[code] WinPFind35 logfile created on: 2/29/2008 6:18:27 PM WinPFind35U Version 1.0.2.2 Folder = C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Desktop\WinPFind35u Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 510.98 Mb Total Physical Memory | 199.93 Mb Available Physical Memory | 39.13% Memory free 1.22 Gb Paging File | 0.79 Gb Available in Paging File | 64.97% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.46 Gb Total Space | 9.29 Gb Free Space | 12.47% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ICOMPUTETHINGS Current User Name: Ilya Shor Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] lexbces.exe -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 4/7/2003 3:55:20 PM | Attr = ] lexpps.exe -> %SystemRoot%\SYSTEM32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 4/7/2003 3:51:48 PM | Attr = ] frameworkservice.exe -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 102463 bytes | Modified Date = 8/6/2004 2:50:00 AM | Attr = ] naprdmgr.exe -> %ProgramFiles%\Network Associates\Common Framework\naPrdMgr.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 237623 bytes | Modified Date = 8/6/2004 2:50:00 AM | Attr = ] vstskmgr.exe -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 9/22/2004 7:00:00 PM | Attr = ] nvsvc32.exe -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4354 | Size = 69632 bytes | Modified Date = 4/24/2003 7:58:00 PM | Attr = ] viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr = ] shstat.exe -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 7:00:00 PM | Attr = ] updaterui.exe -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 139320 bytes | Modified Date = 8/6/2004 2:50:00 AM | Attr = ] viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 4:38:18 PM | Attr = ] reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/8/2008 3:32:52 PM | Attr = ] mcshield.exe -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 9/22/2004 7:00:00 PM | Attr = ] aim.exe -> %ProgramFiles%\AIM\aim.exe -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ] skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.5.0.239 | Size = 22880040 bytes | Modified Date = 9/13/2007 12:31:38 PM | Attr = R ] skypepm.exe -> %ProgramFiles%\Skype\Plugin Manager\skypePM.exe -> Skype Technologies [Ver = 1.5.0.3 | Size = 2040776 bytes | Modified Date = 9/13/2007 12:31:40 PM | Attr = R ] winpatrol.exe -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe -> BillP Studios [Ver = 12, 0, 2007, 0 | Size = 292152 bytes | Modified Date = 8/2/2007 11:59:37 AM | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.2.2 | Size = 310784 bytes | Modified Date = 2/28/2008 2:42:00 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (AresChatServer) Ares Chatroom server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Ares\chatServer.exe -> Ares Development Group [Ver = 2.0.2.3022 | Size = 221184 bytes | Modified Date = 1/21/2007 8:57:00 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 2:56:48 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ] (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 4/7/2003 3:55:20 PM | Attr = ] (McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\Common Framework\FrameworkService.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 102463 bytes | Modified Date = 8/6/2004 2:50:00 AM | Attr = ] (McShield) Network Associates McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\mcshield.exe -> Network Associates, Inc. [Ver = 8.0.0.251 | Size = 221191 bytes | Modified Date = 9/22/2004 7:00:00 PM | Attr = ] (McTaskManager) Network Associates Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\Network Associates\VirusScan\vstskmgr.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 28672 bytes | Modified Date = 9/22/2004 7:00:00 PM | Attr = ] (NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 2:33:40 PM | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> File not found (NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4354 | Size = 69632 bytes | Modified Date = 4/24/2003 7:58:00 PM | Attr = ] (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 4:38:08 PM | Attr = ] [Driver Services - Non-Microsoft Only] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 3:15:00 PM | Attr = ] (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (ASPI32) ASPI32 [Kernel | System | Stopped] -> -> File not found (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 1:07:17 AM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 1:07:16 AM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 7/16/2003 3:27:04 PM | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (dsNcAdpt) Juniper Network Connect Adapter [Kernel | On_Demand | Stopped] -> system32\DRIVERS\dsNcAdpt.sys -> File not found (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\e100b325.sys -> Intel Corporation [Ver = 7.0.26.0 built by: WinDDK | Size = 145408 bytes | Modified Date = 3/4/2003 3:56:26 PM | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 3:44:04 PM | Attr = ] (HPFECP13) HPFECP13 [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HPFecp13.sys -> [Ver = | Size = 52800 bytes | Modified Date = 7/30/1998 4:40:42 PM | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSFHWBS2.sys -> Conexant Systems, Inc. [Ver = 7.02.00.00 | Size = 207616 bytes | Modified Date = 8/26/2003 7:25:14 PM | Attr = ] (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 7.02.00.00 | Size = 1041152 bytes | Modified Date = 8/26/2003 7:22:34 PM | Attr = ] (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found (Jukebox) Jukebox [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ctpdusb2.sys -> Creative Technology Ltd. [Ver = 1.00.05.00 | Size = 16816 bytes | Modified Date = 8/29/2003 4:00:00 AM | Attr = ] (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mdmxsdk.sys -> Conexant [Ver = 1.0.2.002 | Size = 11043 bytes | Modified Date = 4/9/2003 3:48:08 PM | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.116 | Size = 28256 bytes | Modified Date = 8/17/2005 6:33:28 PM | Attr = ] (NaiAvFilter1) NaiAvFilter1 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\naiavf5x.sys -> Network Associates, Inc. [Ver = 8.0.0.276 | Size = 108480 bytes | Modified Date = 1/14/2005 7:00:00 PM | Attr = ] (NaiAvTdi1) NaiAvTdi1 [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\mvstdi5x.sys -> Network Associates, Inc. [Ver = 8.0.0.266 | Size = 58464 bytes | Modified Date = 1/14/2005 7:00:00 PM | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.01.4354 | Size = 1271706 bytes | Modified Date = 4/24/2003 7:58:00 PM | Attr = ] (OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 6, 1, 0, 242 | Size = 13632 bytes | Modified Date = 8/22/2001 11:42:58 AM | Attr = ] (oreans32) oreans32 [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\oreans32.sys -> [Ver = | Size = 33824 bytes | Modified Date = 3/2/2007 2:15:25 PM | Attr = ] (P1110VID) Creative WebCam NX [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\P1110Vid.sys -> Creative Technology Ltd. [Ver = 1.00.01.00 | Size = 90357 bytes | Modified Date = 5/13/2003 9:57:02 PM | Attr = R ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (PortTalk) PortTalk [Kernel | On_Demand | Stopped] -> System32\Drivers\PortTalk.sys -> File not found (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 7/16/2003 3:42:18 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pxhelp20.sys -> Sonic Solutions [Ver = 2.03.28a | Size = 20640 bytes | Modified Date = 10/26/2005 3:12:48 PM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3600 | Size = 580992 bytes | Modified Date = 5/6/2003 12:14:34 PM | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (tbhsd) Tunebite