-0801153E6597}:{2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EverNote\EverNote\enbar.dll [Add to EverNote] -> EverNote Corporation [Ver = 1, 0, 0, 52 | Size = 286720 bytes | Modified Date = 9/6/2006 11:56:58 AM | Attr = ] {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015] -> File not found {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Real.com] -> File not found {d81ca86b-ef63-42af-bee3-4502d9a03c2d}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [MUSICMATCH MX Web Player] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ] CmdMapping\\{39FD89BF-D3F1-45b6-BB56-3582CCF489E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Research] -> File not found CmdMapping\\{A5ABA0BB-F195-40d8-A5E9-0801153E6597} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\EverNote\EverNote\enbar.dll [Add to EverNote] -> EverNote Corporation [Ver = 1, 0, 0, 52 | Size = 286720 bytes | Modified Date = 9/6/2006 11:56:58 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Real.com] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddLink.htm -> File not found &D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddVideo.htm -> File not found &D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe\AddAllLink.htm -> File not found &Winamp Toolbar Search -> %AllUsersAppData%\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htm -> File not found Add to EverNote -> -> File not found Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found Download All Files by HiDownload -> %ProgramFiles%\HiDownload\HDGetAll.htm -> [Ver = | Size = 662 bytes | Modified Date = 6/8/2003 11:20:00 PM | Attr = ] Download by HiDownload -> %ProgramFiles%\HiDownload\HDGet.htm -> [Ver = | Size = 1791 bytes | Modified Date = 6/8/2003 11:20:00 PM | Attr = ] E&xport to Microsoft Excel -> -> File not found Send to &Bluetooth Device... -> %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm -> [Ver = | Size = 1320 bytes | Modified Date = 5/29/2003 12:53:12 PM | Attr = ] Translate with &Babylon -> %ProgramFiles%\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll\Translate.htm -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {01140ACD-3EED-48EB-9CB3-F3F01681213B} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) -> {1D5D265B-2926-442A-B016-7CB2924D6105} -> () -> {29053A6E-E1FD-4837-AE2F-51BF825FEF9D} -> (Broadcom 440x 10/100 Integrated Controller) -> {42FE38A5-E23C-4D7E-ADEC-6EA88CDC8273} -> (1394 Net Adapter) -> {C4CF6524-EB20-4F7B-A923-40E038219C52} -> () -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[] -> File not found skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 9/13/2007 12:31:38 PM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15026/CTSUEng.cab[Creative Software AutoUpdate] -> {0B79F48A-E8D6-11DB-9283-E25056D89593}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.1] -> {193C772A-87BE-4B19-A7BB-445B226FE9A1}[HKEY_LOCAL_MACHINE] -> http://downloads.ewido.net/ewidoOnlineScan.cab[ewidoOnlineScan Control] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab[Java Plug-in 1.5.0_05] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5200/mcfscan.cab[McFreeScan Class] -> {F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15026/CTPID.cab[Creative Software AutoUpdate Support Package] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %System32%\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %System32%\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ] schannel -> %System32%\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %System32%\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 836 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %System32%\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http:\www.passport.com [http://www.passport.com] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 29127 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 12:07:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> America Online, Inc [Ver = 2.0.20.1.US.1 | Size = 496752 bytes | Modified Date = 4/7/2004 12:07:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> America Online, Inc. [Ver = 9.00.001 | Size = 259184 bytes | Modified Date = 9/1/2004 11:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 2.0.20.1.US.1 | Size = 1135728 bytes | Modified Date = 4/7/2004 12:07:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> America Online, Inc [Ver = 2.0.20.1.US.1 | Size = 496752 bytes | Modified Date = 4/7/2004 12:07:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\McAfee\Common Framework\FrameworkService.exe -> C:\Program Files\McAfee\Common Framework\FrameworkService.exe [C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service] -> McAfee, Inc. [Ver = 3.5.5.438 | Size = 98304 bytes | Modified Date = 7/14/2006 11:16:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Network Associates\VirusScan\mcconsol.exe -> C:\Program Files\Network Associates\VirusScan\mcconsol.exe [C:\Program Files\Network Associates\VirusScan\mcconsol.exe:*:Enabled:VirusScan Console] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Network Associates\VirusScan\shcfg32.exe -> C:\Program Files\Network Associates\VirusScan\shcfg32.exe [C:\Program Files\Network Associates\VirusScan\shcfg32.exe:*:Enabled:VirusScan On-Access Scan] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Network Associates\VirusScan\ScnCfg32.Exe -> C:\Program Files\Network Associates\VirusScan\ScnCfg32.Exe [C:\Program Files\Network Associates\VirusScan\ScnCfg32.Exe:*:Enabled:VirusScan On-Demand Scan] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -> C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service] -> McAfee, Inc. [Ver = 3.6.0.546 | Size = 104000 bytes | Modified Date = 7/12/2007 3:43:12 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 11:24:37 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> America Online, Inc. [Ver = 9.00.001 | Size = 259184 bytes | Modified Date = 9/1/2004 11:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe -> C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe [C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0] -> SmartSoft Ltd. [Ver = 2.0.1000.0 | Size = 5815968 bytes | Modified Date = 10/11/2006 5:20:18 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.1.1 | Size = 10800 bytes | Modified Date = 10/10/2006 12:53:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe -> C:\Program Files\BitComet\BitComet.exe [C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> www.BitComet.com [Ver = 0.84 | Size = 4526144 bytes | Modified Date = 2/8/2007 3:49:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 6.0.12.1698 | Size = 214448 bytes | Modified Date = 9/20/2006 8:28:45 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6023.5000 | Size = 12831608 bytes | Modified Date = 5/25/2007 7:09:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 10/27/2006 2:37:44 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 10/27/2006 2:03:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.5.0.239 | Size = 22880040 bytes | Modified Date = 9/13/2007 12:31:38 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ExamSoft\SofTest\SoftLnch.exe -> C:\Program Files\ExamSoft\SoftLnch.exe [C:\Program Files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch ] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ExamSoft\SofTest\softest.exe -> C:\Program Files\ExamSoft\SofTest.exe [C:\Program Files\ExamSoft\SofTest.exe:*:Enabled:SofTest ] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.11: 2007112718 | Size = 7650416 bytes | Modified Date = 12/6/2007 10:37:54 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10753:TCP -> 10753:TCP:*:Enabled:BitComet 10753 TCP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10753:UDP -> 10753:UDP:*:Enabled:BitComet 10753 UDP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2/28/2006 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %System32%\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photags AutoDetect.lnk -> %ProgramFiles%\Digital Images manager\Photags AutoDetect.exe -> [Ver = 1, 0, 0, 1 | Size = 368640 bytes | Modified Date = 4/25/2006 9:32:10 AM | Attr = ] < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> Aim6 hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\AIM6\aim6.exe -> AOL LLC [Ver = 1.4.9.1 | Size = 50736 bytes | Modified Date = 11/7/2006 10:29:02 AM | Attr = ] [Files/Folders - Created Within 30 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 1/4/2008 8:31:45 PM | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063714816 bytes | Created Date = 1/5/2008 9:23:37 PM | Attr = HS] QUARANTINE -> %SystemDrive%\QUARANTINE -> [Folder | Created Date = 1/4/2008 10:03:44 PM | Attr = ] tmp.bat -> %SystemDrive%\tmp.bat -> [Ver = | Size = 50 bytes | Created Date = 1/3/2008 7:51:29 PM | Attr = ] WinPfind35U -> %SystemDrive%\WinPfind35U -> [Folder | Created Date = 1/5/2008 9:30:31 PM | Attr = ] mfeapfk.sys -> %System32%\drivers\mfeapfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 64360 bytes | Created Date = 1/4/2008 8:32:42 PM | Attr = ] mfeavfk.sys -> %System32%\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 72264 bytes | Created Date = 1/4/2008 8:32:41 PM | Attr = ] mfebopk.sys -> %System32%\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 34152 bytes | Created Date = 1/4/2008 8:32:43 PM | Attr = ] mfehidk.sys -> %System32%\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 170408 bytes | Created Date = 1/4/2008 8:32:40 PM | Attr = ] mfetdik.sys -> %System32%\drivers\mfetdik.