[code] OTScanIt logfile created on: 3/23/2008 10:22:51 AM OTScanIt by OldTimer - Version 1.0.6.0 Folder = C:\Documents and Settings\Bryan\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.48 Mb Total Physical Memory | 210.72 Mb Available Physical Memory | 41.20% Memory free 1.22 Gb Paging File | 0.97 Gb Available in Paging File | 79.34% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 27.59 Gb Free Space | 37.02% Space Free | Partition Type: NTFS Drive D: | 476.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BRIAN Current User Name: Bryan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] isafe.exe -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 259184 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] kodakccs.exe -> %SystemRoot%\system32\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.4900.0 | Size = 294972 bytes | Modified Date = 6/18/2003 10:54:10 AM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ] scsiaccess.exe -> %SystemRoot%\system32\ScsiAccess.EXE -> [Ver = | Size = 181312 bytes | Modified Date = 2/4/2003 9:22:30 AM | Attr = ] vetmsg.exe -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 201840 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] yop.exe -> %ProgramFiles%\Yahoo!\YOP\yop.exe -> Yahoo! Inc. [Ver = 2006, 7, 20, 1 | Size = 407032 bytes | Modified Date = 7/21/2006 11:43:10 AM | Attr = ] usrmlnka.exe -> %SystemRoot%\system32\usrmlnka.exe -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 77891 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 1/1/2005 11:11:21 AM | Attr = ] nvmixertray.exe -> %ProgramFiles%\NVIDIA Corporation\NvMixer\NvMixerTray.exe -> NVIDIA Corporation [Ver = 1.0.451 | Size = 131072 bytes | Modified Date = 12/20/2004 5:12:36 PM | Attr = ] motivesb.exe -> %ProgramFiles%\SBC Self Support Tool\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.6.7.asst_classic.smartbridge.20031210_035000 | Size = 380928 bytes | Modified Date = 12/10/2003 4:52:40 AM | Attr = ] ipmon32.exe -> %ProgramFiles%\Visual Networks\Visual IP InSight\SBC\ipmon32.exe -> Visual Networks [Ver = 5.8.0.13 | Size = 122880 bytes | Modified Date = 6/11/2003 1:52:26 AM | Attr = ] usrshuta.exe -> %SystemRoot%\system32\usrshuta.exe -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 69700 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ] usrmlnka.exe -> %SystemRoot%\system32\usrmlnka.exe -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 77891 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ] ipclient.exe -> %ProgramFiles%\Visual Networks\Visual IP InSight\SBC\IPClient.exe -> Visual Networks [Ver = 5.8.0.13 | Size = 380928 bytes | Modified Date = 6/11/2003 1:52:24 AM | Attr = ] hpi_jetsend.exe -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe -> [Ver = 2.5.0.1 | Size = 585728 bytes | Modified Date = 8/22/2000 1:24:46 PM | Attr = ] hphmon05.exe -> %SystemRoot%\system32\hphmon05.exe -> Hewlett-Packard [Ver = 5,2,10 | Size = 495616 bytes | Modified Date = 2/2/2004 4:41:58 AM | Attr = ] hpztsb09.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.241.0.0 | Size = 176128 bytes | Modified Date = 12/4/2003 8:44:34 AM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 1/12/2005 2:54:58 PM | Attr = ] hpi_monitor.exe -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe -> Hewlett-Packard Company [Ver = 2.5.0.1 | Size = 32768 bytes | Modified Date = 8/22/2000 1:20:10 PM | Attr = ] cavrid.exe -> %ProgramFiles%\Yahoo!\Antivirus\CAVRid.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 185456 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] cavtray.exe -> %ProgramFiles%\Yahoo!\Antivirus\CAVTray.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 230512 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] cfd.exe -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 9:26:26 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 5:25:21 AM | Attr = ] mssysmgr.exe -> %ProgramFiles%\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe -> Simple Star, Inc. [Ver = 3.0.0.0 | Size = 163840 bytes | Modified Date = 1/21/2005 8:04:42 PM | Attr = ] ycommon.exe -> %ProgramFiles%\Yahoo!\browser\ycommon.exe -> Yahoo!, Inc. [Ver = 2006, 3, 2, 1 | Size = 200704 bytes | Modified Date = 3/3/2006 3:18:10 PM | Attr = ] reminder.exe -> %ProgramFiles%\U.S. Robotics\ControlCenter\Reminder.exe -> [Ver = | Size = 529920 bytes | Modified Date = 12/21/2001 6:05:58 PM | Attr = ] easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 2, 0, 4, 237 | Size = 614531 bytes | Modified Date = 6/25/2003 7:25:38 AM | Attr = ] trueassistant.exe -> %ProgramFiles%\TrueAssistant\TrueAssistant.exe -> Esaya, Inc. [Ver = 2, 1, 3, 5 | Size = 468992 bytes | Modified Date = 1/23/2006 2:30:56 PM | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 5/14/2003 2:45:04 AM | Attr = R ] ocrawr32.exe -> %SystemDrive%\OPLIMIT\OCRAWR32.EXE -> Caere Corporation [Ver = 5, 0, 0, 1 | Size = 41984 bytes | Modified Date = 3/19/1998 4:22:02 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.6.0 | Size = 311808 bytes | Modified Date = 3/19/2008 6:01:26 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.66.000 | Size = 77944 bytes | Modified Date = 8/10/2006 5:13:13 PM | Attr = ] (CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 259184 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 4:24:18 AM | Attr = ] (KodakCCS) Kodak Camera Connection Software [Win32_Own | Auto | Running] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.4900.0 | Size = 294972 bytes | Modified Date = 6/18/2003 10:54:10 AM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 5/14/2003 2:45:04 AM | Attr = R ] (ScsiAccess) ScsiAccess [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ScsiAccess.EXE -> [Ver = | Size = 181312 bytes | Modified Date = 2/4/2003 9:22:30 AM | Attr = ] (VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 201840 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] (YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 4:07:38 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> anvshell -> %SystemRoot%\anvshell.exe -> AsusTeK Computer Inc. [Ver = 1.00.00 | Size = 348160 bytes | Modified Date = 5/29/2003 3:53:56 AM | Attr = R ] BJCFD -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 9:26:26 PM | Attr = ] CaAvTray -> %ProgramFiles%\Yahoo!\Antivirus\CAVTray.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 230512 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] CAVRID -> %ProgramFiles%\Yahoo!\Antivirus\CAVRid.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 185456 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] CXMon -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe -> Hewlett-Packard Company [Ver = 2.5.0.1 | Size = 32768 bytes | Modified Date = 8/22/2000 1:20:10 PM | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 1/12/2005 2:54:58 PM | Attr = ] HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ] HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.241.0.0 | Size = 176128 bytes | Modified Date = 12/4/2003 8:44:34 AM | Attr = ] HPHmon05 -> %SystemRoot%\system32\hphmon05.exe -> Hewlett-Packard [Ver = 5,2,10 | Size = 495616 bytes | Modified Date = 2/2/2004 4:41:58 AM | Attr = ] HPHUPD05 -> %ProgramFiles%\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe -> Hewlett-Packard [Ver = 5,2,3 | Size = 49152 bytes | Modified Date = 11/12/2003 9:23:42 AM | Attr = ] HPIJetSend -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe -> [Ver = 2.5.0.1 | Size = 585728 bytes | Modified Date = 8/22/2000 1:24:46 PM | Attr = ] IPInSightLAN 02 -> %ProgramFiles%\Visual Networks\Visual IP InSight\SBC\IPClient.exe -> Visual Networks [Ver = 5.8.0.13 | Size = 380928 bytes | Modified Date = 6/11/2003 1:52:24 AM | Attr = ] IPInSightMonitor 02 -> %ProgramFiles%\Visual Networks\Visual IP InSight\SBC\ipmon32.exe -> Visual Networks [Ver = 5.8.0.13 | Size = 122880 bytes | Modified Date = 6/11/2003 1:52:26 AM | Attr = ] LiveNote -> %SystemRoot%\livenote.exe -> [Ver = | Size = 40960 bytes | Modified Date = 7/11/2002 9:31:44 AM | Attr = R ] Motive SmartBridge -> %ProgramFiles%\SBC Self Support Tool\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.6.7.asst_classic.smartbridge.20031210_035000 | Size = 380928 bytes | Modified Date = 12/10/2003 4:52:40 AM | Attr = ] NeroCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 6:50:42 AM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 8523776 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 81920 bytes | Modified Date = 12/5/2007 2:41:00 AM | Attr = ] NVMixerTray -> %ProgramFiles%\NVIDIA Corporation\NvMixer\NvMixerTray.exe -> NVIDIA Corporation [Ver = 1.0.451 | Size = 131072 bytes | Modified Date = 12/20/2004 5:12:36 PM | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ] RegistrySmart -> %ProgramFiles%\RegistrySmart\RegistrySmart.exe -> [Ver = 2, 6, 2, 0 | Size = 7615984 bytes | Modified Date = 5/10/2007 12:38:52 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 5:25:21 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 1/1/2005 11:11:21 AM | Attr = ] USRpdA -> -> File not found YOP -> %ProgramFiles%\Yahoo!\YOP\yop.exe -> Yahoo! Inc. [Ver = 2006, 7, 20, 1 | Size = 407032 bytes | Modified Date = 7/21/2006 11:43:10 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> PhotoShow Deluxe Media Manager -> %ProgramFiles%\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe -> Simple Star, Inc. [Ver = 3.0.0.0 | Size = 163840 bytes | Modified Date = 1/21/2005 8:04:42 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> PhotoShow Deluxe Media Manager -> %ProgramFiles%\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe -> Simple Star, Inc. [Ver = 3.0.0.0 | Size = 163840 bytes | Modified Date = 1/21/2005 8:04:42 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk -> %CommonProgramFiles%\Autodesk Shared\acstart16.exe -> Autodesk, Inc [Ver = 16.2.54.0 | Size = 10872 bytes | Modified Date = 3/5/2005 9:18:22 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Instant Update Reminder.lnk -> %ProgramFiles%\U.S. Robotics\ControlCenter\Reminder.exe -> [Ver = | Size = 529920 bytes | Modified Date = 12/21/2001 6:05:58 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 2, 0, 4, 237 | Size = 614531 bytes | Modified Date = 6/25/2003 7:25:38 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\SBC Self Support Tool.lnk -> %ProgramFiles%\SBC Self Support Tool\bin\matcli.exe -> Motive Communications, Inc. [Ver = 5.6.1.asst_classic.asst_matcli.20031010_085000 | Size = 217088 bytes | Modified Date = 10/10/2003 9:06:10 AM | Attr = ] < Amy Startup Folder > -> C:\Documents and Settings\Amy\Start Menu\Programs\Startup -> < Bryan Startup Folder > -> C:\Documents and Settings\Bryan\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\OCRAWARE.lnk -> %SystemDrive%\OPLIMIT\OCRAWARE.EXE -> Caere Corporation [Ver = | Size = 51360 bytes | Modified Date = 7/18/1998 12:26:06 PM | Attr = ] %UserProfile%\Start Menu\Programs\Startup\TrueAssistant.lnk -> %ProgramFiles%\TrueAssistant\TrueAssistant.exe -> Esaya, Inc. [Ver = 2, 1, 3, 5 | Size = 468992 bytes | Modified Date = 1/23/2006 2:30:56 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://google.