High-Speed Dubbing [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\tbhsd.sys -> RapidSolution Software AG [Ver = 2, 0, 0, 0 | Size = 16640 bytes | Modified Date = 9/18/2006 10:54:48 AM | Attr = ] (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (ViaIde) ViaIde [Kernel | Disabled | Stopped] -> -> File not found (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 4:13:04 PM | Attr = ] (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 7.02.00.00 built by: WinDDK | Size = 675840 bytes | Modified Date = 8/26/2003 7:24:06 PM | Attr = ] (EntDrv51) EntDrv51 [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\entdrv51.sys -> Network Associates, Inc [Ver = 8.0.0.277 | Size = 8320 bytes | Modified Date = 1/14/2005 7:00:00 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 787e83cd -> %SystemRoot%\system32\cxssiyvx.DLL -> File not found KernelFaultCheck -> -> File not found McAfeeUpdaterUI -> %ProgramFiles%\Network Associates\Common Framework\UpdaterUI.exe -> Network Associates, Inc. [Ver = 3.5.0.412 | Size = 139320 bytes | Modified Date = 8/6/2004 2:50:00 AM | Attr = ] ShStatEXE -> %ProgramFiles%\Network Associates\VirusScan\shstat.exe -> Network Associates, Inc. [Ver = 8.0.0.912 | Size = 94208 bytes | Modified Date = 9/22/2004 7:00:00 PM | Attr = ] WinPatrol -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe -> BillP Studios [Ver = 12, 0, 2007, 0 | Size = 292152 bytes | Modified Date = 8/2/2007 11:59:37 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> -> File not found AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS] < Run [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> -> File not found AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 1/28/2008 11:43:40 AM | Attr = RHS] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 24576 bytes | Modified Date = 9/12/2002 10:28:14 AM | Attr = ] < All Users.WINDOWS Startup Folder > -> C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Default User.WINDOWS Startup Folder > -> C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup -> < Ilya Shor.ICOMPUTETHINGS Startup Folder > -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Start Menu\Programs\Startup -> < ICQ Agent [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\ -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {ED120D76-BF31-412C-A99B-783C6676E128} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\jkkkhfd.dll [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> jkkkhfd -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\: Main\\Start Page -> http://www.google.com/ -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> .[msn] -> My Computer -> free_aol.com [http] -> Trusted sites -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 2 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> .[msn] -> My Computer -> free_aol.com [http] -> Trusted sites -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 2 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ] {104AA49D-DC59-4017-AF1F-AB230CE25E8B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 10:38:44 AM | Attr = ] {65D886A2-7CA7-479B-BB95-14D1EFB7946A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\YIeTagBm.dll [YahooTaggedBM Class] -> Yahoo! Inc. [Ver = 2005, 1, 24, 1 | Size = 115832 bytes | Modified Date = 1/24/2005 8:55:32 AM | Attr = ] {66DEBAF8-3C4D-4944-B5F5-A629709AB9C9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {75FFC9F0-CB82-43C0-8BB3-395A8EECDEB6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {80251448-BB28-45E8-B655-DFB6FB940B08} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {9795DAB4-EAEC-4BC1-A13C-515689B0CDD5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SYSTEM32\jkhfc.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 321600 bytes | Modified Date = 2/25/2008 2:31:28 PM | Attr = ] {E4C33052-78B6-44B2-A8AA-31DC1FE78759} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {EF8EFD1C-0BE3-4D13-957A-738643AFD590} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 4:06:02 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 4:06:02 PM | Attr = ] < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yhexbmesus.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2005, 5, 11, 1 | Size = 316552 bytes | Modified Date = 5/11/2005 4:06:02 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {40D41A8B-D79B-43d7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 9/26/2005 7:02:34 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 9/26/2005 7:02:34 PM | Attr = ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{40D41A8B-D79B-43D7-99A7-9EE0F344C385} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM Toolbar\AIMBar.dll [AIM Search] -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 9/26/2005 7:02:34 PM | Attr = ] WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Sun Java Console] -> File not found {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 10:38:44 AM | Attr = ] {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ] {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 10:38:44 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ] CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 9/26/2005 7:02:34 PM | Attr = ] &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> File not found &Download with &DAP -> %SystemDrive%\PROGRA~1\DAP\dapextie.htm -> File not found &Yahoo! Search -> -> File not found Yahoo! &Dictionary -> -> File not found Yahoo! &Maps -> -> File not found Yahoo! &SMS -> -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ] CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download with &DAP -> %SystemDrive%\PROGRA~1\DAP\dapextie.htm -> File not found Download &all with DAP -> D:\PROGRA~1\DAP\dapextie2.htm -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found CmdMapping\\{669695BC-A811-4A9D-8CDF-BA8C795F261C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ] CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download with &DAP -> %SystemDrive%\PROGRA~1\DAP\dapextie.htm -> File not found Download &all with DAP -> D:\PROGRA~1\DAP\dapextie2.htm -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Sun Java Console] -> File not found CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [UberButton Class] -> Yahoo! [Ver = 2005, 5, 26, 1 | Size = 181352 bytes | Modified Date = 5/26/2005 10:38:44 AM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ] CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-1004336348-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Search -> %ProgramFiles%\AIM Toolbar\AIMBar.dll -> America Online, Inc [Ver = 2004.00.003 | Size = 172032 bytes | Modified Date = 9/26/2005 7:02:34 PM | Attr = ] &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> File not found &Download with &DAP -> %SystemDrive%\PROGRA~1\DAP\dapextie.htm -> File not found &Yahoo! Search -> -> File not found Yahoo! &Dictionary -> -> File not found Yahoo! &Maps -> -> File not found Yahoo! &SMS -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 3:56:24 PM | Attr = ] < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {1A2027D4-896D-479F-8FB6-A10832481A99} -> () -> {BB36F462-2CBB-4B17-B0B7-264A81402CD8} -> (Intel(R) PRO/100 VE Network Connection) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000023 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000024 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000025 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000026 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000027 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000028 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000029 -> %SystemRoot%\SYSTEM32\mclsp.dll -> Networks Associates