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 52136 bytes | Created Date = 1/4/2008 8:32:41 PM | Attr = ] acXMLParser.dll -> %System32%\acXMLParser.dll -> Apache Software Foundation [Ver = 2, 7, 0 | Size = 1843200 bytes | Created Date = 12/20/2007 8:19:55 PM | Attr = ] cdintf300.dll -> %System32%\cdintf300.dll -> Amyuni Technologies http://www.amyuni.com [Ver = 3.01a | Size = 3518464 bytes | Created Date = 12/20/2007 8:19:54 PM | Attr = ] libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 12/11/2007 5:34:44 PM | Attr = ] ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 12/11/2007 5:34:44 PM | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 5760 bytes | Created Date = 1/4/2008 10:08:29 PM | Attr = ] ampkfst.dll -> %SystemRoot%\ampkfst.dll -> [Ver = 1, 0, 0, 1 | Size = 278528 bytes | Created Date = 1/3/2008 7:42:00 PM | Attr = ] bklgvsf.dll -> %SystemRoot%\bklgvsf.dll -> [Ver = | Size = 282624 bytes | Created Date = 1/3/2008 7:42:00 PM | Attr = ] dxpvqlmgtv.dll -> %SystemRoot%\dxpvqlmgtv.dll -> [Ver = 1, 0, 0, 1 | Size = 311296 bytes | Created Date = 1/3/2008 7:42:00 PM | Attr = ] ensfolr.dll -> %SystemRoot%\ensfolr.dll -> [Ver = 1, 0, 0, 1 | Size = 204800 bytes | Created Date = 1/3/2008 7:41:59 PM | Attr = ] foxflpd.exe -> %SystemRoot%\foxflpd.exe -> [Ver = | Size = 90112 bytes | Created Date = 1/3/2008 7:42:00 PM | Attr = ] McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Created Date = 1/4/2008 6:38:30 PM | Attr = ] [Files/Folders - Modified Within 30 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 1/4/2008 10:15:04 PM | Attr = HS] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 1/4/2008 8:17:04 PM | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 1/4/2008 10:38:33 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1063714816 bytes | Modified Date = 1/5/2008 9:23:37 PM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 1/5/2008 1:02:14 PM | Attr = R ] QUARANTINE -> %SystemDrive%\QUARANTINE -> [Folder | Modified Date = 1/5/2008 1:18:13 PM | Attr = ] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/22/2007 2:31:47 PM | Attr = H ] sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/22/2007 11:38:21 PM | Attr = H ] sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/23/2007 11:46:33 PM | Attr = H ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/24/2007 6:42:29 PM | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/27/2007 2:32:53 AM | Attr = H ] sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/27/2007 8:07:20 PM | Attr = H ] sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/27/2007 11:41:56 PM | Attr = H ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/29/2007 11:42:27 PM | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 268 bytes | Modified Date = 12/30/2007 12:27:21 AM | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/3/2008 8:32:59 PM | Attr = H ] sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/3/2008 11:01:20 PM | Attr = H ] sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/3/2008 11:28:09 PM | Attr = H ] sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/4/2008 6:11:18 PM | Attr = H ] sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/4/2008 10:12:53 PM | Attr = H ] sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/5/2008 1:11:37 AM | Attr = H ] sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/5/2008 1:19:28 AM | Attr = H ] sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/5/2008 12:29:36 PM | Attr = H ] sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/5/2008 1:19:13 PM | Attr = H ] sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/5/2008 1:24:32 PM | Attr = H ] sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [Ver = | Size = 268 bytes | Modified Date = 1/5/2008 9:13:58 PM | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/22/2007 2:31:47 PM | Attr = H ] sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/22/2007 11:38:21 PM | Attr = H ] sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/23/2007 11:46:32 PM | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/24/2007 6:42:29 PM | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/27/2007 2:32:53 AM | Attr = H ] sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/27/2007 8:07:20 PM | Attr = H ] sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/27/2007 