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1;localhost -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\: Main\\Default_Search_URL -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\: Main\\Start Page -> http://google.com/ -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\: ProxyOverride -> 127.0.0.1;localhost -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn8\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 1:02:04 PM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 5:25:19 AM | Attr = ] {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn8\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn8\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn8\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 5:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 5:25:19 AM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\ylogin.dll [] -> Yahoo! Inc. [Ver = 2004, 6, 11, 1 | Size = 128216 bytes | Modified Date = 6/11/2004 6:07:16 PM | Attr = ] CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\ylogin.dll [] -> Yahoo! Inc. [Ver = 2004, 6, 11, 1 | Size = 128216 bytes | Modified Date = 6/11/2004 6:07:16 PM | Attr = ] CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 2:56:24 PM | Attr = ] < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> YPC 3.2.0 -> Yahoo! Parental Controls -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {8CDA5B90-84A3-47CE-AF0F-B1FE19792404} -> (NVIDIA nForce MCP Networking Adapter) -> {AB163A87-896E-405D-B7E4-2B2273C84CE2} -> (3Com 3C920B-EMB Integrated Fast Ethernet Controller) -> {AC70E35F-2504-4CF9-AC78-A406BECF845B} -> (1394 Net Adapter) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000023 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> Belarc, Inc. [Ver = 7.2x | Size = 106496 bytes | Modified Date = 3/6/2008 6:37:36 PM | Attr = ] cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.6.2 | Size = 81920 bytes | Modified Date = 1/12/2005 2:54:56 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}[HKEY_LOCAL_MACHINE] -> http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[FilePlanet Download Control Class] -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc.cab[Office Update Installation Engine] -> {4C39376E-FA9D-4349-BACC-D305C1750EF3}[HKEY_LOCAL_MACHINE] -> http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab[EPUImageControl Class] -> {56336BCB-3D8A-11D6-A00B-0050DA18DE71}[HKEY_LOCAL_MACHINE] -> http://software-dl.real.com/073c65eab0fea8e41417/netzip/RdxIE601.cab[RdxIE Class] -> {62475759-9E84-458E-A1AB-5D2C442ADFDE}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe[Reg Error: Key does not exist or could not be opened.] -> {74D05D43-3236-11D4-BDCD-00C04F9A3B61}[HKEY_LOCAL_MACHINE] -> http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[HouseCall Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3}[HKEY_LOCAL_MACHINE] -> http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab[RegConfig Class] -> {9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37945.7604398148[Reg Error: Key does not exist or could not be opened.] -> {A17E30C4-A9BA-11D4-8673-60DB54C10000}[HKEY_LOCAL_MACHINE] -> http://download.yahoo.com/dl/installs/ymail/ymmapi.dll[YahooYMailTo Class] -> {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}[HKEY_LOCAL_MACHINE] -> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[MsnMessengerSetupDownloadControl Class] -> {B9191F79-5613-4C76-AA2A-398534BB8999}[HKEY_LOCAL_MACHINE] -> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[YAddBook Class] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D18F962A-3722-4B59-B08D-28BB9EB2281E}[HKEY_LOCAL_MACHINE] -> http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab[PhotosCtrl Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> {E855A2D4-987E-4F3B-A51C-64D10A7E2479}[HKEY_LOCAL_MACHINE] -> http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab[EPSImageControl Class] -> {F54C1137-5E34-4B95-95A5-BA56D4D8D743}[HKEY_LOCAL_MACHINE] -> http://www.gamespot.com/KDX/kdx.cab[Secure Delivery] -> {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}[HKEY_LOCAL_MACHINE] -> http://chat.msn.com/bin/msnchat45.cab[MSN Chat Control 4.5] -> {FFFFFFFF-CACE-BABE-BABE-00AA0055595A}[HKEY_LOCAL_MACHINE] -> http://www.trueswitch.com/sbcyahoo/TrueInstallSBC.exe[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> Yahoo! Chat[HKEY_LOCAL_MACHINE] -> http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab[Reg Error: Key does not exist or could not be opened.] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1092 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11752 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91640 bytes | Modified Date = 1/19/2007 1:49:30 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe -> C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe [C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe:*:Enabled:JetSendTray Application] -> [Ver = 2.5.0.1 | Size = 585728 bytes | Modified Date = 8/22/2000 1:24:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\kdx\khost.exe -> C:\WINDOWS\kdx\khost.exe [C:\WINDOWS\kdx\khost.exe:*:Enabled:Secure Delivery Plug-In] -> Kontiki Inc. [Ver = 2.20.40120.0 | Size = 1757184 bytes | Modified Date = 1/20/2004 11:45:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe -> C:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe [C:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe:*:Enabled:Client] -> [Ver = 1, 0, 0, 1 | Size = 937984 bytes | Modified Date = 4/17/2002 3:42:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> LimeWire [Ver = 1.0.0.2 | Size = 700416 bytes | Modified Date = 10/31/2005 11:56:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp\LimeWire.exe -> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp\LimeWire.exe [C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 81920 bytes | Modified Date = 9/14/2005 4:12:17 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 3/16/2008 9:31:37 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\UnrealTournament\System\UnrealTournament.exe -> C:\UnrealTournament\System\UnrealTournament.exe [C:\UnrealTournament\System\UnrealTournament.exe:*:Disabled:UnrealTournament] -> [Ver = | Size = 241664 bytes | Modified Date = 6/4/2007 9:18:47 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe -> C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe [C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Disabled:BattlefrontII] -> [Ver = | Size = 7790592 bytes | Modified Date = 10/6/2005 3:31:27 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LucasArts\Star Wars Battlefront\GameData\Battlefront.exe -> C:\Program Files\LucasArts\Star Wars Battlefront\GameData\Battlefront.exe [C:\Program Files\LucasArts\Star Wars Battlefront\GameData\Battlefront.exe:LocalSubNet:Disabled:Battlefront] -> [Ver = | Size = 5128192 bytes | Modified Date = 8/30/2004 3:17:12 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield Vietnam\BfVietnam.exe -> C:\Program Files\EA GAMES\Battlefield Vietnam\BfVietnam.exe [C:\Program Files\EA GAMES\Battlefield Vietnam\BfVietnam.exe:LocalSubNet:Enabled:BfVietnam] -> [Ver = | Size = 9688576 bytes | Modified Date = 10/19/2004 3:32:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{8CDA5B90-84A3-47CE-AF0F-B1FE19792404} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{AB163A87-896E-405D-B7E4-2B2273C84CE2} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{62CD8233-636F-4398-AA13-E7400AEF4ABE} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{BA10AC3E-7314-48EC-8CFD-BAD4ED20441B} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> C:\WINDOWS\system32\0.exe [0] -> [Folder | Modified Date = 3/17/2008 6:37:50 PM | Attr = RHS] < ControlSets > HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 1 -> [Files/Folders - Created Within 90 days] 327882R2FWJFW -> %SystemDrive%\327882R2FWJFW -> [Folder | Created Date = 3/23/2008 9:57:04 AM | Attr = ] archivos de programa -> %SystemDrive%\archivos de programa -> [Ver = | Size = 234 bytes | Created Date = 3/17/2008 6:37:59 PM | Attr = RH ] bde -> %SystemDrive%\bde -> [Ver = | Size = 222 bytes | Created Date = 3/17/2008 6:37:30 PM | Attr = RH ] e2g -> %SystemDrive%\e2g -> [Ver = | Size = 228 bytes | Created Date = 3/17/2008 6:37:39 PM | Attr = RH ] hellmsn.exe -> %SystemDrive%\hellmsn.exe -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] ntldr.exe -> %SystemDrive%\ntldr.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 3/22/2008 6:42:04 PM | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 3/23/2008 8:32:17 AM | Attr = ] spedia -> %SystemDrive%\spedia -> [Ver = | Size = 234 bytes | Created Date = 3/17/2008 6:37:57 PM | Attr = RH ] Start_.cmd -> %SystemDrive%\Start_.cmd -> [Ver = | Size = 3592 bytes | Created Date = 3/23/2008 9:57:05 AM | Attr = ] temp_kl -> %SystemDrive%\temp_kl -> [Ver = | Size = 234 bytes | Created Date = 3/17/2008 6:37:59 PM | Attr = RH ] windowsupdate -> %SystemRoot%update -> [Ver = | Size = 248 bytes | Created Date = 3/17/2008 6:37:40 PM | Attr = RH ] winssystem.exe -> %SystemDrive%\winssystem.exe -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 3/23/2008 9:27:00 AM | Attr = ] 0.exe -> %SystemRoot%\System32\0.exe -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] 007guard.exe -> %SystemRoot%\System32\007guard.exe -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] 1.00.07.dll -> %SystemRoot%\System32\1.00.07.dll -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] 1hellbot.exe -> %SystemRoot%\System32\1hellbot.exe -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] 2020search.dll -> %SystemRoot%\System32\2020search.dll -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] 2020search2.dll -> %SystemRoot%\System32\2020search2.dll -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] 2ndsrch.dll -> %SystemRoot%\System32\2ndsrch.dll -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] 2searchinstaller.exe -> %SystemRoot%\System32\2searchinstaller.exe -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] 2_0_1browserhelper2.dll -> %SystemRoot%\System32\2_0_1browserhelper2.