[code] WinPFind35 logfile created on: 2008-03-08 11:46:06 WinPFind35U Version 1.0.3.1 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind35u Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd 1023.37 Mb Total Physical Memory | 623.46 Mb Available Physical Memory | 60.92% Memory free 2.43 Gb Paging File | 2.14 Gb Available in Paging File | 87.97% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 189.91 Gb Total Space | 128.13 Gb Free Space | 67.47% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: IAN-N0PWE5PRRQ Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - All] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-11 15:43:31 | Attr = ] aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 2004-10-15 15:54:14 | Attr = ] aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 2004-10-15 15:54:12 | Attr = ] ctsvccda.exe -> %SystemRoot%\SysWOW64\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 1999-12-13 01:01:00 | Attr = ] wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 2003-08-27 09:27:44 | Attr = ] ctfmon.exe -> %SystemRoot%\SysWOW64\ctfmon.exe -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 15360 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ] rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 34816 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ] verizonservicepoint.exe -> %ProgramFiles%\Verizon\VSP\VerizonServicepoint.exe -> Verizon [Ver = 1.5.12.18212 | Size = 2061816 bytes | Modified Date = 2007-05-11 14:20:04 | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.3.1 | Size = 310784 bytes | Modified Date = 2008-03-05 01:21:14 | Attr = ] [Win32 Services - Non-Microsoft Only] (a2free) a-squared Free Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.384 | Size = 366712 bytes | Modified Date = 2008-01-14 12:00:23 | Attr = ] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-11 15:43:31 | Attr = ] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 2006-10-23 07:50:35 | Attr = R ] (AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 2004-10-15 15:54:14 | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 07:31:10 | Attr = ] (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2008-01-25 03:00:38 | Attr = ] (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2008-01-25 03:00:46 | Attr = ] (AvgCoreSvc) AVG7 Resident Shield Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 2008-01-25 03:00:38 | Attr = ] (AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 2008-01-25 03:00:44 | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 1999-12-13 01:01:00 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> File not found (Eventlog) Event Log [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found (HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\lsass.exe -> File not found (ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\imapi.exe -> File not found (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.3.0.54 | Size = 501048 bytes | Modified Date = 2007-06-28 08:14:32 | Attr = ] (MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfService.exe -> McAfee Corporation [Ver = 4.1.0.1 | Size = 184320 bytes | Modified Date = 2003-01-29 16:30:58 | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\msdtc.exe -> File not found (Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found (NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc64.exe -> File not found (OOD2000) O&O Defrag 2000 [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\OOD2000.exe -> O&O Software GmbH [Ver = 3.5.562 | Size = 238080 bytes | Modified Date = 2001-04-06 12:57:46 | Attr = ] (PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found (PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found (ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found (RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> -> File not found (SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found (TlntSvr) Telnet [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\tlntsvr.exe -> File not found (vds) Virtual Disk Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vds.exe -> File not found (VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vssvc.exe -> File not found (WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 2003-08-27 09:27:44 | Attr = ] (WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wbem\wmiapsrv.exe -> File not found [Registry - All] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 04:25:42 | Attr = ] amd_dc_opt -> %ProgramFiles%\AMD\Dual-Core Optimizer\amd_dc_opt.exe -> AMD [Ver = 1, 1, 3, 0 | Size = 77824 bytes | Modified Date = 2007-07-23 11:06:28 | Attr = ] MPFExe -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfTray.exe -> McAfee Security [Ver = 4.5.4.41 | Size = 1187899 bytes | Modified Date = 2005-04-12 15:44:06 | Attr = ] P17Helper -> %SystemRoot%\system32\P17.dll -> [Ver = 1.0.1.41 | Size = 64512 bytes | Modified Date = 2005-05-03 22:38:42 | Attr = ] VerizonServicepoint.exe -> %ProgramFiles%\Verizon\VSP\VerizonServicepoint.exe -> Verizon [Ver = 1.5.12.18212 | Size = 2061816 bytes | Modified Date = 2007-05-11 14:20:04 | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ctfmon.exe -> %SystemRoot%\system32\ctfmon.exe -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 15360 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ] SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 2008-01-28 11:43:40 | Attr = RHS] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> Your Image File Name Here without a path -> %SystemRoot%\system32\ntsd.exe [Debugger] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 40960 bytes | Modified Date = 2007-02-18 10:05:44 | Attr = ] < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {fbeb8a05-beee-4442-804e-409d6c4515e9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\shell32.dll [CDBurn] -> Microsoft Corporation [Ver = 6.00.3790.4184 (srv03_sp2_gdr.071106-1258) | Size = 8360448 bytes | Modified Date = 2007-11-08 00:55:44 | Attr = ] {7849596a-48ea-486e-8937-a2a3009f31a9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\shell32.dll [PostBootReminder] -> Microsoft Corporation [Ver = 6.00.3790.4184 (srv03_sp2_gdr.071106-1258) | Size = 8360448 bytes | Modified Date = 2007-11-08 00:55:44 | Attr = ] {35CEC8A3-2BE6-11D2-8773-92E220524153} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 122880 bytes | Modified Date = 2007-02-18 10:05:52 | Attr = ] {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 233472 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [AVG Anti-Spyware 7.5] -> File not found {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 2006-12-20 12:55:48 | Attr = ] {AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\shell32.dll [] -> Microsoft Corporation [Ver = 6.00.3790.4184 (srv03_sp2_gdr.071106-1258) | Size = 8360448 bytes | Modified Date = 2007-11-08 00:55:44 | Attr = ] < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> {438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\browseui.dll [Browseui preloader] -> Microsoft Corporation [Ver = 6.00.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 1033216 bytes | Modified Date = 2007-02-18 10:05:20 | Attr = ] {8C7461EF-2B13-11d2-BE35-3078302C2030} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\browseui.dll [Component Categories cache daemon] -> Microsoft Corporation [Ver = 6.00.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 1033216 bytes | Modified Date = 2007-02-18 10:05:20 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dll -> %SystemRoot%\system32\msapsspc.dll -> Microsoft Corporation [Ver = 6.00.7755 | Size = 80128 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ] schannel.dll -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.2.3790.4068 (srv03_sp2_gdr.070425-2330) | Size = 146944 bytes | Modified Date = 2007-04-25 13:45:30 | Attr = ] digest.dll -> %SystemRoot%\system32\digest.dll -> Microsoft Corporation [Ver = 6.00.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 71680 bytes | Modified Date = 2007-02-18 10:05:58 | Attr = ] msnsspc.dll -> %SystemRoot%\system32\msnsspc.dll -> Microsoft Corporation [Ver = 6.1.1825.0 | Size = 319760 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 1364480 bytes | Modified Date = 2007-02-16 23:20:36 | Attr = ] *MultiFile Done* -> -> *System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System -> lsass.exe -> lsass.exe -> File not found *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\SYSTEM32\Userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 26112 bytes | Modified Date = 2007-02-18 10:05:56 | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> %SystemRoot%\system32\logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 516096 bytes | Modified Date = 2007-02-18 10:05:34 | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\rundll32.exe -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 34816 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 301568 bytes | Modified Date = 2007-02-18 10:05:52 | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2007-02-27 11:39:26 | Attr = ] avgwlx64 -> -> File not found crypt32chain -> %SystemRoot%\system32\crypt32.dll -> Microsoft Corporation [Ver = 5.131.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 595456 bytes | Modified Date = 2007-02-18 10:05:24 | Attr = ] cryptnet -> %SystemRoot%\system32\cryptnet.dll -> Microsoft Corporation [Ver = 5.131.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 62464 bytes | Modified Date = 2007-02-18 10:05:24 | Attr = ] cscdll -> %SystemRoot%\system32\cscdll.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 101888 bytes | Modified Date = 2007-02-18 10:05:24 | Attr = ] dimsntfy -> %SystemRoot%\system32\dimsntfy.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 19456 bytes | Modified Date = 2007-02-18 10:05:26 | Attr = ] EFS -> %SystemRoot%\system32\sclgntfy.dll -> Microsoft Corporation [Ver = 5.2.3790.0 (srv03_rtm.030324-2048) | Size = 19968 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ] ScCertProp -> wlnotify.dll -> File not found Schedule -> wlnotify.dll -> File not found sclgntfy -> %SystemRoot%\system32\sclgntfy.dll -> Microsoft Corporation [Ver = 5.2.3790.0 (srv03_rtm.030324-2048) | Size = 19968 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ] SensLogn -> WlNotify.dll -> File not found termsrv -> -> File not found wlballoon -> wlnotify.dll -> File not found WRNotifier -> WRLogonNTF.dll -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\scforceoption -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 -> < HOSTS File > (227804 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central -> HKEY_CURRENT_USER\: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ieframe.