Technology, Inc [Ver = 4, 0, 1, 20 | Size = 114688 bytes | Modified Date = 4/9/2003 9:32:50 PM | Attr = ] < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[OLE (Part 1 of 5)] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[OLE (Part 1 of 5)] -> File not found skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 2 | Size = 1828176 bytes | Modified Date = 9/13/2007 12:31:38 PM | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {00000075-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/voxacm.CAB[Reg Error: Key does not exist or could not be opened.] -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> {1239CC52-59EF-4DFA-8C61-90FFA846DF7E}[HKEY_LOCAL_MACHINE] -> http://www.musicnotes.com/download/mnviewer.cab[Musicnotes Viewer] -> {32564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/wmv8dmo.cab[Reg Error: Key does not exist or could not be opened.] -> {33363249-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/i263_32.cab[Reg Error: Key does not exist or could not be opened.] -> {33564D57-0000-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB[Reg Error: Key does not exist or could not be opened.] -> {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab[Reg Error: Key does not exist or could not be opened.] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab[MSN Photo Upload Tool] -> {62475759-9E84-458E-A1AB-5D2C442ADFDE}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe[Reg Error: Key does not exist or could not be opened.] -> {A90A5822-F108-45AD-8482-9BC8B12DD539}[HKEY_LOCAL_MACHINE] -> http://www.crucial.com/controls/cpcScanner.cab[Crucial cpcScan] -> {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab[Reg Error: Key does not exist or could not be opened.] -> {C190FF32-96D0-445F-9F60-5CF288FD3D0F}[HKEY_LOCAL_MACHINE] -> https://resnet.verify.binghamton.edu:8443/registration/CAT/CNICAT.cab[ActiveFormX Control] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> {D719897A-B07A-4C0C-AEA9-9B663A28DFCB}[HKEY_LOCAL_MACHINE] -> http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab[iTunesDetector Class] -> {D8089245-3211-40F6-819B-9E5E92CD61A2}[HKEY_LOCAL_MACHINE] -> https://bigflash.microgaming.com/bigflash/FlashAX.cab[FlashXControl Object] -> {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4350/mcfscan.cab[McFreeScan Class] -> {FA3662C3-B8E8-11D6-A667-0010B556D978}[HKEY_LOCAL_MACHINE] -> http://cdn.digitalcity.com/_media/dalaillama/ampx.cab[IWinAmpActiveX Class] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\DoNotAllowXPSP2 -> 0 -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ] C:\WINDOWS\system32\jkhfc.dll -> %SystemRoot%\SYSTEM32\jkhfc.dll -> [Ver = | Size = 321600 bytes | Modified Date = 2/25/2008 2:31:28 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 2:56:43 AM | Attr = ] schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 684 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 2:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 2340 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 2:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe -> C:\Program Files\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa Lite K++\KazaaLite.kpp -> C:\Program Files\Kazaa Lite K++\KazaaLite.kpp [C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\SYSTEM32\LEXPPS.EXE -> C:\WINDOWS\SYSTEM32\LEXPPS.EXE [C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE] -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 4/7/2003 3:51:48 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iMesh\Client\iMeshClient.exe -> C:\Program Files\iMesh\Client\iMeshClient.exe [C:\Program Files\iMesh\Client\iMeshClient.exe:*:Enabled:iMesh Client for PC platforms] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Voiceglo\Glophone\glophone.exe -> C:\Program Files\Voiceglo\Glophone\glophone.exe [C:\Program Files\Voiceglo\Glophone\glophone.exe:*:Disabled:webphone] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares Lite Edition\AresLite.exe -> C:\Program Files\Ares Lite Edition\AresLite.exe [C:\Program Files\Ares Lite Edition\AresLite.exe:*:Enabled:Ares Lite Edition] -> Ares Development Group [Ver = 1.8.1.2944 | Size = 651264 bytes | Modified Date = 9/29/2004 4:49:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe [C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe:*:Disabled:LimeWire: The most advanced file sharing program on the planet.] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Soulseek\slsk.exe -> C:\Program Files\Soulseek\slsk.exe [C:\Program Files\Soulseek\slsk.exe:*:Disabled:SoulSeek] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 2:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DC++\DCPlusPlus.exe -> C:\Program Files\DC++\DCPlusPlus.exe [C:\Program Files\DC++\DCPlusPlus.exe:*:Disabled:DC++] -> [Ver = 0, 6, 9, 8 | Size = 1544192 bytes | Modified Date = 10/10/2006 8:15:26 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Zone.com Deluxe Games\JEOPARDY! Deluxe\JEOPARDY! Deluxe.exe -> C:\Program Files\Zone.com Deluxe Games\JEOPARDY! Deluxe\JEOPARDY! Deluxe.exe [C:\Program Files\Zone.com Deluxe Games\JEOPARDY! Deluxe\JEOPARDY! Deluxe.exe:*:Enabled:JEOPARDY! Deluxe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\btdownloadgui.exe -> C:\Program Files\BitTorrent\btdownloadgui.exe [C:\Program Files\BitTorrent\btdownloadgui.exe:*:Enabled:btdownloadgui] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 625664 bytes | Modified Date = 12/6/2007 6:01:25 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ares Lite Edition\Ares.exe -> C:\Program Files\Ares Lite Edition\Ares.exe [C:\Program Files\Ares Lite Edition\Ares.exe:*:Enabled:Ares] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> America Online, Inc. [Ver = 9.02.000 | Size = 12888 bytes | Modified Date = 10/14/2004 5:33:08 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe -> C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1116030615\EE\AOLServiceHost.exe -> C:\Program Files\Common Files\AOL\1116030615\EE\AOLServiceHost.exe [C:\Program Files\Common Files\AOL\1116030615\EE\AOLServiceHost.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\System Information\sinf.exe -> C:\Program Files\Common Files\AOL\System Information\sinf.exe [C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe -> C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe [C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32 -> C:\WINDOWS\SYSTEM32 [C:\WINDOWS\system32:*:Enabled:lockx] -> [Folder | Modified Date = 2/29/2008 5:34:38 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 2:35:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll [139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll [445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll [137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll [138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundEchoRequest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{EC778D7F-CFE7-4DA4-BDF0-424FC60FF6F8} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{BB36F462-2CBB-4B17-B0B7-264A81402CD8} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{6344475F-DF39-4E55-9789-CD29AE542243} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 2:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 2:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> AOLService -> -> McAfeeFramework -> -> < Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ -> C:^Documents and Settings^Ilya Shor.ICOMPUTETHINGS^Start Menu^Programs^Startup^Check For Dope Wars Updates.lnk -> %SystemDrive%\PROGRA~1\Dopewars\WiseUpdt.exe -> File not found < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> AIM hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found