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] 3_0_1browserhelper3.dll -> %SystemRoot%\System32\3_0_1browserhelper3.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] 4ccc3cea.exe -> %SystemRoot%\System32\4ccc3cea.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] 5_0_1browserhelper5.dll -> %SystemRoot%\System32\5_0_1browserhelper5.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] 666.exe -> %SystemRoot%\System32\666.exe -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] 6fo4svc.dll -> %SystemRoot%\System32\6fo4svc.dll -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS] 7search.dll -> %SystemRoot%\System32\7search.dll -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] a.exe -> %SystemRoot%\System32\a.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] abeb.dll -> %SystemRoot%\System32\abeb.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] abs.exe -> %SystemRoot%\System32\abs.exe -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] absnro.dll -> %SystemRoot%\System32\absnro.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] acd.dll -> %SystemRoot%\System32\acd.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] actidmoc.exe -> %SystemRoot%\System32\actidmoc.exe -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] adcache -> %SystemRoot%\System32\adcache -> [Ver = | Size = 228 bytes | Created Date = 3/17/2008 6:37:37 PM | Attr = RH ] adchkr.exe -> %SystemRoot%\System32\adchkr.exe -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] adddx.dll -> %SystemRoot%\System32\adddx.dll -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] addgp32.exe -> %SystemRoot%\System32\addgp32.exe -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] addwh32.exe -> %SystemRoot%\System32\addwh32.exe -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] adimage.dll -> %SystemRoot%\System32\adimage.dll -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] admeiolo.dll -> %SystemRoot%\System32\admeiolo.dll -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] adv.dll -> %SystemRoot%\System32\adv.dll -> [Folder | Created Date = 3/17/2008 6:37:49 PM | Attr = RHS] advert.dll -> %SystemRoot%\System32\advert.dll -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] advertcontrolxcontrol.ocx -> %SystemRoot%\System32\advertcontrolxcontrol.ocx -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] aess2.dll -> %SystemRoot%\System32\aess2.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] amcis.dll -> %SystemRoot%\System32\amcis.dll -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] amcis2.dll -> %SystemRoot%\System32\amcis2.dll -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] amcis3.dll -> %SystemRoot%\System32\amcis3.dll -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] anaamon.dll -> %SystemRoot%\System32\anaamon.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] anadsc.ocx -> %SystemRoot%\System32\anadsc.ocx -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] anadscb.ocx -> %SystemRoot%\System32\anadscb.ocx -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] angelex.exe -> %SystemRoot%\System32\angelex.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] anti_troj.exe -> %SystemRoot%\System32\anti_troj.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] apica.exe -> %SystemRoot%\System32\apica.exe -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] apioe.exe -> %SystemRoot%\System32\apioe.exe -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] apivy.exe -> %SystemRoot%\System32\apivy.exe -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] aplsp.dll -> %SystemRoot%\System32\aplsp.dll -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] appio.exe -> %SystemRoot%\System32\appio.exe -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] appis32.exe -> %SystemRoot%\System32\appis32.exe -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] appjc32.exe -> %SystemRoot%\System32\appjc32.exe -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] appoe32.exe -> %SystemRoot%\System32\appoe32.exe -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] arb1tal.dll -> %SystemRoot%\System32\arb1tal.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] askearth17.exe -> %SystemRoot%\System32\askearth17.exe -> [Folder | Created Date = 3/17/2008 6:37:39 PM | Attr = RHS] ast.exe -> %SystemRoot%\System32\ast.exe -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] astctl32.dll -> %SystemRoot%\System32\astctl32.dll -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] astctl32.ocx -> %SystemRoot%\System32\astctl32.ocx -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] atlhy.exe -> %SystemRoot%\System32\atlhy.exe -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] atlkt32.exe -> %SystemRoot%\System32\atlkt32.exe -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] atlpv32.exe -> %SystemRoot%\System32\atlpv32.exe -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] atmon.exe -> %SystemRoot%\System32\atmon.exe -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] atpartners.dll -> %SystemRoot%\System32\atpartners.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] auole4.dll -> %SystemRoot%\System32\auole4.dll -> [Folder | Created Date = 3/17/2008 6:37:54 PM | Attr = RHS] aupdate.exe -> %SystemRoot%\System32\aupdate.exe -> [Folder | Created Date = 3/17/2008 6:37:48 PM | Attr = RHS] aupdate_uninstall.exe -> %SystemRoot%\System32\aupdate_uninstall.exe -> [Folder | Created Date = 3/17/2008 6:37:48 PM | Attr = RHS] autosearch.dll -> %SystemRoot%\System32\autosearch.dll -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] avifipxr.dll -> %SystemRoot%\System32\avifipxr.dll -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] avpcc.dll -> %SystemRoot%\System32\avpcc.dll -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] avpe32.dll -> %SystemRoot%\System32\avpe32.dll -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] avpi32.dll -> %SystemRoot%\System32\avpi32.dll -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] avpp32.dll -> %SystemRoot%\System32\avpp32.dll -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] avpr.exe -> %SystemRoot%\System32\avpr.exe -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] avpx32.dll -> %SystemRoot%\System32\avpx32.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] avpx32.sys -> %SystemRoot%\System32\avpx32.sys -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] avpx64.sys -> %SystemRoot%\System32\avpx64.sys -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] axconfig.dll -> %SystemRoot%\System32\axconfig.dll -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] axxt32.dll -> %SystemRoot%\System32\axxt32.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] barbho.dll -> %SystemRoot%\System32\barbho.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] bawindo.exe -> %SystemRoot%\System32\bawindo.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] bawindo.exeopen -> %SystemRoot%\System32\bawindo.exeopen -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] bawindo.exeopenopen -> %SystemRoot%\System32\bawindo.exeopenopen -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] bbchk.exe -> %SystemRoot%\System32\bbchk.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] bdedata2.dll -> %SystemRoot%\System32\bdedata2.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] bdedownloader.dll -> %SystemRoot%\System32\bdedownloader.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] bdefdi.dll -> %SystemRoot%\System32\bdefdi.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] bdeinsta2.dll -> %SystemRoot%\System32\bdeinsta2.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] bdeinstall.exe -> %SystemRoot%\System32\bdeinstall.exe -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] bdesecureinstall.cab -> %SystemRoot%\System32\bdesecureinstall.cab -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] bdesecureinstall.exe -> %SystemRoot%\System32\bdesecureinstall.exe -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] bdeverify.dll -> %SystemRoot%\System32\bdeverify.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] bdle4012.exe -> %SystemRoot%\System32\bdle4012.exe -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] belop.dll -> %SystemRoot%\System32\belop.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] bho001.dll -> %SystemRoot%\System32\bho001.dll -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] bik.exe -> %SystemRoot%\System32\bik.exe -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] bkmsf32.dat -> %SystemRoot%\System32\bkmsf32.dat -> [Folder | Created Date = 3/17/2008 6:37:40 PM | Attr = RHS] bmeb.dll -> %SystemRoot%\System32\bmeb.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] bmtdhh.dll -> %SystemRoot%\System32\bmtdhh.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] boot32.sys -> %SystemRoot%\System32\boot32.sys -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] botzor.exe -> %SystemRoot%\System32\botzor.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] bpln.dll -> %SystemRoot%\System32\bpln.dll -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] bpv1a.dll -> %SystemRoot%\System32\bpv1a.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] bpv2s.dll -> %SystemRoot%\System32\bpv2s.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] bpv2t.dll -> %SystemRoot%\System32\bpv2t.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] bridge.dll -> %SystemRoot%\System32\bridge.dll -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] broweraidtoolbar.dll -> %SystemRoot%\System32\broweraidtoolbar.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] brwconf.exe -> %SystemRoot%\System32\brwconf.exe -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] brwmgr32.dll -> %SystemRoot%\System32\brwmgr32.dll -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] brwperf.exe -> %SystemRoot%\System32\brwperf.exe -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] brwprf32.dll -> %SystemRoot%\System32\brwprf32.dll -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] brwstat.dll -> %SystemRoot%\System32\brwstat.