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 6066176 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4237 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6311 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 2006-12-18 03:16:42 | Attr = ] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ExPLabs.com\LinkScanner\LinkScannerIE.dll [XPL LinkScannerIE] -> Exploit Prevention Labs, Inc. [Ver = 2.6.6.90 | Size = 361752 bytes | Modified Date = 2007-08-20 23:00:03 | Attr = ] {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\vol_toolbar\vol_toolbar.dll [Verizon Broadband Toolbar] -> Verizon Online. [Ver = 5.0.1.200 | Size = 1904128 bytes | Modified Date = 2007-05-25 08:15:48 | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4D5C8C25-D075-11d0-B416-00C04FB90376} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\shdocvw.dll [&Tip of the Day] -> Microsoft Corporation [Ver = 6.00.3790.4064 (srv03_sp2_gdr.070418-2348) | Size = 1508352 bytes | Modified Date = 2007-05-03 12:46:32 | Attr = ] {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\shdocvw.dll [Real.com] -> Microsoft Corporation [Ver = 6.00.3790.4064 (srv03_sp2_gdr.070418-2348) | Size = 1508352 bytes | Modified Date = 2007-05-03 12:46:32 | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {EFA24E64-B078-11D0-89E4-00C04FC9E26E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\shdocvw.dll [Explorer Band] -> Microsoft Corporation [Ver = 6.00.3790.4064 (srv03_sp2_gdr.070418-2348) | Size = 1508352 bytes | Modified Date = 2007-05-03 12:46:32 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\vol_toolbar\vol_toolbar.dll [Verizon Broadband Toolbar] -> Verizon Online. [Ver = 5.0.1.200 | Size = 1904128 bytes | Modified Date = 2007-05-25 08:15:48 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 1033216 bytes | Modified Date = 2007-02-18 10:05:20 | Attr = ] WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 1033216 bytes | Modified Date = 2007-02-18 10:05:20 | Attr = ] WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\shell32.dll [&Links] -> Microsoft Corporation [Ver = 6.00.3790.4184 (srv03_sp2_gdr.071106-1258) | Size = 8360448 bytes | Modified Date = 2007-11-08 00:55:44 | Attr = ] WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\vol_toolbar\vol_toolbar.dll [Verizon Broadband Toolbar] -> Verizon Online. [Ver = 5.0.1.200 | Size = 1904128 bytes | Modified Date = 2007-05-25 08:15:48 | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 2005-08-04 20:54:42 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ] CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {3798EE93-C434-44F8-A172-20DE7E85C3FC} -> (1394 Net Adapter) -> {83E5E45F-204D-454F-B158-18169371B471} -> () -> {D0FC8148-9A52-45C0-8D22-8E3807D72798} -> (Wireless PCI Adapter) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 233472 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ] NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -> %SystemRoot%\system32\winrnr.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 17408 bytes | Modified Date = 2007-02-18 10:05:58 | Attr = ] NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 233472 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 233472 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 233472 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 233472 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 233472 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 233472 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML About Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[CDL: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\msvidctl.dll[DVD: Pluggable Protocol] -> Microsoft Corporation [Ver = 6.05.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 1563136 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ] file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[file:, local: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[ftp: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\urlmon.dll[gopher: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[http: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[https: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\itss.dll[Microsoft InfoTech Protocols for IE 4.0] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 137216 bytes | Modified Date = 2007-02-18 10:05:32 | Attr = ] javascript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML Javascript Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[file:, local: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML Mailto Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\inetcomm.dll[MHTML Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 6.00.3790.4133 (srv03_sp2_gdr.070816-0230) | Size = 694784 bytes | Modified Date = 2007-08-17 12:51:24 | Attr = ] mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[mk: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\itss.dll[Microsoft InfoTech Protocols for IE 4.0] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 137216 bytes | Modified Date = 2007-02-18 10:05:32 | Attr = ] res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML Resource Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] sysimage:{76E67A63-06E9-11D2-A840-006008059382} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\mshtml.dll[Microsoft HTML Resource Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\msvidctl.dll[TV: Pluggable Protocol] -> Microsoft Corporation [Ver = 6.05.