[code] WinPFind35 logfile created on: 2008-03-08 13:40:15 WinPFind35U Version 1.0.3.1 Folder = C:\Documents and Settings\Administrator\Desktop\WinPFind35u Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd 1023.37 Mb Total Physical Memory | 529.32 Mb Available Physical Memory | 51.72% Memory free 2.43 Gb Paging File | 2.00 Gb Available in Paging File | 82.27% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 189.91 Gb Total Space | 128.04 Gb Free Space | 67.42% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: IAN-N0PWE5PRRQ Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - All] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-11 15:43:31 | Attr = ] avgrssvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 2008-01-25 03:00:38 | Attr = ] ctfmon.exe -> %SystemRoot%\SysWOW64\ctfmon.exe -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 15360 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ] aolacsd.exe -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 2006-10-23 07:50:35 | Attr = R ] aoltsmon.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 2004-10-15 15:54:14 | Attr = ] guard.exe -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 07:31:10 | Attr = ] avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 2008-01-25 03:00:44 | Attr = ] ctsvccda.exe -> %SystemRoot%\SysWOW64\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 1999-12-13 01:01:00 | Attr = ] wanmpsvc.exe -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 2003-08-27 09:27:44 | Attr = ] aoltpspd.exe -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltpspd.exe -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 2004-10-15 15:54:12 | Attr = ] net.exe -> %SystemRoot%\system32\net.exe -> Microsoft Corporation [Ver = 5.2.3790.1830 (srv03_sp1_rtm.050324-1447) | Size = 42496 bytes | Modified Date = 2005-03-25 07:00:00 | Attr = ] net1.exe -> %SystemRoot%\system32\net1.exe -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 127488 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ] memoptimizer.exe -> %ProgramFiles%\TuneUp Utilities 2008\MemOptimizer.exe -> TuneUp Software GmbH [Ver = 7.0.8002.267 | Size = 196864 bytes | Modified Date = 2008-02-29 14:24:28 | Attr = ] winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.3.1 | Size = 310784 bytes | Modified Date = 2008-03-05 01:21:14 | Attr = ] [Win32 Services - Non-Microsoft Only] (a2free) a-squared Free Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\a-squared Free\a2service.exe -> Emsi Software GmbH [Ver = 3.0.0.384 | Size = 366712 bytes | Modified Date = 2008-01-14 12:00:23 | Attr = ] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2008-01-11 15:43:31 | Attr = ] (AOL ACS) AOL Connectivity Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\ACS\AOLacsd.exe -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 2006-10-23 07:50:35 | Attr = R ] (AOL TopSpeedMonitor) AOL TopSpeed Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\AOL\TopSpeed\2.0\aoltsmon.exe -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 2004-10-15 15:54:14 | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 07:31:10 | Attr = ] (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2008-01-25 03:00:38 | Attr = ] (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 2008-01-25 03:00:46 | Attr = ] (AvgCoreSvc) AVG7 Resident Shield Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG7\avgrssvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.473 | Size = 192512 bytes | Modified Date = 2008-01-25 03:00:38 | Attr = ] (AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 2008-01-25 03:00:44 | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 1999-12-13 01:01:00 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> File not found (Eventlog) Event Log [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found (HTTPFilter) HTTP SSL [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\lsass.exe -> File not found (ImapiService) IMAPI CD-Burning COM Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\imapi.exe -> File not found (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.3.0.54 | Size = 501048 bytes | Modified Date = 2007-06-28 08:14:32 | Attr = ] (MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfService.exe -> McAfee Corporation [Ver = 4.1.0.1 | Size = 184320 bytes | Modified Date = 2003-01-29 16:30:58 | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\msdtc.exe -> File not found (Netlogon) Net Logon [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found (NtLmSsp) NT LM Security Support Provider [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\lsass.exe -> File not found (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc64.exe -> File not found (OOD2000) O&O Defrag 2000 [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\OOD2000.exe -> O&O Software GmbH [Ver = 3.5.562 | Size = 238080 bytes | Modified Date = 2001-04-06 12:57:46 | Attr = ] (PlugPlay) Plug and Play [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\services.exe -> File not found (PolicyAgent) IPSEC Services [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found (ProtectedStorage) Protected Storage [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found (RDSessMgr) Remote Desktop Help Session Manager [Win32_Own | On_Demand | Stopped] -> -> File not found (SamSs) Security Accounts Manager [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\lsass.exe -> File not found (TlntSvr) Telnet [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\tlntsvr.exe -> File not found (vds) Virtual Disk Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vds.exe -> File not found (VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\vssvc.exe -> File not found (WANMiniportService) WAN Miniport (ATW) Service [Win32_Own | Auto | Running] -> %SystemRoot%\wanmpsvc.exe -> America Online, Inc. [Ver = 9, 0, 0, 0 | Size = 65536 bytes | Modified Date = 2003-08-27 09:27:44 | Attr = ] (WmiApSrv) WMI Performance Adapter [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\wbem\wmiapsrv.exe -> File not found (TuneUp.Defrag) TuneUp Drive Defrag Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\TuneUpDefragService.exe -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> !AVG Anti-Spyware -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\avgas.