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] bs2.dll -> %SystemRoot%\System32\bs2.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] bs3.dll -> %SystemRoot%\System32\bs3.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] bsx5.dll -> %SystemRoot%\System32\bsx5.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] btiein.dll -> %SystemRoot%\System32\btiein.dll -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] bundler_mpb_sb.exe -> %SystemRoot%\System32\bundler_mpb_sb.exe -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] bxsx5.dll -> %SystemRoot%\System32\bxsx5.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] bxxs5.dll -> %SystemRoot%\System32\bxxs5.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] c3.dll -> %SystemRoot%\System32\c3.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] c3.sys -> %SystemRoot%\System32\c3.sys -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] c4.sys -> %SystemRoot%\System32\c4.sys -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] calsp.dll -> %SystemRoot%\System32\calsp.dll -> [Folder | Created Date = 3/17/2008 6:37:37 PM | Attr = RHS] camodpnm.exe -> %SystemRoot%\System32\camodpnm.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] casldr.dll -> %SystemRoot%\System32\casldr.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] ccsrs.exe -> %SystemRoot%\System32\ccsrs.exe -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] cdlsp.dll -> %SystemRoot%\System32\cdlsp.dll -> [Folder | Created Date = 3/17/2008 6:37:37 PM | Attr = RHS] cdsync.dll -> %SystemRoot%\System32\cdsync.dll -> [Folder | Created Date = 3/17/2008 6:37:37 PM | Attr = RHS] cd_clint.exe -> %SystemRoot%\System32\cd_clint.exe -> [Folder | Created Date = 3/17/2008 6:37:37 PM | Attr = RHS] cd_gif.dll -> %SystemRoot%\System32\cd_gif.dll -> [Folder | Created Date = 3/17/2008 6:37:37 PM | Attr = RHS] cd_htm.dll -> %SystemRoot%\System32\cd_htm.dll -> [Folder | Created Date = 3/17/2008 6:37:37 PM | Attr = RHS] cd_load.exe -> %SystemRoot%\System32\cd_load.exe -> [Folder | Created Date = 3/17/2008 6:37:37 PM | Attr = RHS] cd_swf.dll -> %SystemRoot%\System32\cd_swf.dll -> [Folder | Created Date = 3/17/2008 6:37:37 PM | Attr = RHS] cert32.dll -> %SystemRoot%\System32\cert32.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] chgrgs.dll -> %SystemRoot%\System32\chgrgs.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] chkmfdep.exe -> %SystemRoot%\System32\chkmfdep.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] cidrules.dll -> %SystemRoot%\System32\cidrules.dll -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS] cm.dll -> %SystemRoot%\System32\cm.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] comload.dll -> %SystemRoot%\System32\comload.dll -> [Folder | Created Date = 3/17/2008 6:37:37 PM | Attr = RHS] comploader.dll -> %SystemRoot%\System32\comploader.dll -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] comrkbdd.exe -> %SystemRoot%\System32\comrkbdd.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] confbrw.dll -> %SystemRoot%\System32\confbrw.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] coolbot.exe -> %SystemRoot%\System32\coolbot.exe -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] coolwebsearch-info.dll -> %SystemRoot%\System32\coolwebsearch-info.dll -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] crby32.exe -> %SystemRoot%\System32\crby32.exe -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] crcz.exe -> %SystemRoot%\System32\crcz.exe -> [Folder | Created Date = 3/17/2008 6:37:33 PM | Attr = RHS] criticalupdater.exe -> %SystemRoot%\System32\criticalupdater.exe -> [Folder | Created Date = 3/17/2008 6:37:33 PM | Attr = RHS] crko.exe -> %SystemRoot%\System32\crko.exe -> [Folder | Created Date = 3/17/2008 6:37:33 PM | Attr = RHS] crocopop32.exe -> %SystemRoot%\System32\crocopop32.exe -> [Folder | Created Date = 3/17/2008 6:37:37 PM | Attr = RHS] crsw32.exe -> %SystemRoot%\System32\crsw32.exe -> [Folder | Created Date = 3/17/2008 6:37:33 PM | Attr = RHS] crxa.exe -> %SystemRoot%\System32\crxa.exe -> [Folder | Created Date = 3/17/2008 6:37:33 PM | Attr = RHS] csie.dll -> %SystemRoot%\System32\csie.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] csm.exe -> %SystemRoot%\System32\csm.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] ctbhooks.dll -> %SystemRoot%\System32\ctbhooks.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] ctf -> %SystemRoot%\System32\ctf -> [Ver = | Size = 248 bytes | Created Date = 3/17/2008 6:37:40 PM | Attr = RH ] ctfmon32.exe -> %SystemRoot%\System32\ctfmon32.exe -> [Folder | Created Date = 3/17/2008 6:37:33 PM | Attr = RHS] ctrlpan.dll -> %SystemRoot%\System32\ctrlpan.dll -> [Folder | Created Date = 3/17/2008 6:37:33 PM | Attr = RHS] customtoolbar.dll -> %SystemRoot%\System32\customtoolbar.dll -> [Folder | Created Date = 3/17/2008 6:37:37 PM | Attr = RHS] cz.dll -> %SystemRoot%\System32\cz.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] d3fm.exe -> %SystemRoot%\System32\d3fm.exe -> [Folder | Created Date = 3/17/2008 6:37:33 PM | Attr = RHS] d3gj.exe -> %SystemRoot%\System32\d3gj.exe -> [Folder | Created Date = 3/17/2008 6:37:33 PM | Attr = RHS] d3ul32.exe -> %SystemRoot%\System32\d3ul32.exe -> [Folder | Created Date = 3/17/2008 6:37:33 PM | Attr = RHS] dad.bat -> %SystemRoot%\System32\dad.bat -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS] davctool.dll -> %SystemRoot%\System32\davctool.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] davctool.exe -> %SystemRoot%\System32\davctool.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] dcomcfg.exe -> %SystemRoot%\System32\dcomcfg.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] dcomuser.exe -> %SystemRoot%\System32\dcomuser.exe -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] ddemdmco.dll -> %SystemRoot%\System32\ddemdmco.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] debugg.dll -> %SystemRoot%\System32\debugg.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] delj.dll -> %SystemRoot%\System32\delj.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] deltaclick.dll -> %SystemRoot%\System32\deltaclick.dll -> [Folder | Created Date = 3/17/2008 6:37:38 PM | Attr = RHS] deskmcd3.dll -> %SystemRoot%\System32\deskmcd3.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] dfe1.exe -> %SystemRoot%\System32\dfe1.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] dfrgsrv.exe -> %SystemRoot%\System32\dfrgsrv.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] df_kme.exe -> %SystemRoot%\System32\df_kme.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] dhcp32 -> %SystemRoot%\System32\dhcp32 -> [Ver = | Size = 248 bytes | Created Date = 3/17/2008 6:37:28 PM | Attr = RH ] dhtmlaccess.dll -> %SystemRoot%\System32\dhtmlaccess.dll -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] diabolo.exe -> %SystemRoot%\System32\diabolo.exe -> [Folder | Created Date = 3/17/2008 6:37:38 PM | Attr = RHS] dialeroffline.dll -> %SystemRoot%\System32\dialeroffline.dll -> [Folder | Created Date = 3/17/2008 6:37:38 PM | Attr = RHS] disable.dll -> %SystemRoot%\System32\disable.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] disable1.dll -> %SystemRoot%\System32\disable1.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] dlgli.exe -> %SystemRoot%\System32\dlgli.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] dlh0st.dll -> %SystemRoot%\System32\dlh0st.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] dnse.dll -> %SystemRoot%\System32\dnse.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] dnserr.dll -> %SystemRoot%\System32\dnserr.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] dnsrelay.dll -> %SystemRoot%\System32\dnsrelay.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] dnsrxpob.exe -> %SystemRoot%\System32\dnsrxpob.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] dolsp.dll -> %SystemRoot%\System32\dolsp.dll -> [Folder | Created Date = 3/17/2008 6:37:38 PM | Attr = RHS] doriot.exe -> %SystemRoot%\System32\doriot.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] dpugmswe.dll -> %SystemRoot%\System32\dpugmswe.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] draw32.dll -> %SystemRoot%\System32\draw32.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] drbr.dll -> %SystemRoot%\System32\drbr.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] drct16.dll -> %SystemRoot%\System32\drct16.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] dreampopper.dll -> %SystemRoot%\System32\dreampopper.dll -> [Folder | Created Date = 3/17/2008 6:37:39 PM | Attr = RHS] dreplace.dll -> %SystemRoot%\System32\dreplace.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] drpmon.dll -> %SystemRoot%\System32\drpmon.dll -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] drvddll.exe -> %SystemRoot%\System32\drvddll.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] drvddll.exeopen -> %SystemRoot%\System32\drvddll.exeopen -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] drvddll.exeopenopen -> %SystemRoot%\System32\drvddll.exeopenopen -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] ds.exe -> %SystemRoot%\System32\ds.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] dsseds32.dll -> %SystemRoot%\System32\dsseds32.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] dsseds32.exe -> %SystemRoot%\System32\dsseds32.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] duel.exe -> %SystemRoot%\System32\duel.exe -> [Folder | Created Date = 3/17/2008 6:37:49 PM | Attr = RHS] dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 3/17/2008 6:51:29 PM | Attr = ] dun.exe -> %SystemRoot%\System32\dun.exe -> [Folder | Created Date = 3/17/2008 6:37:37 PM | Attr = RHS] dvb03a.dll -> %SystemRoot%\System32\dvb03a.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] dvb03a.sys -> %SystemRoot%\System32\dvb03a.sys -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] dvb06a.sys -> %SystemRoot%\System32\dvb06a.sys -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] dxm8vb.dll -> %SystemRoot%\System32\dxm8vb.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] dxmpp.dll -> %SystemRoot%\System32\dxmpp.dll -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] dxtpdx.dll -> %SystemRoot%\System32\dxtpdx.