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 1563136 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ] vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML Javascript Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\wiascr.dll[WiaProtocol Class] -> Microsoft Corporation [Ver = 5.2.3790.0 (srv03_rtm.030324-2048) | Size = 74240 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ] < Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mscoree.dll[Cor MIME Filter, CorFltr, CorFltr 1] -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 2007-04-13 02:21:14 | Attr = ] application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mscoree.dll[Cor MIME Filter, CorFltr, CorFltr 1] -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 2007-04-13 02:21:14 | Attr = ] application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mscoree.dll[Cor MIME Filter, CorFltr, CorFltr 1] -> Microsoft Corporation [Ver = 2.0.50727.832 (QFE.050727-8300) | Size = 271360 bytes | Modified Date = 2007-04-13 02:21:14 | Attr = ] Class Install Handler:{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[AP Class Install Handler filter] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] deflate:{8f6b0360-b80d-11d0-a9b3-006097942311}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[AP encoding/decoding Filters] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] gzip:{8f6b0360-b80d-11d0-a9b3-006097942311}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[AP encoding/decoding Filters] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] lzdhtml:{8f6b0360-b80d-11d0-a9b3-006097942311}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[AP encoding/decoding Filters] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 2008-01-12 13:33:44 | Attr = ] text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\SysWOW64\shell32.dll[WebView MIME Filter] -> Microsoft Corporation [Ver = 6.00.3790.4184 (srv03_sp2_gdr.071106-1258) | Size = 8360448 bytes | Modified Date = 2007-11-08 00:55:44 | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {01113300-3E00-11D2-8470-0060089874ED}[HKEY_LOCAL_MACHINE] -> https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab[Reg Error: Key does not exist or could not be opened.] -> {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15031/CTSUEng.cab[Creative Software AutoUpdate] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {3BFFE033-BF43-11D5-A271-00A024A51325}[HKEY_LOCAL_MACHINE] -> https://dcwebmail1.epa.gov/iNotes6W.cab[Reg Error: Key does not exist or could not be opened.] -> {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[McAfee.com Operating System Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39509.4966666667[Update Class] -> {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab[DwnldGroupMgr Class] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab[PopCapLoader Object] -> {F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15034/CTPID.cab[Creative Software AutoUpdate Support Package] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\\SuppressDuplicateDuration -> 86400 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 143360 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 350720 bytes | Modified Date = 2007-02-18 10:05:34 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 143360 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.2.3790.4068 (srv03_sp2_gdr.070425-2330) | Size = 146944 bytes | Modified Date = 2007-04-25 13:45:30 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 76288 bytes | Modified Date = 2007-02-18 10:06:04 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 444 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 188928 bytes | Modified Date = 2007-02-18 10:05:48 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 121856 bytes | Modified Date = 2007-02-18 10:05:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 14848 bytes | Modified Date = 2007-02-18 10:05:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1602 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\system32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 343552 bytes | Modified Date = 2007-02-18 10:05:32 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe -> C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe [C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> America Online, Inc. [Ver = 9.2.0.1 | Size = 11352 bytes | Modified Date = 2005-07-11 16:35:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 71216 bytes | Modified Date = 2006-10-23 07:50:37 | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 2006-10-23 07:50:35 | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\America Online 9.0c\waol.exe -> C:\Program Files (x86)\America Online 9.0c\waol.exe [C:\Program Files (x86)\America Online 9.0c\waol.