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 43 | Size = 6731312 bytes | Modified Date = 2007-06-11 04:25:42 | Attr = ] amd_dc_opt -> %ProgramFiles%\AMD\Dual-Core Optimizer\amd_dc_opt.exe -> AMD [Ver = 1, 1, 3, 0 | Size = 77824 bytes | Modified Date = 2007-07-23 11:06:28 | Attr = ] MPFExe -> %ProgramFiles%\McAfee.com\Personal Firewall\MpfTray.exe -> McAfee Security [Ver = 4.5.4.41 | Size = 1187899 bytes | Modified Date = 2005-04-12 15:44:06 | Attr = ] P17Helper -> %SystemRoot%\system32\P17.dll -> [Ver = 1.0.1.41 | Size = 64512 bytes | Modified Date = 2005-05-03 22:38:42 | Attr = ] VerizonServicepoint.exe -> %ProgramFiles%\Verizon\VSP\VerizonServicepoint.exe -> Verizon [Ver = 1.5.12.18212 | Size = 2061816 bytes | Modified Date = 2007-05-11 14:20:04 | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 5, 2, 16 | Size = 2097488 bytes | Modified Date = 2008-01-28 11:43:40 | Attr = RHS] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [AVG Anti-Spyware 7.5] -> File not found {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 2006-12-20 12:55:48 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *System* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System -> lsass.exe -> lsass.exe -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2007-02-27 11:39:26 | Attr = ] avgwlx64 -> -> File not found ScCertProp -> wlnotify.dll -> File not found Schedule -> wlnotify.dll -> File not found SensLogn -> WlNotify.dll -> File not found termsrv -> -> File not found wlballoon -> wlnotify.dll -> File not found WRNotifier -> WRLogonNTF.dll -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoAddingComponents -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoComponents -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ForceActiveDesktopOn -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\scforceoption -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytools -> 0 -> < HOSTS File > (227804 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4237 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6311 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 2006-12-18 03:16:42 | Attr = ] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ExPLabs.com\LinkScanner\LinkScannerIE.dll [XPL LinkScannerIE] -> Exploit Prevention Labs, Inc. [Ver = 2.6.6.90 | Size = 361752 bytes | Modified Date = 2007-08-20 23:00:03 | Attr = ] {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\vol_toolbar\vol_toolbar.dll [Verizon Broadband Toolbar] -> Verizon Online. [Ver = 5.0.1.200 | Size = 1904128 bytes | Modified Date = 2007-05-25 08:15:48 | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\vol_toolbar\vol_toolbar.dll [Verizon Broadband Toolbar] -> Verizon Online. [Ver = 5.0.1.200 | Size = 1904128 bytes | Modified Date = 2007-05-25 08:15:48 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\vol_toolbar\vol_toolbar.dll [Verizon Broadband Toolbar] -> Verizon Online. [Ver = 5.0.1.200 | Size = 1904128 bytes | Modified Date = 2007-05-25 08:15:48 | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 8, 4, 2 | Size = 343112 bytes | Modified Date = 2005-08-04 20:54:42 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ] CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 2007-09-25 01:11:34 | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {3798EE93-C434-44F8-A172-20DE7E85C3FC} -> (1394 Net Adapter) -> {83E5E45F-204D-454F-B158-18169371B471} -> () -> {D0FC8148-9A52-45C0-8D22-8E3807D72798} -> (Wireless PCI Adapter) -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {01113300-3E00-11D2-8470-0060089874ED}[HKEY_LOCAL_MACHINE] -> https://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab[Reg Error: Key does not exist or could not be opened.] -> {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15031/CTSUEng.cab[Creative Software AutoUpdate] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {3BFFE033-BF43-11D5-A271-00A024A51325}[HKEY_LOCAL_MACHINE] -> https://dcwebmail1.epa.gov/iNotes6W.cab[Reg Error: Key does not exist or could not be opened.] -> {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab[McAfee.com Operating System Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39509.4966666667[Update Class] -> {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab[DwnldGroupMgr Class] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab[Java Plug-in 1.6.0] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab[PopCapLoader Object] -> {F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15034/CTPID.cab[Creative Software AutoUpdate Support Package] -> [Registry - Additional Scans - Non-Microsoft Only] < ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {03F998B2-0E00-11D3-A498-00104B6EB52E} [HKEY_LOCAL_MACHINE] -> [(default): Viewpoint Media Player; IsInstalled: (binary data)] -> {08B0E5C0-4FCB-11CF-AAA5-00401C608500} [HKEY_LOCAL_MACHINE] -> C:\WINDOWS\system32\java.exe [(default): Java (Sun); IsInstalled: 1] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Modified Date = 2007-09-24 22:30:28 | Attr = ] {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} [HKEY_LOCAL_MACHINE] -> Security Update for Microsoft .NET [(default): Security Update for Microsoft .NET Framework 2.0 (x64) (KB922770); IsInstalled: 1] -> File not found {10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKEY_LOCAL_MACHINE] -> [(default): Vector Graphics Rendering (VML); IsInstalled: (binary data)] -> {1B00725B-C455-4DE6-BFB6-AD540AD427CD} [HKEY_LOCAL_MACHINE] -> [(default): Viewpoint Media Player; IsInstalled: (binary data)] -> {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [StubPath] -> [ComponentID: NetShow; IsInstalled: 1] -> {22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT [(default): Microsoft Windows Media Player 6.4; IsInstalled: 1] -> {2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] -> {36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKEY_LOCAL_MACHINE] -> [(default): Dynamic HTML Data Binding for Java; IsInstalled: 1] -> {3af36230-a269-11d1-b5bf-0000f8051515} [HKEY_LOCAL_MACHINE] -> [(default): Offline Browsing Pack; IsInstalled: 1] -> {3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKEY_LOCAL_MACHINE] -> [(default): Uniscribe; IsInstalled: 1] -> {4278c270-a269-11d1-b5bf-0000f8051515} [HKEY_LOCAL_MACHINE] -> [(default): Advanced Authoring; IsInstalled: 