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] easywww.exe -> %SystemRoot%\System32\easywww.exe -> [Folder | Created Date = 3/17/2008 6:37:39 PM | Attr = RHS] easywww2.exe -> %SystemRoot%\System32\easywww2.exe -> [Folder | Created Date = 3/17/2008 6:37:39 PM | Attr = RHS] easywww3.exe -> %SystemRoot%\System32\easywww3.exe -> [Folder | Created Date = 3/17/2008 6:37:39 PM | Attr = RHS] eetvpn.dll -> %SystemRoot%\System32\eetvpn.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] eetvpn.sys -> %SystemRoot%\System32\eetvpn.sys -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] eexvpn.sys -> %SystemRoot%\System32\eexvpn.sys -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] egdhtml_1023.dll -> %SystemRoot%\System32\egdhtml_1023.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] egdhtml_1024.dll -> %SystemRoot%\System32\egdhtml_1024.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] egdhtml_1025.dll -> %SystemRoot%\System32\egdhtml_1025.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] egdhtml_1026.dll -> %SystemRoot%\System32\egdhtml_1026.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] egdhtml_1027.dll -> %SystemRoot%\System32\egdhtml_1027.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] egdial.dll -> %SystemRoot%\System32\egdial.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] eghtmldialer.dll -> %SystemRoot%\System32\eghtmldialer.dll -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] ei.exe -> %SystemRoot%\System32\ei.exe -> [Folder | Created Date = 3/17/2008 6:37:39 PM | Attr = RHS] emesx.dll -> %SystemRoot%\System32\emesx.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] eros.exe -> %SystemRoot%\System32\eros.exe -> [Folder | Created Date = 3/17/2008 6:37:40 PM | Attr = RHS] estartlinkrotater.exe -> %SystemRoot%\System32\estartlinkrotater.exe -> [Folder | Created Date = 3/17/2008 6:37:40 PM | Attr = RHS] evil.exe -> %SystemRoot%\System32\evil.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] excel10.dll -> %SystemRoot%\System32\excel10.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] exclean.exe -> %SystemRoot%\System32\exclean.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] exdl.exe -> %SystemRoot%\System32\exdl.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] exdl0.exe -> %SystemRoot%\System32\exdl0.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] exdl1.exe -> %SystemRoot%\System32\exdl1.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] exdl2.exe -> %SystemRoot%\System32\exdl2.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] exdl3.exe -> %SystemRoot%\System32\exdl3.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] exefld -> %SystemRoot%\System32\exefld -> [Ver = | Size = 236 bytes | Created Date = 3/17/2008 6:37:29 PM | Attr = RH ] expext.dll -> %SystemRoot%\System32\expext.dll -> [Folder | Created Date = 3/17/2008 6:37:40 PM | Attr = RHS] expup.exe -> %SystemRoot%\System32\expup.exe -> [Folder | Created Date = 3/17/2008 6:37:40 PM | Attr = RHS] exul.exe -> %SystemRoot%\System32\exul.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] exul1.exe -> %SystemRoot%\System32\exul1.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] exul3.exe -> %SystemRoot%\System32\exul3.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] ezpopstub.exe -> %SystemRoot%\System32\ezpopstub.exe -> [Folder | Created Date = 3/17/2008 6:37:40 PM | Attr = RHS] ezxiiyv.exe -> %SystemRoot%\System32\ezxiiyv.exe -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] f0r0r -> %SystemRoot%\System32\f0r0r -> [Ver = | Size = 226 bytes | Created Date = 3/17/2008 6:37:40 PM | Attr = RH ] f1.dll -> %SystemRoot%\System32\f1.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] famcff.dll -> %SystemRoot%\System32\famcff.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] farmmext.exe -> %SystemRoot%\System32\farmmext.exe -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] fastseekertoolbar.dll -> %SystemRoot%\System32\fastseekertoolbar.dll -> [Folder | Created Date = 3/17/2008 6:37:40 PM | Attr = RHS] favboot.dll -> %SystemRoot%\System32\favboot.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] favman.dll -> %SystemRoot%\System32\favman.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] favorite.dll -> %SystemRoot%\System32\favorite.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] fcyberalert -> %SystemRoot%\System32\fcyberalert -> [Ver = | Size = 252 bytes | Created Date = 3/17/2008 6:37:40 PM | Attr = RH ] fdsv.exe -> %SystemRoot%\System32\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 3/22/2008 6:41:56 PM | Attr = ] feeds -> %SystemRoot%\System32\feeds -> [Ver = | Size = 230 bytes | Created Date = 3/17/2008 6:37:27 PM | Attr = RH ] filekiller.dll -> %SystemRoot%\System32\filekiller.dll -> [Folder | Created Date = 3/17/2008 6:37:26 PM | Attr = RHS] fileserv.dll -> %SystemRoot%\System32\fileserv.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] filgmo.exe -> %SystemRoot%\System32\filgmo.exe -> [Folder | Created Date = 3/17/2008 6:37:39 PM | Attr = RHS] fixupdattr.exe -> %SystemRoot%\System32\fixupdattr.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] fk.dll -> %SystemRoot%\System32\fk.dll -> [Folder | Created Date = 3/17/2008 6:37:26 PM | Attr = RHS] flcp.dll -> %SystemRoot%\System32\flcp.dll -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] flt.dll -> %SystemRoot%\System32\flt.dll -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] fltlauto.exe -> %SystemRoot%\System32\fltlauto.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] fone.dll -> %SystemRoot%\System32\fone.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] ftapp.dll -> %SystemRoot%\System32\ftapp.dll -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] fuck.exe -> %SystemRoot%\System32\fuck.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] fuxx32.dll -> %SystemRoot%\System32\fuxx32.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] fwntoolbar.dll -> %SystemRoot%\System32\fwntoolbar.dll -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] game1.exe -> %SystemRoot%\System32\game1.exe -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] game2.exe -> %SystemRoot%\System32\game2.exe -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] game3.exe -> %SystemRoot%\System32\game3.exe -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] gcasctrl.exe -> %SystemRoot%\System32\gcasctrl.exe -> [Folder | Created Date = 3/17/2008 6:37:48 PM | Attr = RHS] gdu.dll -> %SystemRoot%\System32\gdu.dll -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS] gegnba.dll -> %SystemRoot%\System32\gegnba.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] gejafa.dll -> %SystemRoot%\System32\gejafa.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] ginuerep.dll -> %SystemRoot%\System32\ginuerep.dll -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] gln.dll -> %SystemRoot%\System32\gln.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] gold2.dll -> %SystemRoot%\System32\gold2.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] google.png.exe -> %SystemRoot%\System32\google.png.exe -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] googlems.dll -> %SystemRoot%\System32\googlems.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] gothica.exe -> %SystemRoot%\System32\gothica.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] goupdate.exe -> %SystemRoot%\System32\goupdate.exe -> [Folder | Created Date = 3/17/2008 6:37:40 PM | Attr = RHS] gr02.dll -> %SystemRoot%\System32\gr02.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 3/22/2008 6:41:56 PM | Attr = ] gsim.dll -> %SystemRoot%\System32\gsim.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] gws.dll -> %SystemRoot%\System32\gws.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] hbmail.exe -> %SystemRoot%\System32\hbmail.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] hhselz32.dll -> %SystemRoot%\System32\hhselz32.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] higehsg.dll -> %SystemRoot%\System32\higehsg.dll -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] highlighthelper.dll -> %SystemRoot%\System32\highlighthelper.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] hldrrr.exe -> %SystemRoot%\System32\hldrrr.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] hlmk.dll -> %SystemRoot%\System32\hlmk.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] hm.sys -> %SystemRoot%\System32\hm.sys -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] hmepge.dll -> %SystemRoot%\System32\hmepge.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] homepage.dll -> %SystemRoot%\System32\homepage.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] hook1.dll -> %SystemRoot%\System32\hook1.dll -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] hook2.dll -> %SystemRoot%\System32\hook2.dll -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] hookpopup.dll -> %SystemRoot%\System32\hookpopup.dll -> [Folder | Created Date = 3/17/2008 6:37:37 PM | Attr = RHS] host.dll -> %SystemRoot%\System32\host.dll -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS] hostdrvxp.exe -> %SystemRoot%\System32\hostdrvxp.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] hotlink.dll -> %SystemRoot%\System32\hotlink.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] htmdeng.exe -> %SystemRoot%\System32\htmdeng.exe -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] httper.dll -> %SystemRoot%\System32\httper.dll -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] hz.dll -> %SystemRoot%\System32\hz.dll -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] i4n27vl.exe -> %SystemRoot%\System32\i4n27vl.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] ia.dll -> %SystemRoot%\System32\ia.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] iaspdpus.dll -> %SystemRoot%\System32\iaspdpus.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] icmpdx3j.dll -> %SystemRoot%\System32\icmpdx3j.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] ide -> %SystemRoot%\System32\ide -> [Ver = | Size = 248 bytes | Created Date = 3/17/2008 6:37:28 PM | Attr = RH ] idleui.dll -> %SystemRoot%\System32\idleui.dll -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] ie.dll -> %SystemRoot%\System32\ie.dll -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] ieaccess2.dll -> %SystemRoot%\System32\ieaccess2.dll -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] iebhos.dll -> %SystemRoot%\System32\iebhos.dll -> [Folder | Created Date = 3/17/2008 6:37:39 PM | Attr = RHS] iebrw.dll -> %SystemRoot%\System32\iebrw.