AOL Fast Start hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\America Online 9.0\AOL.EXE -> File not found ares hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Ares Lite Edition\Ares.exe -> File not found Creative WebCam Tray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\Creative\Shared Files\CamTray.exe -> Creative Technology Ltd [Ver = 3.2.1.0 | Size = 184320 bytes | Modified Date = 6/26/2003 5:02:00 AM | Attr = ] iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ] mmtask hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe -> TODO: [Ver = 1.0.0.1 | Size = 53248 bytes | Modified Date = 12/3/2003 9:40:28 AM | Attr = ] [Files/Folders - Created Within 30 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2/29/2008 5:34:40 PM | Attr = ] 1 C:\*.tmp files -> C:\*.tmp -> Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2/29/2008 2:50:56 PM | Attr = ] New Folder -> %SystemDrive%\New Folder -> [Folder | Created Date = 2/22/2008 2:20:09 AM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 2/27/2008 10:33:19 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2/29/2008 3:29:19 PM | Attr = ] cfhkj.ini -> %SystemRoot%\System32\cfhkj.ini -> [Ver = | Size = 291016 bytes | Modified Date = 2/29/2008 6:18:48 PM | Attr = HS] cfhkj.ini2 -> %SystemRoot%\System32\cfhkj.ini2 -> [Ver = | Size = 291016 bytes | Modified Date = 2/29/2008 6:16:43 PM | Attr = HS] gnyynrww.ini -> %SystemRoot%\System32\gnyynrww.ini -> [Ver = | Size = 1259488 bytes | Modified Date = 2/29/2008 3:46:57 AM | Attr = HS] jkhfc.dll -> %SystemRoot%\System32\jkhfc.dll -> [Ver = | Size = 321600 bytes | Modified Date = 2/25/2008 2:31:28 PM | Attr = ] lxkeeegp.ini -> %SystemRoot%\System32\lxkeeegp.ini -> [Ver = | Size = 1242781 bytes | Modified Date = 2/28/2008 3:46:16 AM | Attr = HS] myymwoil.ini -> %SystemRoot%\System32\myymwoil.ini -> [Ver = | Size = 1245403 bytes | Modified Date = 2/28/2008 3:45:32 AM | Attr = HS] NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Created Date = 2/22/2008 1:51:46 AM | Attr = ] 22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> pdfcmnnt.dll -> %SystemRoot%\System32\pdfcmnnt.dll -> [Ver = | Size = 116224 bytes | Modified Date = 10/28/2001 5:42:30 PM | Attr = ] qrrqfkhb.ini -> %SystemRoot%\System32\qrrqfkhb.ini -> [Ver = | Size = 1261625 bytes | Modified Date = 2/27/2008 2:43:00 AM | Attr = HS] WDBtnMgr.exe -> %SystemRoot%\System32\WDBtnMgr.exe -> Western Digital Technologies, Inc. [Ver = 2, 0, 13, 0 | Size = 364544 bytes | Modified Date = 2/22/2008 2:39:15 AM | Attr = ] xvyissxc.ini -> %SystemRoot%\System32\xvyissxc.ini -> [Ver = | Size = 1259428 bytes | Modified Date = 2/29/2008 3:46:27 AM | Attr = HS] BM7b4db051.xml -> %SystemRoot%\BM7b4db051.xml -> [Ver = | Size = 136652 bytes | Modified Date = 2/28/2008 2:51:45 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2/29/2008 2:51:19 PM | Attr = ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> go -> %SystemRoot%\go -> [Ver = | Size = 32 bytes | Modified Date = 2/27/2008 1:01:14 AM | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 2/28/2008 3:40:33 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Created Date = 2/21/2008 8:05:08 AM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 2/24/2008 1:53:05 PM | Attr = ] Juniper Networks -> %AppData%\Juniper Networks -> [Folder | Created Date = 2/24/2008 4:02:14 PM | Attr = ] 437-Case 1-Par 1.doc -> %UserProfile%\My Documents\437-Case 1-Par 1.doc -> [Ver = | Size = 10403840 bytes | Modified Date = 2/15/2008 12:53:06 AM | Attr = ] 437-Case 1-Par 2.doc -> %UserProfile%\My Documents\437-Case 1-Par 2.doc -> [Ver = | Size = 9326592 bytes | Modified Date = 2/15/2008 12:57:34 AM | Attr = ] ACH case study.doc -> %UserProfile%\My Documents\ACH case study.doc -> [Ver = | Size = 81920 bytes | Modified Date = 2/21/2008 11:59:50 PM | Attr = ] ACH.doc -> %UserProfile%\My Documents\ACH.doc -> [Ver = | Size = 26112 bytes | Modified Date = 2/21/2008 7:56:18 PM | Attr = ] Adobe Reader 7.0.lnk -> %UserProfile%\My Documents\Adobe Reader 7.0.lnk -> [Ver = | Size = 1740 bytes | Modified Date = 2/21/2008 8:05:17 AM | Attr = ] Econ 437 -> %UserProfile%\My Documents\Econ 437 -> [Folder | Created Date = 2/15/2008 1:05:28 AM | Attr = ] Ilya Shor's Personal Statement.doc -> %UserProfile%\My Documents\Ilya Shor's Personal Statement.doc -> [Ver = | Size = 27136 bytes | Modified Date = 2/13/2008 6:13:02 PM | Attr = ] Ilya Shor's Resume1.doc -> %UserProfile%\My Documents\Ilya Shor's Resume1.doc -> [Ver = | Size = 51200 bytes | Modified Date = 2/24/2008 5:44:49 PM | Attr = ] meh -> %UserProfile%\My Documents\meh -> [Ver = | Size = 1841 bytes | Modified Date = 2/18/2008 9:08:25 AM | Attr = ] New York Law.pdf -> %UserProfile%\My Documents\New York Law.pdf -> [Ver = | Size = 73145 bytes | Modified Date = 2/13/2008 6:47:19 PM | Attr = ] ron paul.doc -> %UserProfile%\My Documents\ron paul.doc -> [Ver = | Size = 22528 bytes | Modified Date = 2/14/2008 10:42:24 PM | Attr = ] ~$H case study.doc -> %UserProfile%\My Documents\~$H case study.doc -> [Ver = | Size = 162 bytes | Modified Date = 2/22/2008 12:00:02 AM | Attr = H ] PDFCreator.lnk -> %AllUsersProfile%\Desktop\PDFCreator.lnk -> [Ver = | Size = 706 bytes | Modified Date = 2/27/2008 3:08:31 PM | Attr = ] VLC media player.lnk -> %AllUsersProfile%\Desktop\VLC media player.lnk -> [Ver = | Size = 719 bytes | Modified Date = 2/27/2008 3:17:04 PM | Attr = ] 14 Rollin' (Urban Assault Vehicle).mp3 -> %UserProfile%\Desktop\14 Rollin' (Urban Assault Vehicle).mp3 -> [Ver = | Size = 10979011 bytes | Modified Date = 2/15/2008 1:21:41 AM | Attr = ] 437-whatever.doc -> %UserProfile%\Desktop\437-whatever.doc -> [Ver = | Size = 9485312 bytes | Modified Date = 2/27/2008 7:35:18 PM | Attr = ] backups -> %UserProfile%\Desktop\backups -> [Folder | Created Date = 2/29/2008 3:00:06 PM | Attr = ] Counter Strike -> %UserProfile%\Desktop\Counter Strike -> [Folder | Created Date = 2/27/2008 12:40:12 AM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/29/2008 2:50:44 PM | Attr = ] HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 2/25/2008 4:47:41 PM | Attr = ] I Think I Love My Wife -> %UserProfile%\Desktop\I Think I Love My Wife -> [Folder | Created Date = 2/28/2008 6:55:05 PM | Attr = ] Ilya Shor's Job Resume.pdf -> %UserProfile%\Desktop\Ilya Shor's Job Resume.pdf -> [Ver = | Size = 20240 bytes | Modified Date = 2/3/2008 12:01:19 PM | Attr = ] Ilya Shor.exe -> %UserProfile%\Desktop\Ilya Shor.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 2/25/2008 4:47:41 PM | Attr = ] Limp Bizkit - Getcha Groove On.mp3 -> %UserProfile%\Desktop\Limp Bizkit - Getcha Groove On.mp3 -> [Ver = | Size = 6477910 bytes | Modified Date = 2/23/2008 6:03:19 PM | Attr = ] Link Geabber 3.0.4 -> %UserProfile%\Desktop\Link Geabber 3.0.4 -> [Folder | Created Date = 2/27/2008 2:46:57 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.17.0 | Size = 290816 bytes | Modified Date = 2/29/2008 3:27:22 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 2/24/2008 1:53:14 PM | Attr = ] The Wire - S01E01- The target.avi -> %UserProfile%\Desktop\The Wire - S01E01- The target.avi -> [Ver = | Size = 369553408 bytes | Modified Date = 2/28/2008 6:54:44 PM | Attr = ] Tom Petty - American Girl.mp3 -> %UserProfile%\Desktop\Tom Petty - American Girl.mp3 -> [Ver = | Size = 3355588 bytes | Modified Date = 2/7/2008 11:06:43 PM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 2/29/2008 6:13:36 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 481772 bytes | Modified Date = 2/29/2008 6:03:17 PM | Attr = ] [Files/Folders - Modified Within 90 days] 1fdbcd1f1b18010232fc918e889b6c8a -> %SystemDrive%\1fdbcd1f1b18010232fc918e889b6c8a -> [Folder | Modified Date = 1/20/2008 5:38:57 PM | Attr = ] 1 C:\*.tmp files -> C:\*.tmp -> boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 2/28/2008 11:15:07 PM | Attr = RHS] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2/29/2008 5:34:44 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2/29/2008 2:50:56 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2/29/2008 5:51:30 PM | Attr = ] New Folder -> %SystemDrive%\New Folder -> [Folder | Modified Date = 2/24/2008 1:33:01 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2/27/2008 3:16:38 PM | Attr = ] quarantine -> %SystemDrive%\quarantine -> [Folder | Modified Date = 2/29/2008 3:40:50 AM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2/27/2008 11:18:05 PM | Attr = HS] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 2/25/2008 2:26:10 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 2/27/2008 10:33:19 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2/29/2008 6:04:45 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2/29/2008 3:29:19 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 1/20/2008 6:24:08 PM | Attr = ] 22 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2/29/2008 3:41:04 PM | Attr = ] cfhkj.ini -> %SystemRoot%\System32\cfhkj.ini -> [Ver = | Size = 291016 bytes | Modified Date = 2/29/2008 6:18:59 PM | Attr = HS] cfhkj.ini2 -> %SystemRoot%\System32\cfhkj.ini2 -> [Ver = | Size = 291016 bytes | Modified Date = 2/29/2008 6:16:43 PM | Attr = HS] d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 2/25/2008 6:22:04 PM | Attr = ] DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 2/26/2008 3:01:26 AM | Attr = RHS] DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 2/29/2008 5:19:28 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 1/20/2008 6:27:41 PM | Attr = ] gnyynrww.ini -> %SystemRoot%\System32\gnyynrww.ini -> [Ver = | Size = 1259488 bytes | Modified Date = 2/29/2008 3:46:57 AM | Attr = HS] jkhfc.dll -> %SystemRoot%\System32\jkhfc.dll -> [Ver = | Size = 321600 bytes | Modified Date = 2/25/2008 2:31:28 PM | Attr = ] lxkeeegp.ini -> %SystemRoot%\System32\lxkeeegp.ini -> [Ver = | Size = 1242781 bytes | Modified Date = 2/28/2008 3:46:16 AM | Attr = HS] myymwoil.ini -> %SystemRoot%\System32\myymwoil.ini -> [Ver = | Size = 1245403 bytes | Modified Date = 2/28/2008 3:45:32 AM | Attr = HS] nGpxx01 -> %SystemRoot%\System32\nGpxx01 -> [Folder | Modified Date = 1/21/2008 12:37:30 PM | Attr = ] NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Modified Date = 2/26/2008 1:26:04 AM | Attr = ] qrrqfkhb.ini -> %SystemRoot%\System32\qrrqfkhb.ini -> [Ver = | Size = 1261625 bytes | Modified Date = 2/27/2008 2:43:00 AM | Attr = HS] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2/27/2008 11:18:05 PM | Attr = ] WDBtnMgr.exe -> %SystemRoot%\System32\WDBtnMgr.exe -> Western Digital Technologies, Inc. [Ver = 2, 0, 13, 0 | Size = 364544 bytes | Modified Date = 2/22/2008 2:39:15 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13702 bytes | Modified Date = 2/28/2008 3:04:35 PM | Attr = ] xvyissxc.ini -> %SystemRoot%\System32\xvyissxc.ini -> [Ver = | Size = 1259428 bytes | Modified Date = 2/29/2008 3:46:27 AM | Attr = HS] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2/25/2008 4:45:21 PM | Attr = H ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 1/20/2008 5:53:53 PM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 1/20/2008 5:53:22 PM | Attr = H ] BM7b4db051.xml -> %SystemRoot%\BM7b4db051.xml -> [Ver = | Size = 136652 bytes | Modified Date = 2/28/2008 2:51:45 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2/29/2008 5:03:32 PM | Attr = S] dellstat.ini -> %SystemRoot%\dellstat.ini -> [Ver = | Size = 291 bytes | Modified Date = 1/25/2008 12:34:11 PM | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 2/24/2008 2:15:39 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2/29/2008 2:55:38 PM | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2/29/2008 2:51:19 PM | Attr = ] go -> %SystemRoot%\go -> [Ver = | Size = 32 bytes | Modified Date = 2/27/2008 1:01:14 AM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 1/20/2008 6:30:08 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 1/20/2008 6:25:58 PM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 1/20/2008 6:41:20 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2/26/2008 3:01:15 AM | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 2/27/2008 1:45:42 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2/27/2008 1:43:56 AM | Attr = HS] lexstat.ini -> %SystemRoot%\lexstat.ini -> [Ver = | Size = 49 bytes | Modified Date = 1/25/2008 12:26:25 PM | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 1/20/2008 6:26:11 PM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 1/20/2008 5:45:18 PM | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 2/28/2008 3:40:33 AM | Attr = ] randseed.rnd -> %SystemRoot%\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 2/29/2008 12:02:25 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 256 bytes | Modified Date = 2/28/2008 11:15:07 PM | Attr = ] SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 2/29/2008 5:34:38 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2/29/2008 5:07:05 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2/29/2008 5:40:04 PM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 1/20/2008 6:26:23 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 663 bytes | Modified Date = 2/28/2008 11:15:07 PM | Attr = ] winamp.ini -> %SystemRoot%\winamp.ini -> [Ver = | Size = 1125 bytes | Modified Date = 1/9/2008 11:56:19 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2/27/2008 1:43:27 AM | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 2/29/2008 5:07:05 PM | Attr = H ] hhcolreg.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 9031 bytes | Modified Date = 2/24/2008 1:56:48 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 2/28/2008 11:52:28 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5456 bytes | Modified Date = 2/28/2008 11:52:27 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11096 bytes | Modified Date = 9/14/2006 1:36:18 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 2/21/2008 8:05:08 AM | Attr = ] QTSBandwidthCache -> %AllUsersProfile%\Application Data\QTSBandwidthCache -> [Ver = | Size = 1761 bytes | Modified Date = 2/13/2008 12:58:36 AM | Attr = ] River Past G5 -> %AllUsersProfile%\Application Data\River Past G5 -> [Folder | Modified Date = 2/22/2008 3:16:21 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2/24/2008 3:13:59 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 1/30/2008 5:40:29 PM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 2/21/2008 8:01:16 AM | Attr = ] AVSDVDPlayer.m3u -> %AppData%\AVSDVDPlayer.m3u -> [Ver = | Size = 120 bytes | Modified Date = 2/27/2008 1:59:04 AM | Attr = ] Juniper Networks -> %AppData%\Juniper Networks -> [Folder | Modified Date = 2/24/2008 4:02:20 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 1/23/2008 10:44:59 PM | Attr = S] Quantitative Micro Software -> %AppData%\Quantitative Micro Software -> [Folder | Modified Date = 12/6/2007 12:53:59 AM | Attr = ] Skype -> %AppData%\Skype -> [Folder | Modified Date = 2/29/2008 5:54:15 PM | Attr = ] vlc -> %AppData%\vlc -> [Folder | Modified Date = 2/27/2008 4:58:30 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 104448 bytes | Modified Date = 2/27/2008 2:18:29 PM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 1/20/2008 6:31:05 PM | Attr = ] WMTools Downloaded Files -> %UserProfile%\Local Settings\Application Data\WMTools Downloaded Files -> [Folder | Modified Date = 2/5/2008 11:18:21 PM | Attr = ] 437-Case 