1] -> {44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [(default): Microsoft Outlook Express 6; IsInstalled: 1] -> {44BBA842-CC51-11CF-AAFA-00AA00B6015B} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default): NetMeeting 3.01; IsInstalled: (binary data)] -> {44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKEY_LOCAL_MACHINE] -> [(default): DirectShow; IsInstalled: 1] -> {44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKEY_LOCAL_MACHINE] -> [(default): DirectDrawEx; IsInstalled: 1] -> {45ea75a0-a269-11d1-b5bf-0000f8051515} [HKEY_LOCAL_MACHINE] -> [(default): Internet Explorer Help; IsInstalled: 1] -> {4f216970-c90c-11d1-b5c7-0000f8051515} [HKEY_LOCAL_MACHINE] -> [(default): DirectAnimation Java Classes; IsInstalled: 1] -> {4f645220-306d-11d2-995d-00c04f98bbc9} [HKEY_LOCAL_MACHINE] -> [(default): Microsoft Windows Script 5.7; IsInstalled: 1] -> {5A8D6EE0-3E18-11D0-821E-444553540000} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [ComponentID: ICW; IsInstalled: 1] -> File not found {5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKEY_LOCAL_MACHINE] -> [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> {630b1da0-b465-11d1-9948-00c04f98bbc9} [HKEY_LOCAL_MACHINE] -> [(default): Browsing Enhancements; IsInstalled: 1] -> {6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [(default): Microsoft Windows Media Player; IsInstalled: 1] -> {6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKEY_LOCAL_MACHINE] -> [(default): MSN Site Access; IsInstalled: 1] -> {7790769C-0471-11d2-AF11-00C04FA35D02} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [(default): Address Book 6; IsInstalled: 1] -> {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} [HKEY_LOCAL_MACHINE] -> Security Update for Microsoft .NET [(default): Security Update for Microsoft .NET Framework 2.0 (x64) (KB928365); IsInstalled: 1] -> File not found {89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop Update; IsInstalled: 1] -> {89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [(default): Internet Explorer; IsInstalled: 1] -> {89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> C:\WINDOWS\SysWOW64\Rundll32.exe C:\WINDOWS\SysWOW64\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] -> {9381D8F2-0288-11D0-9501-00AA00B911A5} [HKEY_LOCAL_MACHINE] -> [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> {967B098A-042D-4367-BAC9-8BC11684174F} [HKEY_LOCAL_MACHINE] -> Security Update for Microsoft .NET [(default): Security Update for Microsoft .NET Framework 2.0 (x64) (KB917283); IsInstalled: 1] -> File not found {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [(no name)] -> File not found {B6EC01E7-431D-4D29-B9D4-E1D74CAF0AB0} [HKEY_LOCAL_MACHINE] -> .NET [(default): .NET Framework] -> File not found {C9E9A340-D1F1-11D0-821E-444553540600} [HKEY_LOCAL_MACHINE] -> [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> {CC2A9BA0-3BDD-11D0-821E-444553540000} [HKEY_LOCAL_MACHINE] -> [(default): Task Scheduler; IsInstalled: 1] -> {CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [ComponentID: Windows Movie Maker v2.1; IsInstalled: (binary data)] -> File not found {D27CDB6E-AE6D-11cf-96B8-444553540000} [HKEY_LOCAL_MACHINE] -> [(default): Adobe Flash Player; IsInstalled: (binary data)] -> {de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKEY_LOCAL_MACHINE] -> [(default): HTML Help; IsInstalled: 1] -> {E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKEY_LOCAL_MACHINE] -> [(default): Active Directory Service Interface; IsInstalled: (binary data)] -> <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [StubPath] -> C:\WINDOWS\system32\ieudinit.exe [(default): IE7 Uninstall Stub; IsInstalled: 1] -> >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> C:\WINDOWS\inf\unregmp2.exe /ShowWMP [(no name); IsInstalled: 0] -> >{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [(default): Internet Explorer; IsInstalled: 1] -> >{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [StubPath] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default): Outlook Express; IsInstalled: 1] -> < ActiveX StubPath [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [HKEY_LOCAL_MACHINE] -> [HKLM: Microsoft NetShow Player] -> {22d6f312-b0f6-11d0-94ab-0080c74c7e95} [HKEY_LOCAL_MACHINE] -> [HKLM: Windows Media Player] -> {2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {4b218e3e-bc98-4770-93d3-2731b9329278} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found {5945c046-1e7d-11d1-bc44-00c04fd912be} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found {6BF52A52-394A-11d3-B153-00C04F79FAA6} [HKEY_LOCAL_MACHINE] -> [HKLM: Windows Media Player] -> {7790769C-0471-11d2-AF11-00C04FA35D02} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {89820200-ECBD-11cf-8B85-00AA005B4340} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {89820200-ECBD-11cf-8B85-00AA005B4383} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [(no name)] -> File not found <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [HKEY_LOCAL_MACHINE] -> [(no name)] -> >{26923b43-4d38-484f-9b9e-de460746276c} [HKEY_LOCAL_MACHINE] -> [(no name)] -> >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [HKEY_LOCAL_MACHINE] -> [(no name)] -> < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\Eventlog\\SuppressDuplicateDuration -> 86400 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 143360 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 350720 bytes | Modified Date = 2007-02-18 10:05:34 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 143360 bytes | Modified Date = 2007-02-18 10:05:42 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.2.3790.4068 (srv03_sp2_gdr.070425-2330) | Size = 146944 bytes | Modified Date = 2007-04-25 13:45:30 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 76288 bytes | Modified Date = 2007-02-18 10:06:04 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 440 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 188928 bytes | Modified Date = 2007-02-18 10:05:48 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 121856 bytes | Modified Date = 2007-02-18 10:05:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 14848 bytes | Modified Date = 2007-02-18 10:05:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1605 