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 9.02.000 | Size = 37464 bytes | Modified Date = 2005-07-12 00:17:51 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -> C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 2004-10-15 15:54:14 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe -> C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 2004-10-15 15:54:12 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AOL\1148778991\EE\AOLServiceHost.exe -> C:\Program Files (x86)\Common Files\AOL\1148778991\EE\AOLServiceHost.exe [C:\Program Files (x86)\Common Files\AOL\1148778991\EE\AOLServiceHost.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 1.0.0.6 | Size = 110680 bytes | Modified Date = 2004-11-03 16:03:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe -> C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe [C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> America Online Inc. [Ver = 1, 0, 0, 1 | Size = 140888 bytes | Modified Date = 2005-04-05 19:06:43 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> C:\Program Files (x86)\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files (x86)\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> Gteko Ltd. [Ver = 1, 0, 0, 35 | Size = 59992 bytes | Modified Date = 2004-10-14 15:34:06 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\LimeWire\LimeWire.exe -> C:\Program Files (x86)\LimeWire\LimeWire.exe [C:\Program Files (x86)\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 2007-09-17 09:19:14 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Real\RealPlayer\realplay.exe -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe [C:\Program Files (x86)\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 6.0.12.1662 | Size = 214296 bytes | Modified Date = 2007-11-22 12:02:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\iTunes\iTunes.exe -> C:\Program Files (x86)\iTunes\iTunes.exe [C:\Program Files (x86)\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.3.0.54 | Size = 15330616 bytes | Modified Date = 2007-06-28 08:14:36 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Grisoft\AVG7\avginet.exe -> C:\Program Files (x86)\Grisoft\AVG7\avginet.exe [C:\Program Files (x86)\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 2008-01-25 03:00:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe [C:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2008-01-25 03:00:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Grisoft\AVG7\avgcc.exe -> C:\Program Files (x86)\Grisoft\AVG7\avgcc.exe [C:\Program Files (x86)\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2008-01-25 03:00:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Grisoft\AVG7\avgemc.exe -> C:\Program Files (x86)\Grisoft\AVG7\avgemc.exe [C:\Program Files (x86)\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 2008-01-25 03:00:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe [C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-02 05:07:41 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 14848 bytes | Modified Date = 2007-02-18 10:05:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 14848 bytes | Modified Date = 2007-02-18 10:05:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 69120 bytes | Modified Date = 2007-02-18 10:05:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> -> File not found TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 2008-01-25 08:24:23 | Attr = RH ] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2008-03-07 19:02:17 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2008-01-01 12:31:08 | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2008-03-06 05:06:24 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 2008-02-04 15:09:16 | Attr = HS] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 2008-02-16 08:46:13 | Attr = ] tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2007-08-01 16:47:26 | Attr = ] 9275D.mht -> %SystemRoot%\System32\9275D.mht -> [Ver = | Size = 2335270 bytes | Modified Date = 2008-02-28 15:18:57 | Attr = ] ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Created Date = 2008-01-01 11:54:14 | Attr = ] 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> audiopid.vxd -> %SystemRoot%\System32\audiopid.vxd -> [Ver = | Size = 7062 bytes | Modified Date = 2003-06-12 23:25:40 | Attr = ] CTSVCCDA.EXE -> %SystemRoot%\System32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 1999-12-13 01:01:00 | Attr = ] CTSVCCTL.EXE -> %SystemRoot%\System32\CTSVCCTL.EXE -> Creative Technology Ltd [Ver = 1.0.0.0 | Size = 25088 bytes | Modified Date = 1999-11-18 01:00:00 | Attr = ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2008-01-01 11:55:45 | Attr = ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2008-01-01 11:55:45 | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2008-01-01 11:55:45 | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2008-01-01 12:31:21 | Attr = ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 2008-03-07 17:48:51 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-03-07 19:02:19 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2008-02-24 05:11:11 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2008-03-03 04:36:41 | Attr = H ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 3459 bytes | Modified Date = 2008-02-11 13:15:57 | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2008-02-11 13:15:34 | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 2008-03-08 11:36:41 | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] avg7 -> %AllUsersProfile%\Application Data\avg7 -> [Folder | Created Date = 2008-01-25 03:00:36 | Attr = ] 1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Created Date = 2007-12-12 10:54:36 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 2008-02-28 19:20:58 | Attr = ] {970DA77C-0D99-4147-9457-55E2393495F0} -> %AllUsersProfile%\Application Data\{970DA77C-0D99-4147-9457-55E2393495F0} -> [Folder | Created Date = 2008-02-08 09:23:11 | Attr = H ] AVG7 -> %AppData%\AVG7 -> [Folder | Created Date = 2008-01-25 03:03:49 | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 2007-12-12 10:54:49 | Attr = ] HouseCall 6.6 -> %AppData%\HouseCall 6.6 -> [Folder | Created Date = 2008-02-28 10:48:07 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 2008-02-28 19:20:45 | Attr = ] Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [Folder | Created Date = 2008-01-26 20:09:12 | Attr = ] =Windows-1252BSU1HMDAxMjEuanBn= -> %UserProfile%\My Documents\=Windows-1252BSU1HMDAxMjEuanBn= -> [Ver = | Size = 447222 bytes | Modified Date = 2008-02-25 18:57:46 | Attr = ] =Windows-1252BSU1HMDAxMTIuanBn= -> %UserProfile%\My Documents\=Windows-1252BSU1HMDAxMTIuanBn= -> [Ver = | Size = 485816 bytes | Modified Date = 2008-02-25 18:59:43 | Attr = ] A plan to destroy your all your relationships.doc -> %UserProfile%\My Documents\A plan to destroy your all your relationships.doc -> [Ver = | Size = 76288 bytes | Modified Date = 2007-12-25 17:51:33 | Attr = ] a-squared Free -> %UserProfile%\My Documents\a-squared Free -> [Folder | Created Date = 2008-02-04 13:14:00 | Attr = ] Audio1.nra -> %UserProfile%\My Documents\Audio1.nra -> [Ver = | Size = 7954 bytes | Modified Date = 2008-01-27 21:52:07 | Attr = ] BaggageH.wmv -> %UserProfile%\My Documents\BaggageH.wmv -> [Ver = | Size = 6481658 bytes | Modified Date = 2007-12-14 09:04:46 | Attr = ] cc_20071226_1117.reg -> %UserProfile%\My Documents\cc_20071226_1117.reg -> [Ver = | Size = 1506 bytes | Modified Date = 2007-12-26 11:17:42 | Attr = ] cc_20071227_1809.reg -> %UserProfile%\My Documents\cc_20071227_1809.reg -> [Ver = | Size = 1222 bytes | Modified Date = 2007-12-27 18:09:50 | Attr = ] cc_20080101_0935.reg -> %UserProfile%\My Documents\cc_20080101_0935.reg -> [Ver = | Size = 1506 bytes | Modified Date = 2008-01-01 09:35:46 | Attr = ] cc_20080101_1329.reg -> %UserProfile%\My Documents\cc_20080101_1329.reg -> [Ver = | Size = 17180 bytes | Modified Date = 2008-01-01 13:30:01 | Attr = ] cc_20080114_1235.reg -> %UserProfile%\My Documents\cc_20080114_1235.reg -> [Ver = | Size = 5758 bytes | Modified Date = 2008-01-14 12:35:32 | Attr = ] cc_20080125_1628.reg -> %UserProfile%\My Documents\cc_20080125_1628.reg -> [Ver = | Size = 11974 bytes | Modified Date = 2008-01-25 16:28:59 | Attr = ] cc_20080128_1212.reg -> %UserProfile%\My Documents\cc_20080128_1212.reg -> [Ver = | Size = 7042 bytes | Modified Date = 2008-01-28 12:12:47 | Attr = ] Deelishis472-tn_edited.jpg -> %UserProfile%\My Documents\Deelishis472-tn_edited.jpg -> [Ver = | Size = 18503 bytes | Modified Date = 2007-12-15 16:08:17 | Attr = ] DontSleepAtWork_1.mpg -> %UserProfile%\My Documents\DontSleepAtWork_1.mpg -> [Ver = | Size = 2523178 bytes | Modified Date = 2008-01-05 07:13:46 | Attr = ] Easybutton.wmv -> %UserProfile%\My Documents\Easybutton.wmv -> [Ver = | Size = 840192 bytes | Modified Date = 2008-01-16 08:11:31 | Attr = ] GEvans.jpg -> %UserProfile%\My Documents\GEvans.jpg -> [Ver = | Size = 61987 bytes | Modified Date = 2008-01-14 08:08:56 | Attr = ] Hookedhim.wmv -> %UserProfile%\My Documents\Hookedhim.wmv -> [Ver = | Size = 1301025 bytes | Modified Date = 2008-02-04 07:01:31 | Attr = ] How_to_recognize_a_blond_antelope.wmv -> %UserProfile%\My Documents\How_to_recognize_a_blond_antelope.wmv -> [Ver = | Size = 635436 bytes | Modified Date = 2008-01-14 09:17:24 | Attr = ] Image.nrg -> %UserProfile%\My Documents\Image.nrg -> [Ver = | Size = 815085698 bytes | Modified Date = 2008-01-27 21:51:36 | Attr = ] Nero Playlist 1.nra -> %UserProfile%\My Documents\Nero Playlist 1.nra -> [Ver = | Size = 7306 bytes | Modified Date = 2008-01-27 21:03:08 | Attr = ] nimhdepression.pdf -> %UserProfile%\My Documents\nimhdepression.pdf -> [Ver = | Size = 1089723 bytes | Modified Date = 2008-02-19 02:32:46 | Attr = ] Oops_1.wmv -> %UserProfile%\My Documents\Oops_1.wmv -> [Ver = | Size = 3383125 bytes | Modified Date = 2007-12-15 03:57:47 | Attr = ] RatAnatomy.jpg -> %UserProfile%\My Documents\RatAnatomy.jpg -> [Ver = | Size = 19631 