1-Par 1.doc -> %UserProfile%\My Documents\437-Case 1-Par 1.doc -> [Ver = | Size = 10403840 bytes | Modified Date = 2/15/2008 12:53:06 AM | Attr = ] 437-Case 1-Par 2.doc -> %UserProfile%\My Documents\437-Case 1-Par 2.doc -> [Ver = | Size = 9326592 bytes | Modified Date = 2/15/2008 12:57:34 AM | Attr = ] ACH case study.doc -> %UserProfile%\My Documents\ACH case study.doc -> [Ver = | Size = 81920 bytes | Modified Date = 2/21/2008 11:59:50 PM | Attr = ] ACH.doc -> %UserProfile%\My Documents\ACH.doc -> [Ver = | Size = 26112 bytes | Modified Date = 2/21/2008 7:56:18 PM | Attr = ] Adobe Reader 7.0.lnk -> %UserProfile%\My Documents\Adobe Reader 7.0.lnk -> [Ver = | Size = 1740 bytes | Modified Date = 2/21/2008 8:05:17 AM | Attr = ] Camfrog Video Chat 4.0.lnk -> %UserProfile%\My Documents\Camfrog Video Chat 4.0.lnk -> [Ver = | Size = 1824 bytes | Modified Date = 1/21/2008 11:28:11 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 80 bytes | Modified Date = 1/20/2008 6:31:01 PM | Attr = HS] Duty Schedule Spring 2008.doc -> %UserProfile%\My Documents\Duty Schedule Spring 2008.doc -> [Ver = | Size = 153088 bytes | Modified Date = 1/27/2008 3:29:09 PM | Attr = ] Econ 437 -> %UserProfile%\My Documents\Econ 437 -> [Folder | Modified Date = 2/15/2008 1:05:50 AM | Attr = ] First Class Mail.doc -> %UserProfile%\My Documents\First Class Mail.doc -> [Ver = | Size = 19968 bytes | Modified Date = 1/28/2008 5:14:39 PM | Attr = ] Ilya Shor's Personal Statement.doc -> %UserProfile%\My Documents\Ilya Shor's Personal Statement.doc -> [Ver = | Size = 27136 bytes | Modified Date = 2/13/2008 6:13:02 PM | Attr = ] Ilya Shor's Resume.doc -> %UserProfile%\My Documents\Ilya Shor's Resume.doc -> [Ver = | Size = 54784 bytes | Modified Date = 2/13/2008 6:22:29 PM | Attr = ] Ilya Shor's Resume1.doc -> %UserProfile%\My Documents\Ilya Shor's Resume1.doc -> [Ver = | Size = 51200 bytes | Modified Date = 2/24/2008 5:44:49 PM | Attr = ] Issues Continued.doc -> %UserProfile%\My Documents\Issues Continued.doc -> [Ver = | Size = 24064 bytes | Modified Date = 1/24/2008 12:07:36 AM | Attr = ] Jump Start Your New Year by Making a Difference.doc -> %UserProfile%\My Documents\Jump Start Your New Year by Making a Difference.doc -> [Ver = | Size = 36864 bytes | Modified Date = 1/29/2008 10:12:23 AM | Attr = ] meh -> %UserProfile%\My Documents\meh -> [Ver = | Size = 1841 bytes | Modified Date = 2/18/2008 9:08:25 AM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 1/20/2008 6:31:01 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2/8/2008 12:16:13 AM | Attr = R ] New York Law - Personal Statement.doc -> %UserProfile%\My Documents\New York Law - Personal Statement.doc -> [Ver = | Size = 26624 bytes | Modified Date = 1/19/2008 9:45:00 PM | Attr = ] New York Law.pdf -> %UserProfile%\My Documents\New York Law.pdf -> [Ver = | Size = 73145 bytes | Modified Date = 2/13/2008 6:47:19 PM | Attr = ] RD Office Hours.doc -> %UserProfile%\My Documents\RD Office Hours.doc -> [Ver = | Size = 30208 bytes | Modified Date = 1/27/2008 7:46:48 PM | Attr = ] ron paul.doc -> %UserProfile%\My Documents\ron paul.doc -> [Ver = | Size = 22528 bytes | Modified Date = 2/14/2008 10:42:24 PM | Attr = ] Sample Door Tag.doc -> %UserProfile%\My Documents\Sample Door Tag.doc -> [Ver = | Size = 3008000 bytes | Modified Date = 1/22/2008 12:15:12 AM | Attr = ] ~$H case study.doc -> %UserProfile%\My Documents\~$H case study.doc -> [Ver = | Size = 162 bytes | Modified Date = 2/22/2008 12:00:02 AM | Attr = H ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 2/27/2008 12:46:57 AM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Modified Date = 12/2/2007 1:03:56 PM | Attr = ] PDFCreator.lnk -> %AllUsersProfile%\Desktop\PDFCreator.lnk -> [Ver = | Size = 706 bytes | Modified Date = 2/27/2008 3:08:31 PM | Attr = ] VLC media player.lnk -> %AllUsersProfile%\Desktop\VLC media player.lnk -> [Ver = | Size = 719 bytes | Modified Date = 2/27/2008 3:17:04 PM | Attr = ] 14 Rollin' (Urban Assault Vehicle).mp3 -> %UserProfile%\Desktop\14 Rollin' (Urban Assault Vehicle).mp3 -> [Ver = | Size = 10979011 bytes | Modified Date = 2/15/2008 1:21:41 AM | Attr = ] 437-whatever.doc -> %UserProfile%\Desktop\437-whatever.doc -> [Ver = | Size = 9485312 bytes | Modified Date = 2/27/2008 7:35:18 PM | Attr = ] backups -> %UserProfile%\Desktop\backups -> [Folder | Modified Date = 2/29/2008 3:25:53 PM | Attr = ] Counter Strike -> %UserProfile%\Desktop\Counter Strike -> [Folder | Modified Date = 2/27/2008 2:01:21 AM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2/29/2008 2:50:44 PM | Attr = ] HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 2/25/2008 4:47:41 PM | Attr = ] I Think I Love My Wife -> %UserProfile%\Desktop\I Think I Love My Wife -> [Folder | Modified Date = 2/28/2008 6:56:20 PM | Attr = ] Ilya Shor's Job Resume.pdf -> %UserProfile%\Desktop\Ilya Shor's Job Resume.pdf -> [Ver = | Size = 20240 bytes | Modified Date = 2/3/2008 12:01:19 PM | Attr = ] Ilya Shor.exe -> %UserProfile%\Desktop\Ilya Shor.exe -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 401720 bytes | Modified Date = 2/25/2008 4:47:41 PM | Attr = ] julieee -> %UserProfile%\Desktop\julieee -> [Folder | Modified Date = 2/22/2008 1:31:18 PM | Attr = ] Limp Bizkit - Getcha Groove On.mp3 -> %UserProfile%\Desktop\Limp Bizkit - Getcha Groove On.mp3 -> [Ver = | Size = 6477910 bytes | Modified Date = 2/23/2008 6:03:19 PM | Attr = ] Link Geabber 3.0.4 -> %UserProfile%\Desktop\Link Geabber 3.0.4 -> [Folder | Modified Date = 2/27/2008 2:46:57 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.17.0 | Size = 290816 bytes | Modified Date = 2/29/2008 3:27:22 PM | Attr = ] Resumes -> %UserProfile%\Desktop\Resumes -> [Folder | Modified Date = 2/27/2008 3:12:22 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 933 bytes | Modified Date = 2/24/2008 1:53:14 PM | Attr = ] The Godfather - Mob Hits II - Tarantella.mp3 -> %UserProfile%\Desktop\The Godfather - Mob Hits II - Tarantella.mp3 -> [Ver = | Size = 2685056 bytes | Modified Date = 12/14/2007 2:49:29 PM | Attr = ] The Wire - S01E01- The target.avi -> %UserProfile%\Desktop\The Wire - S01E01- The target.avi -> [Ver = | Size = 369553408 bytes | Modified Date = 2/28/2008 6:54:44 PM | Attr = ] Tom Petty - American Girl.mp3 -> %UserProfile%\Desktop\Tom Petty - American Girl.mp3 -> [Ver = | Size = 3355588 bytes | Modified Date = 2/7/2008 11:06:43 PM | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 2/29/2008 6:13:37 PM | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 481772 bytes | Modified Date = 2/29/2008 6:03:17 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 2/27/2008 1:43:27 AM | Attr = ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] C:\Documents and Settings\Administrator\Application Data\ -> C:\Documents and Settings\Administrator\Application Data -> [Folder | Modified Date = 12/21/2003 12:07:09 PM | Attr = RH ] Microsoft -> C:\Documents and Settings\Administrator\Application Data\Microsoft -> [Folder | Modified Date = 12/21/2003 8:18:28 PM | Attr = S] C:\Documents and Settings\All Users\Application Data\ -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 4/26/2007 11:48:01 AM | Attr = RH ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 11/23/2003 12:06:04 AM | Attr = ] AOL -> C:\Documents and Settings\All Users\Application Data\AOL -> [Folder | Modified Date = 5/13/2005 7:33:32 PM | Attr = ] DelFin -> C:\Documents and Settings\All Users\Application Data\DelFin -> [Folder | Modified Date = 12/9/2003 9:56:09 PM | Attr = ] Dell -> C:\Documents and Settings\All Users\Application Data\Dell -> [Folder | Modified Date = 11/11/2003 2:50:46 AM | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 