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Created Date = 3/17/2008 6:51:29 PM | Attr = ] iedriver -> %SystemRoot%\System32\iedriver -> [Ver = | Size = 232 bytes | Created Date = 3/17/2008 6:37:46 PM | Attr = RH ] iefeatsl.dll -> %SystemRoot%\System32\iefeatsl.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] iefeatures.exe -> %SystemRoot%\System32\iefeatures.exe -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] iefeaturesversion.exe -> %SystemRoot%\System32\iefeaturesversion.exe -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] iefi.exe -> %SystemRoot%\System32\iefi.exe -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] iefy.exe -> %SystemRoot%\System32\iefy.exe -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] iehook.dll -> %SystemRoot%\System32\iehook.dll -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] iehost.exe -> %SystemRoot%\System32\iehost.exe -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] iehost34.exe -> %SystemRoot%\System32\iehost34.exe -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] iemonit.dll -> %SystemRoot%\System32\iemonit.dll -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] iemsg.dll -> %SystemRoot%\System32\iemsg.dll -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] iesearchbar.dll -> %SystemRoot%\System32\iesearchbar.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] ietie.dll -> %SystemRoot%\System32\ietie.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] ietoolbar.dll -> %SystemRoot%\System32\ietoolbar.dll -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] ieug32.exe -> %SystemRoot%\System32\ieug32.exe -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] iewe32.exe -> %SystemRoot%\System32\iewe32.exe -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] iexplorr11.dll -> %SystemRoot%\System32\iexplorr11.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] iexplorr22.dll -> %SystemRoot%\System32\iexplorr22.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] iexplorr23.dll -> %SystemRoot%\System32\iexplorr23.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] iexplorr24.dll -> %SystemRoot%\System32\iexplorr24.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] iexplorr25.dll -> %SystemRoot%\System32\iexplorr25.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] iexplorr26.dll -> %SystemRoot%\System32\iexplorr26.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] iexplorr27.dll -> %SystemRoot%\System32\iexplorr27.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] iexplorr29.dll -> %SystemRoot%\System32\iexplorr29.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] ie_clrsch.dll -> %SystemRoot%\System32\ie_clrsch.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] ifhelper.dll -> %SystemRoot%\System32\ifhelper.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] ifsomatic.dll -> %SystemRoot%\System32\ifsomatic.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] im64.dll -> %SystemRoot%\System32\im64.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] imesrdch.exe -> %SystemRoot%\System32\imesrdch.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] imgiant.dll -> %SystemRoot%\System32\imgiant.dll -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] in10b6s.dll -> %SystemRoot%\System32\in10b6s.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] ineb.dll -> %SystemRoot%\System32\ineb.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] inetp60.dll -> %SystemRoot%\System32\inetp60.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] iniwin32.dll -> %SystemRoot%\System32\iniwin32.dll -> [Folder | Created Date = 3/17/2008 6:37:39 PM | Attr = RHS] install_all.dll -> %SystemRoot%\System32\install_all.dll -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] instsrv.exe -> %SystemRoot%\System32\instsrv.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] internetfeatures.exe -> %SystemRoot%\System32\internetfeatures.exe -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] intfaxui.exe -> %SystemRoot%\System32\intfaxui.exe -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] intmon.exe -> %SystemRoot%\System32\intmon.exe -> [Folder | Created Date = 3/17/2008 6:37:55 PM | Attr = RHS] ipcclient.dll -> %SystemRoot%\System32\ipcclient.dll -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] ipclient.dll -> %SystemRoot%\System32\ipclient.dll -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] ipgs.exe -> %SystemRoot%\System32\ipgs.exe -> [Folder | Created Date = 3/17/2008 6:37:34 PM | Attr = RHS] iphj32.exe -> %SystemRoot%\System32\iphj32.exe -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] ippy.exe -> %SystemRoot%\System32\ippy.exe -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] ipst32.exe -> %SystemRoot%\System32\ipst32.exe -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] ipxrmfc4.dll -> %SystemRoot%\System32\ipxrmfc4.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] ipxwshel.exe -> %SystemRoot%\System32\ipxwshel.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] ir32racp.exe -> %SystemRoot%\System32\ir32racp.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] ishost.exe -> %SystemRoot%\System32\ishost.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] ismon.exe -> %SystemRoot%\System32\ismon.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] isnotify.exe -> %SystemRoot%\System32\isnotify.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] issearch.exe -> %SystemRoot%\System32\issearch.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] itunegui.exe -> %SystemRoot%\System32\itunegui.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] iuennwcf.dll -> %SystemRoot%\System32\iuennwcf.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] javex80.vxd -> %SystemRoot%\System32\javex80.vxd -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] javexulm.vxd -> %SystemRoot%\System32\javexulm.vxd -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] jehmbyxrubdb.dll -> %SystemRoot%\System32\jehmbyxrubdb.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] jeired.dll -> %SystemRoot%\System32\jeired.dll -> [Folder | Created Date = 3/17/2008 6:37:48 PM | Attr = RHS] jgdwadsn.dll -> %SystemRoot%\System32\jgdwadsn.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] jgdwadsn.exe -> %SystemRoot%\System32\jgdwadsn.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] jgsdrpcn.dll -> %SystemRoot%\System32\jgsdrpcn.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] jgsdrpcn.exe -> %SystemRoot%\System32\jgsdrpcn.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] jsdapi.exe -> %SystemRoot%\System32\jsdapi.exe -> [Folder | Created Date = 3/17/2008 6:37:43 PM | Attr = RHS] jusched32.exe -> %SystemRoot%\System32\jusched32.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] kbdfwshe.exe -> %SystemRoot%\System32\kbdfwshe.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] kbdpkbdr.exe -> %SystemRoot%\System32\kbdpkbdr.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] keyactivex.ocx -> %SystemRoot%\System32\keyactivex.ocx -> [Folder | Created Date = 3/17/2008 6:37:48 PM | Attr = RHS] keyhost.exe -> %SystemRoot%\System32\keyhost.exe -> [Folder | Created Date = 3/17/2008 6:37:48 PM | Attr = RHS] keymap.dll -> %SystemRoot%\System32\keymap.dll -> [Folder | Created Date = 3/17/2008 6:37:40 PM | Attr = RHS] kha.dll -> %SystemRoot%\System32\kha.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] klo5.sys -> %SystemRoot%\System32\klo5.sys -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] kncjmlb.dll -> %SystemRoot%\System32\kncjmlb.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] ladchkr.exe -> %SystemRoot%\System32\ladchkr.exe -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] lanh32.dll -> %SystemRoot%\System32\lanh32.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] lanmui.dll -> %SystemRoot%\System32\lanmui.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] laziqn.exe -> %SystemRoot%\System32\laziqn.exe -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] lcch.dat -> %SystemRoot%\System32\lcch.dat -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] lcd32.exe -> %SystemRoot%\System32\lcd32.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] lien van de kelder.exe -> %SystemRoot%\System32\lien van de kelder.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] lien Van de kelderrr.exe -> %SystemRoot%\System32\lien Van de kelderrr.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] lien vande kelder.exe -> %SystemRoot%\System32\lien vande kelder.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] lien vd kelder.exe -> %SystemRoot%\System32\lien vd kelder.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] lientjeuh.exe -> %SystemRoot%\System32\lientjeuh.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] lienvandekelder.exe -> %SystemRoot%\System32\lienvandekelder.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] lienvdk.exe -> %SystemRoot%\System32\lienvdk.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] links.dll -> %SystemRoot%\System32\links.dll -> [Folder | Created Date = 3/17/2008 6:37:40 PM | Attr = RHS] ljjhh.dll -> %SystemRoot%\System32\ljjhh.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] lmrtatkc.dll -> %SystemRoot%\System32\lmrtatkc.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] ln_reco.exe -> %SystemRoot%\System32\ln_reco.exe -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] loader_name.exe -> %SystemRoot%\System32\loader_name.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] loader_name.exeopen -> %SystemRoot%\System32\loader_name.exeopen -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] loader_name.exeopenopen -> %SystemRoot%\System32\loader_name.exeopenopen -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] localnrd.dll -> %SystemRoot%\System32\localnrd.dll -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS] logic.exe -> %SystemRoot%\System32\logic.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] logitechwls.exe -> %SystemRoot%\System32\logitechwls.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] lp.dll -> %SystemRoot%\System32\lp.dll -> [Folder | Created Date = 3/17/2008 6:37:54 PM | Attr = RHS] lp.exe -> %SystemRoot%\System32\lp.exe -> [Folder | Created Date = 3/17/2008 6:37:54 PM | Attr = RHS] lspak.dll -> %SystemRoot%\System32\lspak.dll -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS] lstb4drc.dll -> %SystemRoot%\System32\lstb4drc.