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\system32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 343552 bytes | Modified Date = 2007-02-18 10:05:32 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe -> C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe [C:\Program Files (x86)\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader] -> America Online, Inc. [Ver = 9.2.0.1 | Size = 11352 bytes | Modified Date = 2005-07-11 16:35:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files (x86)\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 71216 bytes | Modified Date = 2006-10-23 07:50:37 | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files (x86)\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> AOL LLC [Ver = 4.6.1.2 | Size = 46640 bytes | Modified Date = 2006-10-23 07:50:35 | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\America Online 9.0c\waol.exe -> C:\Program Files (x86)\America Online 9.0c\waol.exe [C:\Program Files (x86)\America Online 9.0c\waol.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 9.02.000 | Size = 37464 bytes | Modified Date = 2005-07-12 00:17:51 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -> C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe [C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon] -> America Online, Inc [Ver = 2, 0, 0, 0 | Size = 100016 bytes | Modified Date = 2004-10-15 15:54:14 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe -> C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe [C:\Program Files (x86)\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed] -> America Online Inc [Ver = 2, 0, 0, 0 | Size = 46768 bytes | Modified Date = 2004-10-15 15:54:12 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AOL\1148778991\EE\AOLServiceHost.exe -> C:\Program Files (x86)\Common Files\AOL\1148778991\EE\AOLServiceHost.exe [C:\Program Files (x86)\Common Files\AOL\1148778991\EE\AOLServiceHost.exe:*:Enabled:AOL] -> America Online, Inc. [Ver = 1.0.0.6 | Size = 110680 bytes | Modified Date = 2004-11-03 16:03:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe -> C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe [C:\Program Files (x86)\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL] -> America Online Inc. [Ver = 1, 0, 0, 1 | Size = 140888 bytes | Modified Date = 2005-04-05 19:06:43 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> C:\Program Files (x86)\Common Files\AolCoach\en_en\player\AOLNySEV.exe [C:\Program Files (x86)\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL] -> Gteko Ltd. [Ver = 1, 0, 0, 35 | Size = 59992 bytes | Modified Date = 2004-10-14 15:34:06 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\LimeWire\LimeWire.exe -> C:\Program Files (x86)\LimeWire\LimeWire.exe [C:\Program Files (x86)\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 2007-09-17 09:19:14 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Real\RealPlayer\realplay.exe -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe [C:\Program Files (x86)\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 6.0.12.1662 | Size = 214296 bytes | Modified Date = 2007-11-22 12:02:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\iTunes\iTunes.exe -> C:\Program Files (x86)\iTunes\iTunes.exe [C:\Program Files (x86)\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.3.0.54 | Size = 15330616 bytes | Modified Date = 2007-06-28 08:14:36 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Grisoft\AVG7\avginet.exe -> C:\Program Files (x86)\Grisoft\AVG7\avginet.exe [C:\Program Files (x86)\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 510976 bytes | Modified Date = 2008-01-25 03:00:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe [C:\Program Files (x86)\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 2008-01-25 03:00:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Grisoft\AVG7\avgcc.exe -> C:\Program Files (x86)\Grisoft\AVG7\avgcc.exe [C:\Program Files (x86)\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.504 | Size = 579072 bytes | Modified Date = 2008-01-25 03:00:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Grisoft\AVG7\avgemc.exe -> C:\Program Files (x86)\Grisoft\AVG7\avgemc.exe [C:\Program Files (x86)\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 2008-01-25 03:00:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe [C:\Program Files (x86)\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-02 05:07:41 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 14848 bytes | Modified Date = 2007-02-18 10:05:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 14848 bytes | Modified Date = 2007-02-18 10:05:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.2.3790.3959 (srv03_sp2_rtm.070216-1710) | Size = 69120 bytes | Modified Date = 2007-02-18 10:05:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> -> File not found TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [open] -> "%1" %* -> File not found cmdfile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> File not found exefile [open] -> "%1" %* -> File not found htmlfile [edit] -> Reg Error: Key does not exist or could not be opened. http [open] -> %SystemDrive%\PROGRA~2\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-02 05:07:41 | Attr = ] https [open] -> %SystemDrive%\PROGRA~2\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2008-02-02 05:07:41 | Attr = ] piffile [open] -> "%1" %* -> File not found regfile [merge] -> Reg Error: Key does not exist or could not be opened. scrfile [config] -> "%1" -> File not found scrfile [open] -> "%1" /S -> File not found txtfile [edit] -> Reg Error: Key does not exist or could not be opened. < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\MRT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\CurrentVersion\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\CurrentVersion\Identities\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\CurrentVersion\Identities\\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\CurrentVersion\Identities\\Locked Down -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\DriverSearching\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\DriverSearching\\DontSearchWindowsUpdate -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\PSched\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\PSched\\NonBestEffortLimit -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\\authenticodeenabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ̋ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ȅ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> Ζ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\windows\safer\codeidentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> Ų -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\windows\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\windows\system\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\windows\system\\disablecmd -> 0 -> < Tcpip Persistent Routes > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\PersistentRoutes -> [Files/Folders - Created Within 90 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Created Date = 2008-01-25 08:24:23 | Attr = RH ] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2008-03-07 19:02:17 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2008-01-01 12:31:08 | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2008-03-06 05:06:24 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 2008-02-04 15:09:16 | Attr = HS] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 2008-02-16 08:46:13 | Attr = ] tmcomm.sys -> %SystemRoot%\System32\drivers\tmcomm.sys -> Trend Micro Inc. [Ver = 1.6.0.1059 | Size = 102664 bytes | Modified Date = 2007-08-01 16:47:26 | Attr = ] ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Created Date = 2008-01-01 11:54:14 | Attr = ] 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> audiopid.vxd -> %SystemRoot%\System32\audiopid.vxd -> [Ver = | Size = 7062 bytes | Modified Date = 2003-06-12 23:25:40 | Attr = ] CTSVCCDA.EXE -> %SystemRoot%\System32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 1999-12-13 01:01:00 | Attr = ] CTSVCCTL.EXE -> %SystemRoot%\System32\CTSVCCTL.EXE -> Creative Technology Ltd [Ver = 1.0.0.0 | Size = 25088 bytes | Modified Date = 1999-11-18 01:00:00 | Attr = ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2008-01-01 11:55:45 | Attr = ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2008-01-01 11:55:45 | Attr = ] sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2008-01-01 11:55:45 | Attr = ] uxtuneup.dll -> %SystemRoot%\System32\uxtuneup.dll -> TuneUp Software GmbH [Ver = 2.0.0.10 | Size = 28416 bytes | Modified Date = 2008-02-27 13:15:14 | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] zip.exe -> %SystemRoot%\System32\zip.exe -> [Ver = | Size = 68096 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 2008-01-01 12:31:21 | Attr = ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 2008-03-07 17:48:51 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Modified Date = 2000-08-31 08:00:00 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-03-07 19:02:19 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2008-02-24 05:11:11 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2008-03-03 04:36:41 | Attr = H ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 3459 bytes | Modified Date = 2008-02-11 13:15:57 | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2008-02-11 13:15:34 | Attr = ] 1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 514 bytes | Modified Date = 2008-03-08 13:21:50 | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 2008-03-08 13:15:24 | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] avg7 -> %AllUsersProfile%\Application Data\avg7 -> [Folder | Created Date = 2008-01-25 03:00:36 | Attr = ] 1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Created Date = 2007-12-12 10:54:36 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 2008-02-28 19:20:58 | Attr = ] TuneUp Software -> %AllUsersProfile%\Application Data\TuneUp Software -> [Folder | Created Date = 2008-03-08 13:21:19 | Attr = ] {970DA77C-0D99-4147-9457-55E2393495F0} -> %AllUsersProfile%\Application Data\{970DA77C-0D99-4147-9457-55E2393495F0} -> [Folder | Created Date = 2008-02-08 09:23:11 | Attr = H ] AVG7 -> %AppData%\AVG7 -> [Folder | Created Date = 2008-01-25 03:03:49 | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 2007-12-12 10:54:49 | Attr = ] HouseCall 6.6 -> %AppData%\HouseCall 6.6 -> [Folder | Created Date = 2008-02-28 10:48:07 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 2008-02-28 19:20:45 | Attr = ] TuneUp Software -> %AppData%\TuneUp Software -> [Folder | Created Date = 2008-03-08 13:21:38 | Attr = ] Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [Folder | Created Date = 2008-01-26 20:09:12 | Attr = ] =Windows-1252BSU1HMDAxMjEuanBn= -> %UserProfile%\My Documents\=Windows-1252BSU1HMDAxMjEuanBn= -> [Ver = | Size = 447222 bytes | Modified Date = 2008-02-25 18:57:46 | Attr = ] =Windows-1252BSU1HMDAxMTIuanBn= -> %UserProfile%\My Documents\=Windows-1252BSU1HMDAxMTIuanBn= -> [Ver = | Size = 485816 bytes | Modified Date = 2008-02-25 18:59:43 | Attr = ] A plan to destroy your all your relationships.doc -> %UserProfile%\My Documents\A plan to destroy your all your relationships.doc -> [Ver = | Size = 76288 bytes | Modified Date = 2007-12-25 17:51:33 | Attr = ] a-squared Free -> %UserProfile%\My Documents\a-squared Free -> [Folder | Created Date = 2008-02-04 13:14:00 | Attr = ] Audio1.nra -> %UserProfile%\My Documents\Audio1.nra -> [Ver = | Size = 7954 bytes | Modified Date = 2008-01-27 21:52:07 | Attr = ] BaggageH.wmv -> %UserProfile%\My Documents\BaggageH.wmv -> [Ver = | Size = 6481658 bytes | Modified Date = 2007-12-14 09:04:46 | Attr = ] cc_20071226_1117.reg -> %UserProfile%\My Documents\cc_20071226_1117.reg -> [Ver = | Size = 1506 bytes | Modified Date = 2007-12-26 11:17:42 | Attr = ] cc_20071227_1809.reg -> %UserProfile%\My Documents\cc_20071227_1809.reg -> [Ver = | Size = 1222 bytes | Modified Date = 2007-12-27 18:09:50 | Attr = ] cc_20080101_0935.reg -> %UserProfile%\My Documents\cc_20080101_0935.reg -> [Ver = | Size = 1506 bytes | Modified Date = 2008-01-01 09:35:46 | Attr = ] cc_20080101_1329.reg -> %UserProfile%\My Documents\cc_20080101_1329.reg -> [Ver = | Size = 17180 bytes | Modified Date = 2008-01-01 13:30:01 | Attr = ] cc_20080114_1235.reg -> %UserProfile%\My Documents\cc_20080114_1235.reg -> [Ver = | Size = 5758 bytes | Modified Date = 2008-01-14 12:35:32 | Attr = ] cc_20080125_1628.reg -> %UserProfile%\My Documents\cc_20080125_1628.reg -> [Ver = | Size = 11974 bytes | Modified Date = 2008-01-25 