11:41:55 PM | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/29/2007 11:42:26 PM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 12/30/2007 12:27:21 AM | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/3/2008 8:32:58 PM | Attr = H ] sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/3/2008 11:01:20 PM | Attr = H ] sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/3/2008 11:28:09 PM | Attr = H ] sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/4/2008 6:11:18 PM | Attr = H ] sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/4/2008 10:12:53 PM | Attr = H ] sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/5/2008 1:11:37 AM | Attr = H ] sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/5/2008 1:19:27 AM | Attr = H ] sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/5/2008 12:29:35 PM | Attr = H ] sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/5/2008 1:19:13 PM | Attr = H ] sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/5/2008 1:24:32 PM | Attr = H ] sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [Ver = | Size = 244 bytes | Modified Date = 1/5/2008 9:13:58 PM | Attr = H ] tmp.bat -> %SystemDrive%\tmp.bat -> [Ver = | Size = 50 bytes | Modified Date = 1/3/2008 7:51:29 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 1/5/2008 9:25:00 PM | Attr = ] WinPfind35U -> %SystemDrive%\WinPfind35U -> [Folder | Modified Date = 1/5/2008 9:30:35 PM | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 1/5/2008 9:24:29 PM | Attr = ] D2A82A2C82.sys -> %System32%\D2A82A2C82.sys -> [Ver = | Size = 88 bytes | Modified Date = 1/3/2008 7:04:10 PM | Attr = RHS] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 12/13/2007 10:12:34 AM | Attr = RHS] drivers -> %System32%\drivers -> [Folder | Modified Date = 1/4/2008 8:32:43 PM | Attr = ] KGyGaAvL.sys -> %System32%\KGyGaAvL.sys -> [Ver = | Size = 3350 bytes | Modified Date = 1/3/2008 7:04:16 PM | Attr = HS] libdivx.dll -> %System32%\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 12/11/2007 5:34:44 PM | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 55522 bytes | Modified Date = 1/5/2008 9:28:17 PM | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 386598 bytes | Modified Date = 1/5/2008 9:28:17 PM | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 448136 bytes | Modified Date = 1/5/2008 9:28:17 PM | Attr = ] ssldivx.dll -> %System32%\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 12/11/2007 5:34:44 PM | Attr = ] tmp.reg -> %System32%\tmp.reg -> [Ver = | Size = 5760 bytes | Modified Date = 1/5/2008 9:17:59 PM | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13718 bytes | Modified Date = 1/5/2008 9:24:09 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 12/22/2007 1:08:26 AM | Attr = H ] ampkfst.dll -> %SystemRoot%\ampkfst.dll -> [Ver = 1, 0, 0, 1 | Size = 278528 bytes | Modified Date = 1/3/2008 6:53:16 AM | Attr = ] bklgvsf.dll -> %SystemRoot%\bklgvsf.dll -> [Ver = | Size = 282624 bytes | Modified Date = 1/3/2008 6:53:22 AM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/5/2008 9:23:38 PM | Attr = S] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 1/4/2008 8:21:29 PM | Attr = HS] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 1/4/2008 10:54:55 PM | Attr = S] dxpvqlmgtv.dll -> %SystemRoot%\dxpvqlmgtv.dll -> [Ver = 1, 0, 0, 1 | Size = 311296 bytes | Modified Date = 1/3/2008 6:53:38 AM | Attr = ] ensfolr.dll -> %SystemRoot%\ensfolr.dll -> [Ver = 1, 0, 0, 1 | Size = 204800 bytes | Modified Date = 1/3/2008 6:53:42 AM | Attr = ] foxflpd.exe -> %SystemRoot%\foxflpd.exe -> [Ver = | Size = 90112 bytes | Modified Date = 1/3/2008 6:53:44 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1393 bytes | Modified Date = 12/13/2007 10:12:37 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 1/4/2008 6:38:30 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 1/4/2008 9:59:25 PM | Attr = HS] jgzr.dat -> %SystemRoot%\jgzr.dat -> [Ver = | Size = 45887 bytes | Modified Date = 12/12/2007 12:13:36 PM | Attr = ] McAfee.com -> %SystemRoot%\McAfee.com -> [Folder | Modified Date = 1/4/2008 6:38:30 PM | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 5229 bytes | Modified Date = 12/19/2007 8:07:24 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 1/5/2008 9:31:34 PM | Attr = ] QUICKEN.INI -> %SystemRoot%\QUICKEN.INI -> [Ver = | Size = 165 bytes | Modified Date = 12/20/2007 8:40:27 PM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 12/10/2007 9:59:48 PM | Attr = ] system32 -> %System32% -> [Folder | Modified Date = 1/5/2008 9:28:17 PM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 