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] lstb4drc.exe -> %SystemRoot%\System32\lstb4drc.exe -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] lut.dat -> %SystemRoot%\System32\lut.dat -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] lwz.dll -> %SystemRoot%\System32\lwz.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] madise.dll -> %SystemRoot%\System32\madise.dll -> [Folder | Created Date = 3/17/2008 6:37:49 PM | Attr = RHS] mailinfo.exe -> %SystemRoot%\System32\mailinfo.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] mapisvc32.exe -> %SystemRoot%\System32\mapisvc32.exe -> [Folder | Created Date = 3/17/2008 6:37:49 PM | Attr = RHS] mbr32.dll -> %SystemRoot%\System32\mbr32.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] mcd3mscm.dll -> %SystemRoot%\System32\mcd3mscm.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] mcscn.exe -> %SystemRoot%\System32\mcscn.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] memloader.exe -> %SystemRoot%\System32\memloader.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] memlow.sys -> %SystemRoot%\System32\memlow.sys -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] messenger.lib.exe -> %SystemRoot%\System32\messenger.lib.exe -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] mfcgt32.exe -> %SystemRoot%\System32\mfcgt32.exe -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] mfcqc32.exe -> %SystemRoot%\System32\mfcqc32.exe -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] mfcuo.exe -> %SystemRoot%\System32\mfcuo.exe -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] mgeekremove.exe -> %SystemRoot%\System32\mgeekremove.exe -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] mgmtmtxc.exe -> %SystemRoot%\System32\mgmtmtxc.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] mgs_32.dll -> %SystemRoot%\System32\mgs_32.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] microsystem.exe -> %SystemRoot%\System32\microsystem.exe -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] microupdate.exe -> %SystemRoot%\System32\microupdate.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] mid.dll -> %SystemRoot%\System32\mid.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] mmview_101.dll -> %SystemRoot%\System32\mmview_101.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] mmx17g.dll -> %SystemRoot%\System32\mmx17g.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] mmx432.dll -> %SystemRoot%\System32\mmx432.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] mmx4xt.dll -> %SystemRoot%\System32\mmx4xt.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] mmxf32.dll -> %SystemRoot%\System32\mmxf32.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] mmxf64.sys -> %SystemRoot%\System32\mmxf64.sys -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] mouse.exe -> %SystemRoot%\System32\mouse.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] mpz300.dll -> %SystemRoot%\System32\mpz300.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] mqadscp3.exe -> %SystemRoot%\System32\mqadscp3.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] mqexdlm.srg -> %SystemRoot%\System32\mqexdlm.srg -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] mqoacdmo.dll -> %SystemRoot%\System32\mqoacdmo.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] mrkscr.exe -> %SystemRoot%\System32\mrkscr.exe -> [Folder | Created Date = 3/17/2008 6:37:55 PM | Attr = RHS] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 118 bytes | Created Date = 1/5/2008 5:35:42 PM | Attr = ] msa64chk.dll -> %SystemRoot%\System32\msa64chk.dll -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] msafiasn.dll -> %SystemRoot%\System32\msafiasn.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] msapasrc.dll -> %SystemRoot%\System32\msapasrc.dll -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] msbe.dll -> %SystemRoot%\System32\msbe.dll -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] mscache.dll -> %SystemRoot%\System32\mscache.dll -> [Folder | Created Date = 3/17/2008 6:37:48 PM | Attr = RHS] mscb.dll -> %SystemRoot%\System32\mscb.dll -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] msccof.exe -> %SystemRoot%\System32\msccof.exe -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] mscdka.dll -> %SystemRoot%\System32\mscdka.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msconfd.dll -> %SystemRoot%\System32\msconfd.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] mscornet.exe -> %SystemRoot%\System32\mscornet.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] mscpbo.exe -> %SystemRoot%\System32\mscpbo.exe -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msdaim.dll -> %SystemRoot%\System32\msdaim.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msdev32.exe -> %SystemRoot%\System32\msdev32.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] msdlgk.dll -> %SystemRoot%\System32\msdlgk.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] mseclk.dll -> %SystemRoot%\System32\mseclk.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msedah.dll -> %SystemRoot%\System32\msedah.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] mseffm.dll -> %SystemRoot%\System32\mseffm.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msegcompid.dll -> %SystemRoot%\System32\msegcompid.dll -> [Folder | Created Date = 3/17/2008 6:37:49 PM | Attr = RHS] mseggrpid.dll -> %SystemRoot%\System32\mseggrpid.dll -> [Folder | Created Date = 3/17/2008 6:37:48 PM | Attr = RHS] msenfh.dll -> %SystemRoot%\System32\msenfh.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msexcred.exe -> %SystemRoot%\System32\msexcred.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] msexreg.exe -> %SystemRoot%\System32\msexreg.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] msfaol.dll -> %SystemRoot%\System32\msfaol.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msgdmf.exe -> %SystemRoot%\System32\msgdmf.exe -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msgmr.exe -> %SystemRoot%\System32\msgmr.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] mshelper.dll -> %SystemRoot%\System32\mshelper.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] msibkd.dll -> %SystemRoot%\System32\msibkd.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msiebho.dll -> %SystemRoot%\System32\msiebho.dll -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] msiefr40.dll -> %SystemRoot%\System32\msiefr40.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] msiein.dll -> %SystemRoot%\System32\msiein.dll -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] msielink.dll -> %SystemRoot%\System32\msielink.dll -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] msiesh.dll -> %SystemRoot%\System32\msiesh.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] msietk1020.dll -> %SystemRoot%\System32\msietk1020.dll -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] msinfosys.dll -> %SystemRoot%\System32\msinfosys.dll -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] msipcsv.exe -> %SystemRoot%\System32\msipcsv.exe -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] msjfbl.dll -> %SystemRoot%\System32\msjfbl.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] mskceo.dll -> %SystemRoot%\System32\mskceo.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] mskehb.dll -> %SystemRoot%\System32\mskehb.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] mskhhe.dll -> %SystemRoot%\System32\mskhhe.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msklive.dll -> %SystemRoot%\System32\msklive.dll -> [Folder | Created Date = 3/17/2008 6:37:49 PM | Attr = RHS] mskpkc.dll -> %SystemRoot%\System32\mskpkc.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] mslefh.dll -> %SystemRoot%\System32\mslefh.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] mslsicwd.dll -> %SystemRoot%\System32\mslsicwd.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] mslspcg.exe -> %SystemRoot%\System32\mslspcg.exe -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] msmc.exe -> %SystemRoot%\System32\msmc.exe -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msmdld.DLL -> %SystemRoot%\System32\msmdld.DLL -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msmgrxp.exe -> %SystemRoot%\System32\msmgrxp.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] msmm.exe -> %SystemRoot%\System32\msmm.exe -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msnavc32.exe -> %SystemRoot%\System32\msnavc32.exe -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS] msncjk.dll -> %SystemRoot%\System32\msncjk.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msnkmi.dll -> %SystemRoot%\System32\msnkmi.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] msnl.exe -> %SystemRoot%\System32\msnl.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] msnsxole.dll -> %SystemRoot%\System32\msnsxole.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] msnsxole.exe -> %SystemRoot%\System32\msnsxole.exe -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] msobfl.dll -> %SystemRoot%\System32\msobfl.dll -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] msongn.exe -> %SystemRoot%\System32\msongn.exe -> [Folder | Created Date = 3/17/2008 6:37:32 PM | Attr = RHS] msph32.exe -> %SystemRoot%\System32\msph32.exe -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] msplus.dll -> %SystemRoot%\System32\msplus.dll -> [Folder | Created Date = 3/17/2008 6:37:55 PM | Attr = RHS] msplus1.dll -> %SystemRoot%\System32\msplus1.dll -> [Folder | Created Date = 3/17/2008 6:37:55 PM | Attr = RHS] msplus2.dll -> %SystemRoot%\System32\msplus2.dll -> [Folder | Created Date = 3/17/2008 6:37:55 PM | Attr = RHS] msplus3.dll -> %SystemRoot%\System32\msplus3.dll -> [Folder | Created Date = 3/17/2008 6:37:55 PM | Attr = RHS] msplus32.exe -> %SystemRoot%\System32\msplus32.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] msplus4.dll -> %SystemRoot%\System32\msplus4.dll -> [Folder | Created Date = 3/17/2008 6:37:55 PM | Attr = RHS] msqsb.dll -> %SystemRoot%\System32\msqsb.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] mssck.exe -> %SystemRoot%\System32\mssck.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] mssearch.dll -> %SystemRoot%\System32\mssearch.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] mssearchnet.exe -> %SystemRoot%\System32\mssearchnet.