16:28:59 | Attr = ] cc_20080128_1212.reg -> %UserProfile%\My Documents\cc_20080128_1212.reg -> [Ver = | Size = 7042 bytes | Modified Date = 2008-01-28 12:12:47 | Attr = ] Deelishis472-tn_edited.jpg -> %UserProfile%\My Documents\Deelishis472-tn_edited.jpg -> [Ver = | Size = 18503 bytes | Modified Date = 2007-12-15 16:08:17 | Attr = ] DontSleepAtWork_1.mpg -> %UserProfile%\My Documents\DontSleepAtWork_1.mpg -> [Ver = | Size = 2523178 bytes | Modified Date = 2008-01-05 07:13:46 | Attr = ] Easybutton.wmv -> %UserProfile%\My Documents\Easybutton.wmv -> [Ver = | Size = 840192 bytes | Modified Date = 2008-01-16 08:11:31 | Attr = ] GEvans.jpg -> %UserProfile%\My Documents\GEvans.jpg -> [Ver = | Size = 61987 bytes | Modified Date = 2008-01-14 08:08:56 | Attr = ] Hookedhim.wmv -> %UserProfile%\My Documents\Hookedhim.wmv -> [Ver = | Size = 1301025 bytes | Modified Date = 2008-02-04 07:01:31 | Attr = ] How_to_recognize_a_blond_antelope.wmv -> %UserProfile%\My Documents\How_to_recognize_a_blond_antelope.wmv -> [Ver = | Size = 635436 bytes | Modified Date = 2008-01-14 09:17:24 | Attr = ] Image.nrg -> %UserProfile%\My Documents\Image.nrg -> [Ver = | Size = 815085698 bytes | Modified Date = 2008-01-27 21:51:36 | Attr = ] Nero Playlist 1.nra -> %UserProfile%\My Documents\Nero Playlist 1.nra -> [Ver = | Size = 7306 bytes | Modified Date = 2008-01-27 21:03:08 | Attr = ] nimhdepression.pdf -> %UserProfile%\My Documents\nimhdepression.pdf -> [Ver = | Size = 1089723 bytes | Modified Date = 2008-02-19 02:32:46 | Attr = ] Oops_1.wmv -> %UserProfile%\My Documents\Oops_1.wmv -> [Ver = | Size = 3383125 bytes | Modified Date = 2007-12-15 03:57:47 | Attr = ] RatAnatomy.jpg -> %UserProfile%\My Documents\RatAnatomy.jpg -> [Ver = | Size = 19631 bytes | Modified Date = 2007-12-25 16:52:22 | Attr = ] Sade_adu.jpg -> %UserProfile%\My Documents\Sade_adu.jpg -> [Ver = | Size = 77525 bytes | Modified Date = 2008-01-27 08:32:16 | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 891 bytes | Modified Date = 2007-12-12 10:54:42 | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1612 bytes | Modified Date = 2008-02-29 09:35:02 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1580761 bytes | Modified Date = 2008-03-06 05:02:59 | Attr = ] CrucialScan.exe -> %UserProfile%\Desktop\CrucialScan.exe -> [Ver = | Size = 223368 bytes | Modified Date = 2008-01-28 14:26:04 | Attr = ] Firefox Setup 2.0.0.12.exe -> %UserProfile%\Desktop\Firefox Setup 2.0.0.12.exe -> Mozilla [Ver = 4.42 | Size = 6029648 bytes | Modified Date = 2008-02-29 09:34:30 | Attr = ] gimp-2.4.4-i686-setup.exe -> %UserProfile%\Desktop\gimp-2.4.4-i686-setup.exe -> [Ver = | Size = 16865248 bytes | Modified Date = 2008-01-31 05:51:48 | Attr = ] Internet Explorer (64-bit) (2).lnk -> %UserProfile%\Desktop\Internet Explorer (64-bit) (2).lnk -> [Ver = | Size = 803 bytes | Modified Date = 2008-03-03 05:05:58 | Attr = ] LinkScannerLiteSetup_2_6_6_0090_6.exe -> %UserProfile%\Desktop\LinkScannerLiteSetup_2_6_6_0090_6.exe -> Exploit Prevention Labs, Inc. [Ver = 2.6.6.0090 | Size = 3536704 bytes | Modified Date = 2008-02-08 08:03:48 | Attr = ] metal pedal mousetrap.avi -> %UserProfile%\Desktop\metal pedal mousetrap.avi -> [Ver = | Size = 4666368 bytes | Modified Date = 2000-08-17 16:52:06 | Attr = ] PageDefrag.zip -> %UserProfile%\Desktop\PageDefrag.zip -> [Ver = | Size = 69662 bytes | Modified Date = 2008-01-28 12:58:36 | Attr = ] PCRegistryCleaner_setup.exe -> %UserProfile%\Desktop\PCRegistryCleaner_setup.exe -> [Ver = | Size = 3749280 bytes | Modified Date = 2008-01-28 12:30:27 | Attr = ] Pocket PC -> %UserProfile%\Desktop\Pocket PC -> [Folder | Created Date = 2008-01-01 10:53:21 | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 975 bytes | Modified Date = 2008-02-11 13:17:00 | Attr = ] stng380.opt -> %UserProfile%\Desktop\stng380.opt -> [Ver = | Size = 17 bytes | Modified Date = 2008-02-28 16:57:17 | Attr = ] SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [Ver = | Size = 5797152 bytes | Modified Date = 2008-02-28 19:05:18 | Attr = ] TU2008TrialEN.exe -> %UserProfile%\Desktop\TU2008TrialEN.exe -> [Ver = | Size = 14574336 bytes | Modified Date = 2008-03-08 13:20:21 | Attr = ] TuneUp 1-Click Maintenance.lnk -> %UserProfile%\Desktop\TuneUp 1-Click Maintenance.lnk -> [Ver = | Size = 643 bytes | Modified Date = 2008-03-08 13:21:25 | Attr = ] WindowsDoors_FINAL_NEW.pdf -> %UserProfile%\Desktop\WindowsDoors_FINAL_NEW.pdf -> [Ver = | Size = 936144 bytes | Modified Date = 2008-02-02 07:07:54 | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Created Date = 2008-03-08 11:42:44 | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 481921 bytes | Modified Date = 2008-03-08 11:39:57 | Attr = ] [Files/Folders - Modified Within 90 days] $VAULT$.AVG -> %SystemDrive%\$VAULT$.AVG -> [Folder | Modified Date = 2008-01-25 16:22:56 | Attr = RH ] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2008-03-07 19:02:26 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2008-01-01 12:31:08 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073274880 bytes | Modified Date = 2008-03-08 13:12:18 | Attr = HS] Program Files -> %SystemDrive%\Program Files -> [Folder | Modified Date = 2008-03-02 15:03:30 | Attr = R ] Program Files (x86) -> %ProgramFiles% -> [Folder | Modified Date = 2008-03-08 13:21:12 | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2008-03-06 05:07:02 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 2008-02-04 15:09:16 | Attr = HS] TEMP -> %SystemDrive%\TEMP -> [Folder | Modified Date = 2008-01-27 21:04:30 | Attr = H ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 2008-02-16 08:46:13 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-03-08 13:24:12 | Attr = ] ActiveScan -> %SystemRoot%\System32\ActiveScan -> [Folder | Modified Date = 2008-01-01 11:56:11 | Attr = ] 8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> Drivers -> %SystemRoot%\System32\Drivers -> [Folder | Modified Date = 2008-02-28 10:50:59 | Attr = ] Help.ico -> %SystemRoot%\System32\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2008-01-01 11:55:45 | Attr = ] lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [Ver = | Size = 12632 bytes | Modified Date = 2008-01-11 15:44:08 | Attr = ] pavas.ico -> %SystemRoot%\System32\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2008-01-01 