bytes | Modified Date = 2007-12-25 16:52:22 | Attr = ] Sade_adu.jpg -> %UserProfile%\My Documents\Sade_adu.jpg -> [Ver = | Size = 77525 bytes | Modified Date = 2008-01-27 08:32:16 | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 891 bytes | Modified Date = 2007-12-12 10:54:42 | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1612 bytes | Modified Date = 2008-02-29 09:35:02 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1580761 bytes | Modified Date = 2008-03-06 05:02:59 | Attr = ] CrucialScan.exe -> %UserProfile%\Desktop\CrucialScan.exe -> [Ver = | Size = 223368 bytes | Modified Date = 2008-01-28 14:26:04 | Attr = ] Firefox Setup 2.0.0.12.exe -> %UserProfile%\Desktop\Firefox Setup 2.0.0.12.exe -> Mozilla [Ver = 4.42 | Size = 6029648 bytes | Modified Date = 2008-02-29 09:34:30 | Attr = ] gimp-2.4.4-i686-setup.exe -> %UserProfile%\Desktop\gimp-2.4.4-i686-setup.exe -> [Ver = | Size = 16865248 bytes | Modified Date = 2008-01-31 05:51:48 | Attr = ] Internet Explorer (64-bit) (2).lnk -> %UserProfile%\Desktop\Internet Explorer (64-bit) (2).lnk -> [Ver = | Size = 803 bytes | Modified Date = 2008-03-03 05:05:58 | Attr = ] LinkScannerLiteSetup_2_6_6_0090_6.exe -> %UserProfile%\Desktop\LinkScannerLiteSetup_2_6_6_0090_6.exe -> Exploit Prevention Labs, Inc. [Ver = 2.6.6.0090 | Size = 3536704 bytes | Modified Date = 2008-02-08 08:03:48 | Attr = ] metal pedal mousetrap.avi -> %UserProfile%\Desktop\metal pedal mousetrap.avi -> [Ver = | Size = 4666368 bytes | Modified Date = 2000-08-17 16:52:06 | Attr = ] PageDefrag.zip -> %UserProfile%\Desktop\PageDefrag.zip -> [Ver = | Size = 69662 bytes | Modified Date = 2008-01-28 12:58:36 | Attr = ] PCRegistryCleaner_setup.exe -> %UserProfile%\Desktop\PCRegistryCleaner_setup.exe -> [Ver = | Size = 3749280 bytes | Modified Date = 2008-01-28 12:30:27 | Attr = ] Pocket PC -> %UserProfile%\Desktop\Pocket PC -> [Folder | Created Date = 2008-01-01 10:53:21 | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 975 bytes | Modified Date = 2008-02-11 13:17:00 | Attr = ] stng380.opt -> %UserProfile%\Desktop\stng380.opt -> [Ver = | Size = 17 bytes | Modified Date = 2008-02-28 16:57:17 | Attr = ] SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [Ver = | Size = 5797152 bytes | Modified Date = 2008-02-28 19:05:18 | Attr = ] WindowsDoors_FINAL_NEW.pdf -> %UserProfile%\Desktop\WindowsDoors_FINAL_NEW.pdf -> [Ver = | Size = 936144 bytes | Modified Date = 2008-02-02 07:07:54 | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 2008-03-08 11:42:44 | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 481921 bytes | Modified Date = 2008-03-08 11:39:57 | Attr = ] [Files/Folders - Modified Within 30 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2008-03-07 19:02:26 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073274880 bytes | Modified Date = 2008-03-08 11:33:34 | Attr = HS] Program Files -> %SystemDrive%\Program Files -> [Folder | Modified Date = 2008-03-02 15:03:30 | Attr = R ] Program Files (x86) -> %ProgramFiles% -> [Folder | Modified Date = 2008-03-02 15:03:31 | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2008-03-06 05:07:02 | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 2008-02-16 08:46:13 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-03-07 18:55:08 | Attr = ] 9275D.mht -> %SystemRoot%\System32\9275D.mht -> [Ver = | Size = 2335270 bytes | Modified Date = 2008-02-28 15:18:57 | Attr = ] Drivers -> %SystemRoot%\System32\Drivers -> [Folder | Modified Date = 2008-02-28 10:50:59 | Attr = ] 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2008-02-12 17:51:37 | Attr = H ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008-03-08 11:33:34 | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2008-02-13 19:17:21 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-03-05 08:38:27 | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2008-03-06 05:06:48 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008-03-02 15:03:31 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-03-02 15:03:40 | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2008-03-07 18:19:23 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 2008-03-03 04:35:43 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-03-08 11:43:21 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-03-07 19:02:19 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2008-02-24 05:11:11 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2008-03-03 04:36:41 | Attr = H ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008-02-13 17:51:09 | Attr = ] SysWOW64 -> %SystemRoot%\SysWOW64 -> [Folder | Modified Date = 2008-03-07 19:02:16 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2008-03-08 11:36:41 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2008-03-08 11:35:01 | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 3459 bytes | Modified Date = 2008-02-11 13:15:57 | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2008-02-11 13:15:34 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 781 bytes | Modified Date = 2008-02-25 18:51:52 | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 296 bytes | Modified Date = 2008-02-25 07:48:01 | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 2008-03-08 11:36:41 | Attr = H ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-03-08 11:33:40 | Attr = H ] Uniblue SpyEraser Nag.job -> %SystemRoot%\tasks\Uniblue SpyEraser Nag.job -> [Ver = | Size = 292 bytes | Modified Date = 2008-02-28 09:04:24 | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 8640 bytes | Modified Date = 2005-12-12 13:21:19 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5470 bytes | Modified Date = 2008-03-08 11:34:57 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5470 bytes | Modified Date = 2008-03-08 11:34:57 | Attr = ] kleyxg.ini -> C:\Documents and Settings\Administrator\Local Settings\Temp\kleyxg.ini -> [Ver = | Size = 426 bytes | Modified Date = 2008-03-07 18:20:51 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] avg7 -> %AllUsersProfile%\Application Data\avg7 -> [Folder | Modified Date = 2008-02-25 07:23:33 | Attr = ] 1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> Avira -> %AllUsersProfile%\Application Data\Avira -> [Folder | Modified Date = 2008-02-19 01:34:38 | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 2008-03-02 15:03:30 | Attr = S] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2008-03-07 18:19:50 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2008-02-28 19:20:58 | Attr = ] {970DA77C-0D99-4147-9457-55E2393495F0} -> %AllUsersProfile%\Application Data\{970DA77C-0D99-4147-9457-55E2393495F0} -> [Folder | Modified Date = 2008-02-08 09:23:16 | Attr = H ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 2008-02-09 11:05:50 | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 2008-02-11 12:31:56 | Attr = ] AVG7 -> %AppData%\AVG7 -> [Folder | Modified Date = 2008-03-06 05:50:14 | Attr = ] CallingID -> %AppData%\CallingID -> [Folder | Modified Date = 2008-03-08 11:43:37 | Attr = ] HouseCall 6.6 -> %AppData%\HouseCall 6.6 -> [Folder | Modified Date = 2008-02-28 14:12:00 | Attr = ] OpenOffice.org2 -> %AppData%\OpenOffice.org2 -> [Folder | Modified Date = 2008-03-05 10:55:10 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 2008-02-28 19:20:45 | Attr = ] Uniblue -> %AppData%\Uniblue -> [Folder | Modified Date = 2008-02-28 09:04:57 | Attr = ] vol_toolbar -> %AppData%\vol_toolbar -> [Folder | Modified Date = 2008-03-02 14:59:49 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 40488 bytes | Modified Date = 2008-02-28 15:56:34 | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2008-03-02 15:03:46 | Attr = S] =Windows-1252BSU1HMDAxMjEuanBn= -> %UserProfile%\My Documents\=Windows-1252BSU1HMDAxMjEuanBn= -> [Ver = | Size = 447222 bytes | Modified Date = 2008-02-25 18:57:46 | Attr = ] =Windows-1252BSU1HMDAxMTIuanBn= -> %UserProfile%\My Documents\=Windows-1252BSU1HMDAxMTIuanBn= -> [Ver = | Size = 485816 bytes | Modified Date = 2008-02-25 18:59:43 | Attr = ] Airgunning -> %UserProfile%\My Documents\Airgunning -> [Folder | Modified Date = 2008-02-25 19:26:05 | Attr = ] EPA -> %UserProfile%\My Documents\EPA -> [Folder | Modified Date = 2008-03-05 09:35:09 | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2008-02-22 09:30:28 | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 2008-02-24 23:07:54 | Attr = R ] nimhdepression.pdf -> %UserProfile%\My Documents\nimhdepression.pdf -> [Ver = | Size = 1089723 bytes | Modified Date = 2008-02-19 02:32:46 | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1612 bytes | Modified Date = 2008-02-29 09:35:02 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1580761 bytes | Modified Date = 2008-03-06 05:02:59 | Attr = ] Firefox Setup 2.0.0.12.exe -> %UserProfile%\Desktop\Firefox Setup 2.0.0.12.exe -> Mozilla [Ver = 4.42 | Size = 6029648 bytes | Modified Date = 2008-02-29 09:34:30 | Attr = ] Internet Explorer (64-bit) (2).lnk -> %UserProfile%\Desktop\Internet Explorer (64-bit) (2).lnk -> [Ver = | Size = 803 bytes | Modified Date = 2008-03-03 05:05:58 | Attr = ] LinkScannerLiteSetup_2_6_6_0090_6.exe -> %UserProfile%\Desktop\LinkScannerLiteSetup_2_6_6_0090_6.exe -> Exploit Prevention Labs, Inc. [Ver = 2.6.6.0090 | Size = 3536704 bytes | Modified Date = 2008-02-08 08:03:48 | Attr = ] PC Maintenance -> %UserProfile%\Desktop\PC Maintenance -> [Folder | Modified Date = 2008-03-06 05:04:03 | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 975 bytes | Modified Date = 2008-02-11 13:17:00 | Attr = ] stng380.opt -> %UserProfile%\Desktop\stng380.opt -> [Ver = | Size = 17 bytes | Modified Date = 2008-02-28 16:57:17 | Attr = ] SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [Ver = | Size = 5797152 bytes | Modified Date = 2008-02-28 19:05:18 | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 2008-03-08 11:42:44 | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 481921 bytes | Modified Date = 2008-03-08 11:39:57 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 2008-02-28 19:20:14 | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > detected NTDLL code modification: ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error < Document and Settings folder & sub folders > detected NTDLL code modification: ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error < End of report > [/code]