11/28/2003 2:08:53 PM | Attr = S] MSN6 -> C:\Documents and Settings\All Users\Application Data\MSN6 -> [Folder | Modified Date = 12/21/2003 12:19:05 AM | Attr = ] Napster -> C:\Documents and Settings\All Users\Application Data\Napster -> [Folder | Modified Date = 11/20/2003 10:16:41 PM | Attr = ] QuickTime -> C:\Documents and Settings\All Users\Application Data\QuickTime -> [Folder | Modified Date = 11/11/2003 2:54:29 AM | Attr = ] SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [Folder | Modified Date = 11/11/2003 2:48:50 AM | Attr = ] Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec -> [Folder | Modified Date = 11/11/2003 2:56:18 AM | Attr = ] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [Folder | Modified Date = 11/11/2003 2:54:28 AM | Attr = ] C:\Documents and Settings\All Users.WINDOWS\Application Data\ -> C:\Documents and Settings\All Users.WINDOWS\Application Data -> [Folder | Modified Date = 2/21/2008 8:05:08 AM | Attr = RH ] Adobe -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe -> [Folder | Modified Date = 2/21/2008 8:05:08 AM | Attr = ] AOL -> C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL -> [Folder | Modified Date = 10/15/2005 4:33:59 PM | Attr = ] AOL Downloads -> C:\Documents and Settings\All Users.WINDOWS\Application Data\AOL Downloads -> [Folder | Modified Date = 1/23/2006 12:12:31 PM | Attr = ] Apple Computer -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer -> [Folder | Modified Date = 9/17/2006 10:19:58 PM | Attr = ] BVRP Software -> C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software -> [Folder | Modified Date = 12/21/2003 8:32:48 PM | Attr = ] CanonBJ -> C:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ -> [Folder | Modified Date = 5/29/2007 4:24:23 PM | Attr = H ] Creative -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Creative -> [Folder | Modified Date = 3/8/2005 10:20:04 PM | Attr = ] DVD Shrink -> C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink -> [Folder | Modified Date = 8/19/2007 8:28:42 PM | Attr = ] GTek -> C:\Documents and Settings\All Users.WINDOWS\Application Data\GTek -> [Folder | Modified Date = 5/1/2004 9:31:34 PM | Attr = H ] McAfee.com -> C:\Documents and Settings\All Users.WINDOWS\Application Data\McAfee.com -> [Folder | Modified Date = 4/10/2004 10:01:20 PM | Attr = ] Microsoft -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft -> [Folder | Modified Date = 8/21/2007 12:51:47 PM | Attr = S] MSN6 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN6 -> [Folder | Modified Date = 12/21/2003 10:17:33 PM | Attr = ] Netscape Internet Service -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Netscape Internet Service -> [Folder | Modified Date = 8/9/2005 12:00:31 PM | Attr = ] Network Associates -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Network Associates -> [Folder | Modified Date = 8/28/2005 10:25:37 AM | Attr = ] Pure Networks -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Pure Networks -> [Folder | Modified Date = 5/13/2005 7:33:07 PM | Attr = ] QuickTime -> C:\Documents and Settings\All Users.WINDOWS\Application Data\QuickTime -> [Folder | Modified Date = 12/23/2003 8:47:30 PM | Attr = ] Real -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Real -> [Folder | Modified Date = 12/8/2005 8:23:39 AM | Attr = ] River Past G5 -> C:\Documents and Settings\All Users.WINDOWS\Application Data\River Past G5 -> [Folder | Modified Date = 2/22/2008 3:16:21 PM | Attr = ] SecTaskMan -> C:\Documents and Settings\All Users.WINDOWS\Application Data\SecTaskMan -> [Folder | Modified Date = 8/5/2005 2:18:59 PM | Attr = ] Skype -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Skype -> [Folder | Modified Date = 9/25/2007 9:27:37 PM | Attr = ] Spybot - Search & Destroy -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2/24/2008 3:13:59 PM | Attr = ] Support.com -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Support.com -> [Folder | Modified Date = 5/22/2006 11:11:57 PM | Attr = ] Symantec -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec -> [Folder | Modified Date = 8/4/2004 2:33:43 PM | Attr = ] TEMP -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP -> [Folder | Modified Date = 2/26/2007 8:55:20 PM | Attr = ] Viewpoint -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint -> [Folder | Modified Date = 4/29/2007 3:15:12 PM | Attr = ] Windows Genuine Advantage -> C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 8/28/2005 10:17:13 AM | Attr = ] yahoo! -> C:\Documents and Settings\All Users.WINDOWS\Application Data\yahoo! -> [Folder | Modified Date = 2/11/2007 1:16:57 AM | Attr = ] C:\Documents and Settings\Default User\Application Data\ -> C:\Documents and Settings\Default User\Application Data -> [Folder | Modified Date = 11/11/2003 2:56:52 AM | Attr = RH ] Identities -> C:\Documents and Settings\Default User\Application Data\Identities -> [Folder | Modified Date = 11/11/2003 2:20:42 AM | Attr = ] Microsoft -> C:\Documents and Settings\Default User\Application Data\Microsoft -> [Folder | Modified Date = 11/11/2003 2:50:48 AM | Attr = S] Real -> C:\Documents and Settings\Default User\Application Data\Real -> [Folder | Modified Date = 11/11/2003 2:56:55 AM | Attr = ] Sonic -> C:\Documents and Settings\Default User\Application Data\Sonic -> [Folder | Modified Date = 11/11/2003 3:00:29 AM | Attr = ] Sun -> C:\Documents and Settings\Default User\Application Data\Sun -> [Folder | Modified Date = 11/11/2003 2:41:51 AM | Attr = ] Symantec -> C:\Documents and Settings\Default User\Application Data\Symantec -> [Folder | Modified Date = 11/11/2003 2:56:10 AM | Attr = ] C:\Documents and Settings\Default User.WINDOWS\Application Data\ -> C:\Documents and Settings\Default User.WINDOWS\Application Data -> [Folder | Modified Date = 12/21/2003 12:07:09 PM | Attr = RH ] Microsoft -> C:\Documents and Settings\Default User.WINDOWS\Application Data\Microsoft -> [Folder | Modified Date = 12/21/2003 8:18:28 PM | Attr = S] C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\ -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data -> [Folder | Modified Date = 2/24/2008 4:02:48 PM | Attr = ] .gaim -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\.gaim -> [Folder | Modified Date = 11/8/2006 12:32:16 AM | Attr = ] Adobe -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Adobe -> [Folder | Modified Date = 1/30/2008 5:40:29 PM | Attr = ] AdobeUM -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\AdobeUM -> [Folder | Modified Date = 2/21/2008 8:01:16 AM | Attr = ] Ahead -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Ahead -> [Folder | Modified Date = 3/1/2007 2:33:47 PM | Attr = ] Aim -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Aim -> [Folder | Modified Date = 9/10/2004 6:46:18 PM | Attr = ] AOL -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\AOL -> [Folder | Modified Date = 8/28/2005 3:56:09 PM | Attr = ] Apple Computer -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Apple Computer -> [Folder | Modified Date = 10/16/2005 6:38:25 PM | Attr = ] Camfrog -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Camfrog -> [Folder | Modified Date = 11/11/2007 1:14:35 AM | Attr = ] Corel -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Corel -> [Folder | Modified Date = 3/31/2004 5:01:26 PM | Attr = ] Creative -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Creative -> [Folder | Modified Date = 5/7/2004 6:31:16 PM | Attr = ] CTdeveloping -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\CTdeveloping -> [Folder | Modified Date = 9/29/2007 10:09:43 PM | Attr = ] CyberLink -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\CyberLink -> [Folder | Modified Date = 8/22/2005 9:06:12 PM | Attr = ] DivX -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\DivX -> [Folder | Modified Date = 2/5/2007 9:26:36 PM | Attr = ] EAST Technologies -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\EAST Technologies -> [Folder | Modified Date = 2/1/2004 12:04:27 PM | Attr = ] Google -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Google -> [Folder | Modified Date = 8/10/2007 10:45:34 PM | Attr = ] GTek -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\GTek -> [Folder | Modified Date = 5/1/2004 9:31:35 PM | Attr = H ] Help -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Help -> [Folder | Modified Date = 10/28/2006 10:32:11 PM | Attr = ] Identities -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Identities -> [Folder | Modified Date = 12/21/2003 8:28:50 PM | Attr = ] InterTrust -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\InterTrust -> [Folder | Modified Date = 4/10/2004 10:59:33 PM | Attr = ] JobTabs -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\JobTabs -> [Folder | Modified Date = 8/10/2007 12:37:40 PM | Attr = ] Juniper Networks -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Juniper Networks -> [Folder | Modified Date = 2/24/2008 4:02:20 PM | Attr = ] Kazaa Lite -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Kazaa Lite -> [Folder | Modified Date = 12/25/2003 2:17:30 PM | Attr = ] Lavasoft -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Lavasoft -> [Folder | Modified Date = 8/28/2005 4:11:19 PM | Attr = ] Leadertech -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Leadertech -> [Folder | Modified Date = 12/27/2003 5:13:58 PM | Attr = ] Macromedia -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Macromedia -> [Folder | Modified Date = 6/5/2004 12:01:33 AM | Attr = ] McAfee.com Personal Firewall -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\McAfee.com Personal Firewall -> [Folder | Modified Date = 12/21/2003 10:03:08 PM | Attr = ] Media Player Classic -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Media Player Classic -> [Folder | Modified Date = 12/8/2005 8:25:09 AM | Attr = ] Microsoft -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Microsoft -> [Folder | Modified Date = 1/23/2008 10:44:59 PM | Attr = S] Move Networks -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Move Networks -> [Folder | Modified Date = 8/6/2007 12:53:19 AM | Attr = H ] Mozilla -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Mozilla -> [Folder | Modified Date = 2/12/2005 5:09:14 PM | Attr = ] MSN6 -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\MSN6 -> [Folder | Modified Date = 12/21/2003 10:18:40 PM | Attr = ] Quantitative Micro Software -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Quantitative Micro Software -> [Folder | Modified Date = 12/6/2007 12:53:59 AM | Attr = ] Real -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Real -> [Folder | Modified Date = 12/8/2005 8:25:09 AM | Attr = ] River Past G5 -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\River Past G5 -> [Folder | Modified Date = 4/21/2007 8:29:16 PM | Attr = ] Seven Zip -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Seven Zip -> [Folder | Modified Date = 10/7/2006 8:38:13 AM | Attr = ] Skype -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Skype -> [Folder | Modified Date = 2/29/2008 5:54:15 PM | Attr = ] Sonic -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Sonic -> [Folder | Modified Date = 12/27/2003 5:14:12 PM | Attr = ] SSH -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\SSH -> [Folder | Modified Date = 3/14/2005 10:06:29 PM | Attr = ] STOIK -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\STOIK -> [Folder | Modified Date = 7/1/2007 3:38:41 PM | Attr = ] Sun -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Sun -> [Folder | Modified Date = 2/11/2004 6:44:56 PM | Attr = ] Symantec -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Symantec -> [Folder | Modified Date = 12/21/2003 9:46:17 PM | Attr = ] Talkback -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Talkback -> [Folder | Modified Date = 2/12/2005 5:09:11 PM | Attr = ] tunebite -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\tunebite -> [Folder | Modified Date = 3/18/2007 10:13:32 PM | Attr = ] TVU networks -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\TVU networks -> [Folder | Modified Date = 1/30/2007 9:38:09 PM | Attr = ] uTorrent -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\uTorrent -> [Folder | Modified Date = 1/23/2007 6:41:23 PM | Attr = ] Viewpoint -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Viewpoint -> [Folder | Modified Date = 4/29/2007 3:15:14 PM | Attr = ] vlc -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\vlc -> [Folder | Modified Date = 2/27/2008 4:58:30 PM | Attr = ] WinPatrol -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\WinPatrol -> [Folder | Modified Date = 8/19/2007 12:57:11 AM | Attr = ] Yahoo! -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Yahoo! -> [Folder | Modified Date = 2/8/2007 9:20:34 PM | Attr = ] Yahoo! Messenger -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\Yahoo! Messenger -> [Folder | Modified Date = 3/3/2004 10:43:21 PM | Attr = ] You've Got Pictures Screensaver -> C:\Documents and Settings\Ilya Shor.ICOMPUTETHINGS\Application Data\You've Got Pictures Screensaver -> [Folder | Modified Date = 5/13/2005 7:37:12 PM | Attr = ] C:\Documents and Settings\ILYASH~1~ICO\Application Data\ -> -> File not found C:\Documents and Settings\LocalService\Application Data\ -> C:\Documents and Settings\LocalService\Application Data -> [Folder | Modified Date = 11/11/2003 2:20:42 AM | Attr = ] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [Folder | Modified Date = 11/11/2003 2:20:42 AM | Attr = S] C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\ -> C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data -> [Folder | Modified Date = 3/15/2004 6:41:34 AM | Attr = ] Macromedia -> C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Macromedia -> [Folder | Modified Date = 3/15/2004 6:41:34 AM | Attr = ] McAfee.com Personal Firewall -> C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\McAfee.com Personal Firewall -> [Folder | Modified Date = 12/21/2003 10:00:44 PM | Attr = ] Microsoft -> C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Microsoft -> [Folder | Modified Date = 12/21/2003 8:27:27 PM | Attr = S] C:\Documents and Settings\NetworkService\Application Data\ -> C:\Documents and Settings\NetworkService\Application Data -> [Folder | Modified Date = 11/11/2003 2:20:42 AM | Attr = ] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [Folder | Modified Date = 11/11/2003 2:20:42 AM | Attr = S] C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\ -> C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data -> [Folder | Modified Date = 12/21/2003 8:27:26 PM | Attr = ] Microsoft -> C:\Documents and Settings\NetworkService.NT AUTHORITY\Application Data\Microsoft -> [Folder | Modified Date = 12/21/2003 8:27:27 PM | Attr = S] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 2/29/2008 5:07:05 PM | Attr = S] AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 1/19/2007 9:31:21 PM | Attr = ] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 7/16/2003 3:36:49 PM | Attr = RH ] MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 2/29/2008 5:07:05 PM | Attr = H ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/15/2005 1:07:26 AM | Attr = H ] Symantec NetDetect.job -> C:\WINDOWS\Tasks\Symantec NetDetect.job -> [Ver = | Size = 420 bytes | Modified Date = 5/15/2005 1:07:00 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]