11:55:45 | Attr = ] Uninstall.ico -> %SystemRoot%\System32\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2008-01-01 11:55:45 | Attr = ] uxtuneup.dll -> %SystemRoot%\System32\uxtuneup.dll -> TuneUp Software GmbH [Ver = 2.0.0.10 | Size = 28416 bytes | Modified Date = 2008-02-27 13:15:14 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2008-02-12 17:51:37 | Attr = H ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2007-12-10 08:23:58 | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008-03-08 13:12:19 | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2008-02-13 19:17:21 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-03-05 08:38:27 | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 2008-03-06 05:06:48 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2007-12-10 08:22:50 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-12-15 17:54:26 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008-03-02 15:03:31 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-03-08 13:21:45 | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2008-03-07 18:19:23 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 2008-03-03 04:35:43 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-03-08 13:38:06 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-03-07 19:02:19 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2008-02-24 05:11:11 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2008-03-03 04:36:41 | Attr = H ] system -> %SystemRoot%\system -> [Folder | Modified Date = 2008-01-25 02:59:31 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008-03-08 13:21:40 | Attr = ] SysWOW64 -> %SystemRoot%\SysWOW64 -> [Folder | Modified Date = 2008-03-08 13:21:40 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2008-03-08 13:26:29 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2008-03-08 13:38:53 | Attr = ] unins000.dat -> %SystemRoot%\unins000.dat -> [Ver = | Size = 3459 bytes | Modified Date = 2008-02-11 13:15:57 | Attr = ] unins000.exe -> %SystemRoot%\unins000.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 2008-02-11 13:15:34 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 781 bytes | Modified Date = 2008-02-25 18:51:52 | Attr = ] 1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 514 bytes | Modified Date = 2008-03-08 13:21:50 | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 296 bytes | Modified Date = 2008-02-25 07:48:01 | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 2008-03-08 13:15:24 | Attr = H ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-03-08 13:12:23 | Attr = H ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 8640 bytes | Modified Date = 2005-12-12 13:21:19 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5470 bytes | Modified Date = 2008-03-08 13:13:48 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5470 bytes | Modified Date = 2008-03-08 13:13:48 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] avg7 -> %AllUsersProfile%\Application Data\avg7 -> [Folder | Modified Date = 2008-02-25 07:23:33 | Attr = ] 1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> Avira -> %AllUsersProfile%\Application Data\Avira -> [Folder | Modified Date = 2008-02-19 01:34:38 | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 2008-01-25 03:00:36 | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 2008-01-11 15:44:34 | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 2008-03-02 15:03:30 | Attr = S] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2008-03-07 18:19:50 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2008-02-28 19:20:58 | Attr = ] TuneUp Software -> %AllUsersProfile%\Application Data\TuneUp Software -> [Folder | Modified Date = 2008-03-08 13:21:19 | Attr = ] {970DA77C-0D99-4147-9457-55E2393495F0} -> %AllUsersProfile%\Application Data\{970DA77C-0D99-4147-9457-55E2393495F0} -> [Folder | Modified Date = 2008-02-08 09:23:16 | Attr = H ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 2008-02-09 11:05:50 | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 2008-02-11 12:31:56 | Attr = ] AVG7 -> %AppData%\AVG7 -> [Folder | Modified Date = 2008-03-06 05:50:14 | Attr = ] CallingID -> %AppData%\CallingID -> [Folder | Modified Date = 2008-03-08 11:43:37 | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 2007-12-12 10:54:49 | Attr = ] HouseCall 6.6 -> %AppData%\HouseCall 6.6 -> [Folder | Modified Date = 2008-02-28 14:12:00 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2008-01-25 02:59:33 | Attr = S] OpenOffice.org2 -> %AppData%\OpenOffice.org2 -> [Folder | Modified Date = 2008-03-05 10:55:10 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 2008-02-28 19:20:45 | Attr = ] TuneUp Software -> %AppData%\TuneUp Software -> [Folder | Modified Date = 2008-03-08 13:21:38 | Attr = ] Uniblue -> %AppData%\Uniblue -> [Folder | Modified Date = 2008-02-28 09:04:57 | Attr = ] vol_toolbar -> %AppData%\vol_toolbar -> [Folder | Modified Date = 2008-03-02 14:59:49 | Attr = ] Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [Folder | Modified Date = 2008-01-26 20:09:12 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 40488 bytes | Modified Date = 2008-02-28 15:56:34 | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2008-03-02 15:03:46 | Attr = S] =Windows-1252BSU1HMDAxMjEuanBn= -> %UserProfile%\My Documents\=Windows-1252BSU1HMDAxMjEuanBn= -> [Ver = | Size = 447222 bytes | Modified Date = 2008-02-25 18:57:46 | Attr = ] =Windows-1252BSU1HMDAxMTIuanBn= -> %UserProfile%\My Documents\=Windows-1252BSU1HMDAxMTIuanBn= -> [Ver = | Size = 485816 bytes | Modified Date = 2008-02-25 18:59:43 | Attr = ] A plan to destroy your all your relationships.doc -> %UserProfile%\My Documents\A plan to destroy your all your relationships.doc -> [Ver = | Size = 76288 bytes | Modified Date = 2007-12-25 17:51:33 | Attr = ] a-squared Free -> %UserProfile%\My Documents\a-squared Free -> [Folder | Modified Date = 2008-02-04 13:14:00 | Attr = ] Airgunning -> %UserProfile%\My Documents\Airgunning -> [Folder | Modified Date = 2008-02-25 19:26:05 | Attr = ] Audio1.nra -> %UserProfile%\My Documents\Audio1.nra -> [Ver = | Size = 7954 bytes | Modified Date = 2008-01-27 21:52:07 | Attr = ] BaggageH.wmv -> %UserProfile%\My Documents\BaggageH.wmv -> [Ver = | Size = 6481658 bytes | Modified Date = 2007-12-14 09:04:46 | Attr = ] cc_20071226_1117.reg -> %UserProfile%\My Documents\cc_20071226_1117.reg -> [Ver = | Size = 1506 bytes | Modified Date = 2007-12-26 11:17:42 | Attr = ] cc_20071227_1809.reg -> %UserProfile%\My Documents\cc_20071227_1809.reg -> [Ver = | Size = 1222 bytes | Modified Date = 2007-12-27 18:09:50 | Attr = ] cc_20080101_0935.reg -> %UserProfile%\My Documents\cc_20080101_0935.reg -> [Ver = | Size = 1506 bytes | Modified Date = 2008-01-01 09:35:46 | Attr = ] cc_20080101_1329.reg -> %UserProfile%\My Documents\cc_20080101_1329.reg -> [Ver = | Size = 17180 bytes | Modified Date = 2008-01-01 13:30:01 | Attr = ] cc_20080114_1235.reg -> %UserProfile%\My Documents\cc_20080114_1235.reg -> [Ver = | Size = 5758 bytes | Modified Date = 2008-01-14 12:35:32 | Attr = ] cc_20080125_1628.reg -> %UserProfile%\My Documents\cc_20080125_1628.reg -> [Ver = | Size = 11974 bytes | Modified Date = 2008-01-25 16:28:59 | Attr = ] cc_20080128_1212.reg -> %UserProfile%\My Documents\cc_20080128_1212.reg -> [Ver = | Size = 7042 bytes | Modified Date = 2008-01-28 12:12:47 | Attr = ] Deelishis472-tn_edited.jpg -> %UserProfile%\My Documents\Deelishis472-tn_edited.jpg -> [Ver = | Size = 18503 bytes | Modified Date = 2007-12-15 16:08:17 | Attr = ] Default.PLS -> %UserProfile%\My Documents\Default.PLS -> [Ver = | Size = 86 bytes | Modified Date = 2008-02-04 15:18:18 | Attr = ] DontSleepAtWork_1.mpg -> %UserProfile%\My Documents\DontSleepAtWork_1.mpg -> [Ver = | Size = 2523178 bytes | Modified Date = 2008-01-05 07:13:46 | Attr = ] Easybutton.wmv -> %UserProfile%\My Documents\Easybutton.wmv -> [Ver = | Size = 840192 bytes | Modified Date = 2008-01-16 08:11:31 | Attr = ] EPA -> %UserProfile%\My Documents\EPA -> [Folder | Modified Date = 2008-03-05 09:35:09 | Attr = ] GEvans.jpg -> %UserProfile%\My Documents\GEvans.jpg -> [Ver = | Size = 61987 bytes | Modified Date = 2008-01-14 08:08:56 | Attr = ] Hookedhim.wmv -> %UserProfile%\My Documents\Hookedhim.wmv -> [Ver = | Size = 1301025 bytes | Modified Date = 2008-02-04 07:01:31 | Attr = ] How_to_recognize_a_blond_antelope.wmv -> %UserProfile%\My Documents\How_to_recognize_a_blond_antelope.wmv -> [Ver = | Size = 635436 bytes | Modified Date = 2008-01-14 09:17:24 | Attr = ] Image.nrg -> %UserProfile%\My Documents\Image.nrg -> [Ver = | Size = 815085698 bytes | Modified Date = 2008-01-27 21:51:36 | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 2008-01-28 07:28:26 | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2008-02-22 09:30:28 | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 2008-02-24 23:07:54 | Attr = R ] Nero Playlist 1.nra -> %UserProfile%\My Documents\Nero Playlist 1.nra -> [Ver = | Size = 7306 bytes | Modified Date = 2008-01-27 21:03:08 | Attr = ] nimhdepression.pdf -> %UserProfile%\My Documents\nimhdepression.pdf -> [Ver = | Size = 1089723 bytes | Modified Date = 2008-02-19 02:32:46 | Attr = ] Oops_1.wmv -> %UserProfile%\My Documents\Oops_1.wmv -> [Ver = | Size = 3383125 bytes | Modified Date = 2007-12-15 03:57:47 | Attr = ] RatAnatomy.jpg -> %UserProfile%\My Documents\RatAnatomy.jpg -> [Ver = | Size = 19631 bytes | Modified Date = 2007-12-25 16:52:22 | Attr = ] Sade_adu.jpg -> %UserProfile%\My Documents\Sade_adu.jpg -> [Ver = | Size = 77525 bytes | Modified Date = 2008-01-27 08:32:16 | Attr = ] AVG Anti-Spyware.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Spyware.lnk -> [Ver = | Size = 891 bytes | Modified Date = 2007-12-12 10:54:42 | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1612 bytes | Modified Date = 2008-02-29 09:35:02 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1580761 bytes | Modified Date = 2008-03-06 05:02:59 | Attr = ] CrucialScan.exe -> %UserProfile%\Desktop\CrucialScan.exe -> [Ver = | Size = 223368 bytes | Modified Date = 2008-01-28 14:26:04 | Attr = ] Firefox Setup 2.0.0.12.exe -> %UserProfile%\Desktop\Firefox Setup 2.0.0.12.exe -> Mozilla [Ver = 4.42 | Size = 6029648 bytes | Modified Date = 2008-02-29 09:34:30 | Attr = ] gimp-2.4.4-i686-setup.exe -> %UserProfile%\Desktop\gimp-2.4.4-i686-setup.exe -> [Ver = | Size = 16865248 bytes | Modified Date = 2008-01-31 05:51:48 | Attr = ] Internet Explorer (64-bit) (2).lnk -> %UserProfile%\Desktop\Internet Explorer (64-bit) (2).lnk -> [Ver = | Size = 803 bytes | Modified Date = 2008-03-03 05:05:58 | Attr = ] LinkScannerLiteSetup_2_6_6_0090_6.exe -> %UserProfile%\Desktop\LinkScannerLiteSetup_2_6_6_0090_6.exe -> Exploit Prevention Labs, Inc. [Ver = 2.6.6.0090 | Size = 3536704 bytes | Modified Date = 2008-02-08 08:03:48 | Attr = ] PageDefrag.zip -> %UserProfile%\Desktop\PageDefrag.zip -> [Ver = | Size = 69662 bytes | Modified Date = 2008-01-28 12:58:36 | Attr = ] PC Maintenance -> %UserProfile%\Desktop\PC Maintenance -> [Folder | Modified Date = 2008-03-08 13:22:00 | Attr = ] PCRegistryCleaner_setup.exe -> %UserProfile%\Desktop\PCRegistryCleaner_setup.exe -> [Ver = | Size = 3749280 bytes | Modified Date = 2008-01-28 12:30:27 | Attr = ] Pocket PC -> %UserProfile%\Desktop\Pocket PC -> [Folder | Modified Date = 2008-01-01 12:14:38 | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 975 bytes | Modified Date = 2008-02-11 13:17:00 | Attr = ] stng380.opt -> %UserProfile%\Desktop\stng380.opt -> [Ver = | Size = 17 bytes | Modified Date = 2008-02-28 16:57:17 | Attr = ] SUPERAntiSpyware.exe -> %UserProfile%\Desktop\SUPERAntiSpyware.exe -> [Ver = | Size = 5797152 bytes | Modified Date = 2008-02-28 19:05:18 | Attr = ] TU2008TrialEN.exe -> %UserProfile%\Desktop\TU2008TrialEN.exe -> [Ver = | Size = 14574336 bytes | Modified Date = 2008-03-08 13:20:21 | Attr = ] TuneUp 1-Click Maintenance.lnk -> %UserProfile%\Desktop\TuneUp 1-Click Maintenance.lnk -> [Ver = | Size = 643 bytes | Modified Date = 2008-03-08 13:21:25 | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Modified Date = 2008-03-08 13:26:29 | Attr = ] WindowsDoors_FINAL_NEW.pdf -> %UserProfile%\Desktop\WindowsDoors_FINAL_NEW.pdf -> [Ver = | Size = 936144 bytes | Modified Date = 2008-02-02 07:07:54 | Attr = ] WinPFind35u -> %UserProfile%\Desktop\WinPFind35u -> [Folder | Modified Date = 2008-03-08 13:10:52 | Attr = ] WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe -> [Ver = | Size = 481921 bytes | Modified Date = 2008-03-08 11:39:57 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 2008-03-08 13:20:34 | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]