1/5/2008 9:29:18 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 12/20/2007 8:19:10 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 1/5/2008 9:23:43 PM | Attr = H ] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cffc49fe] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:afe7225f "s2"=dword:d2982c5d "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:65,68,b1,6b,0b,82,50,4a,22,85,9f,36,48,7d,ee,11,8f,1c,86,0f,88,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,2c,77,27,ff,1d,5d,2c,53,0c,62,6c,fc,f0,79,50,26,62,.. "khjeh"=hex:e5,8f,04,95,ca,92,d4,68,79,9e,61,6b,db,dd,60,bc,8e,f1,4a,ad,63,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:fb,5f,7d,92,8b,e5,f5,b3,b5,1c,69,a9,41,e7,7a,c2,19,1e,c9,28,71,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cffc49fe] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:65,68,b1,6b,0b,82,50,4a,22,85,9f,36,48,7d,ee,11,8f,1c,86,0f,88,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,2c,77,27,ff,1d,5d,2c,53,0c,62,6c,fc,f0,79,50,26,62,.. "khjeh"=hex:e5,8f,04,95,ca,92,d4,68,79,9e,61,6b,db,dd,60,bc,8e,f1,4a,ad,63,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:fb,5f,7d,92,8b,e5,f5,b3,b5,1c,69,a9,41,e7,7a,c2,19,1e,c9,28,71,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\All Users\Application Data\TEMP:C4252FE0 131 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\Desktop\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\accouning tools final\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\AirTran AMX1_files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\investments\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\IT\links\img\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\IT\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Pictures\2004_07_16\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Pictures\corey& vicky\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Pictures\Costa Rica 05\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Pictures\Costa Rica New Years\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Pictures\Costa Rica New Years\cutler\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Pictures\Costa Rica New Years\cutler 1\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Pictures\group project\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Pictures\Miami\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Pictures\Microsoft Clip Organizer\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Pictures\Picasa Edits\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Pictures\Puerto Rico 04\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Pictures\Screensaver\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Pictures\Umbria\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\My Skype Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\JetBlue thanksgiving confirmation webpage with barcode_files\hertz_confirmation_data\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\JetBlue thanksgiving confirmation webpage with barcode_files\index_data\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\JetBlue thanksgiving confirmation webpage with barcode_files\spacer_data\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\JetBlue thanksgiving confirmation webpage with barcode_files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\Strategic Analysis\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\brand audit\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\C1&C2 NYE 2008\Corey and Cindy NYE 2008\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\C1&C2 NYE 2008\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\exhibit 1 for final mp&o paper_files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\LMT PPT\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\Video Converter\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\Website\img\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\Website\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\club flyers\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\Consulting\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\Consulting project\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\ALPFA EVENT_files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\marketing\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\mba confirmation_files\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\Modeling & decision\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\El_Padrino\My Documents\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 79 < End of report >