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] msspi.dll -> %SystemRoot%\System32\msspi.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] msstersv.dll -> %SystemRoot%\System32\msstersv.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] mssz32.dll -> %SystemRoot%\System32\mssz32.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] msview.dll -> %SystemRoot%\System32\msview.dll -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS] msxct.exe -> %SystemRoot%\System32\msxct.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] msxml4r.exe -> %SystemRoot%\System32\msxml4r.exe -> [Folder | Created Date = 3/17/2008 6:37:49 PM | Attr = RHS] msxmlpp.dll -> %SystemRoot%\System32\msxmlpp.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] msxver64.sqr -> %SystemRoot%\System32\msxver64.sqr -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] mtc.dll -> %SystemRoot%\System32\mtc.dll -> [Folder | Created Date = 3/17/2008 6:37:49 PM | Attr = RHS] mtrnqs.exe -> %SystemRoot%\System32\mtrnqs.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] mtwirl32.dll -> %SystemRoot%\System32\mtwirl32.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] mupdate.exe -> %SystemRoot%\System32\mupdate.exe -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] myaccess.dll -> %SystemRoot%\System32\myaccess.dll -> [Folder | Created Date = 3/17/2008 6:37:49 PM | Attr = RHS] myad.dll -> %SystemRoot%\System32\myad.dll -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS] mygeek.dll -> %SystemRoot%\System32\mygeek.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] n3tpa1p.dll -> %SystemRoot%\System32\n3tpa1p.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] nas.dll -> %SystemRoot%\System32\nas.dll -> [Folder | Created Date = 3/17/2008 6:37:49 PM | Attr = RHS] navext.dll -> %SystemRoot%\System32\navext.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] ndrv.dll -> %SystemRoot%\System32\ndrv.dll -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] ndrv.exe -> %SystemRoot%\System32\ndrv.exe -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] netcog.exe -> %SystemRoot%\System32\netcog.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] netjh32.exe -> %SystemRoot%\System32\netjh32.exe -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] netut80ex.vxd -> %SystemRoot%\System32\netut80ex.vxd -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] newmsrdk2.zip -> %SystemRoot%\System32\newmsrdk2.zip -> [Folder | Created Date = 3/17/2008 6:37:37 PM | Attr = RHS] nkgfs.sys -> %SystemRoot%\System32\nkgfs.sys -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] nnmzoq.exe -> %SystemRoot%\System32\nnmzoq.exe -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] nn_bar.dll -> %SystemRoot%\System32\nn_bar.dll -> [Folder | Created Date = 3/17/2008 6:37:49 PM | Attr = RHS] nn_bar21.dll -> %SystemRoot%\System32\nn_bar21.dll -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] nn_bar22.dll -> %SystemRoot%\System32\nn_bar22.dll -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] nn_bar31.dll -> %SystemRoot%\System32\nn_bar31.dll -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] norton update.exe -> %SystemRoot%\System32\norton update.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] ntdx.exe -> %SystemRoot%\System32\ntdx.exe -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] nvapps.nvb -> %SystemRoot%\System32\nvapps.nvb -> [Ver = | Size = 159458 bytes | Created Date = 3/22/2008 7:46:24 PM | Attr = ] nvctrl.exe -> %SystemRoot%\System32\nvctrl.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] nvms.dll -> %SystemRoot%\System32\nvms.dll -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] nvrcr32.dll -> %SystemRoot%\System32\nvrcr32.dll -> [Folder | Created Date = 3/17/2008 6:37:40 PM | Attr = RHS] oebdfc.dll -> %SystemRoot%\System32\oebdfc.dll -> [Folder | Created Date = 3/17/2008 6:37:58 PM | Attr = RHS] ofrg.dll -> %SystemRoot%\System32\ofrg.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] ogg.dll -> %SystemRoot%\System32\ogg.dll -> [Ver = | Size = 49152 bytes | Created Date = 3/22/2008 9:49:14 PM | Attr = R ] oifhhio.dll -> %SystemRoot%\System32\oifhhio.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] oipa.dll -> %SystemRoot%\System32\oipa.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] olehelp.exe -> %SystemRoot%\System32\olehelp.exe -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] oo4.dll -> %SystemRoot%\System32\oo4.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] opc.dll -> %SystemRoot%\System32\opc.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] optserve.dll -> %SystemRoot%\System32\optserve.dll -> [Folder | Created Date = 3/17/2008 6:37:54 PM | Attr = RHS] optserve.exe -> %SystemRoot%\System32\optserve.exe -> [Folder | Created Date = 3/17/2008 6:37:54 PM | Attr = RHS] osalogbe.exe -> %SystemRoot%\System32\osalogbe.exe -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] otw0i.dll -> %SystemRoot%\System32\otw0i.dll -> [Folder | Created Date = 3/17/2008 6:37:41 PM | Attr = RHS] patch31345.exe -> %SystemRoot%\System32\patch31345.exe -> [Folder | Created Date = 3/17/2008 6:37:50 PM | Attr = RHS] pavb1u2.exe -> %SystemRoot%\System32\pavb1u2.exe -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] pdfzzy.dll -> %SystemRoot%\System32\pdfzzy.dll -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] pdx.dll -> %SystemRoot%\System32\pdx.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] per.exe -> %SystemRoot%\System32\per.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] phantom.exe -> %SystemRoot%\System32\phantom.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] picx.exe -> %SystemRoot%\System32\picx.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] plugnplay32.exe -> %SystemRoot%\System32\plugnplay32.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] pnkeb.dll -> %SystemRoot%\System32\pnkeb.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] pnp.exe -> %SystemRoot%\System32\pnp.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] polau2c.exe -> %SystemRoot%\System32\polau2c.exe -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] poller.exe -> %SystemRoot%\System32\poller.exe -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] pptp16.dll -> %SystemRoot%\System32\pptp16.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] pptp24.sys -> %SystemRoot%\System32\pptp24.sys -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] pptp32.dll -> %SystemRoot%\System32\pptp32.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] ppts16.dll -> %SystemRoot%\System32\ppts16.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] pqhelper.dll -> %SystemRoot%\System32\pqhelper.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] preload.ocx -> %SystemRoot%\System32\preload.ocx -> [Folder | Created Date = 3/17/2008 6:37:45 PM | Attr = RHS] Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 3/17/2008 6:51:28 PM | Attr = ] protection.exe -> %SystemRoot%\System32\protection.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] prutpct.exe -> %SystemRoot%\System32\prutpct.exe -> [Folder | Created Date = 3/17/2008 6:37:39 PM | Attr = RHS] prutsct.exe -> %SystemRoot%\System32\prutsct.exe -> [Folder | Created Date = 3/17/2008 6:37:39 PM | Attr = RHS] pruttct.exe -> %SystemRoot%\System32\pruttct.exe -> [Folder | Created Date = 3/17/2008 6:37:39 PM | Attr = RHS] ptech.exe -> %SystemRoot%\System32\ptech.exe -> [Folder | Created Date = 3/17/2008 6:37:39 PM | Attr = RHS] pup.exe -> %SystemRoot%\System32\pup.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] qdvtscf.dll -> %SystemRoot%\System32\qdvtscf.dll -> [Folder | Created Date = 3/17/2008 6:37:59 PM | Attr = RHS] qo.dll -> %SystemRoot%\System32\qo.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] qo.sys -> %SystemRoot%\System32\qo.sys -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] quicklaunchie.dll -> %SystemRoot%\System32\quicklaunchie.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] qy.sys -> %SystemRoot%\System32\qy.sys -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] qz.dll -> %SystemRoot%\System32\qz.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] qz.sys -> %SystemRoot%\System32\qz.sys -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] randreco.exe -> %SystemRoot%\System32\randreco.exe -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] rcbdwmpd.dll -> %SystemRoot%\System32\rcbdwmpd.dll -> [Folder | Created Date = 3/17/2008 6:37:59 PM | Attr = RHS] rdpwmsjt.exe -> %SystemRoot%\System32\rdpwmsjt.exe -> [Folder | Created Date = 3/17/2008 6:37:59 PM | Attr = RHS] reg2.exe -> %SystemRoot%\System32\reg2.exe -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] regp32.dll -> %SystemRoot%\System32\regp32.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] regperf.exe -> %SystemRoot%\System32\regperf.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] regsvc32.exe -> %SystemRoot%\System32\regsvc32.exe -> [Folder | Created Date = 3/17/2008 6:37:26 PM | Attr = RHS] rem00001.dll -> %SystemRoot%\System32\rem00001.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] replmap.dll -> %SystemRoot%\System32\replmap.dll -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] re_file.exe -> %SystemRoot%\System32\re_file.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] rk.exe -> %SystemRoot%\System32\rk.exe -> [Folder | Created Date = 3/17/2008 6:37:55 PM | Attr = RHS] rkinstaller.exe -> %SystemRoot%\System32\rkinstaller.exe -> [Folder | Created Date = 3/17/2008 6:37:55 PM | Attr = RHS] rlvknlg.exe -> %SystemRoot%\System32\rlvknlg.exe -> [Folder | Created Date = 3/17/2008 6:37:55 PM | Attr = RHS] rmashlex.dll -> %SystemRoot%\System32\rmashlex.dll -> [Folder | Created Date = 3/17/2008 6:37:40 PM | Attr = RHS] rsp.dll -> %SystemRoot%\System32\rsp.dll -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] rsp001.dll -> %SystemRoot%\System32\rsp001.dll -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] rsstoolbar.dll -> %SystemRoot%\System32\rsstoolbar.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] rulesak.dll -> %SystemRoot%\System32\rulesak.dll -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS] rundll.exe -> %SystemRoot%\System32\rundll.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = ] rundll16.dll -> %SystemRoot%\System32\rundll16.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] rundnm.exe -> %SystemRoot%\System32\rundnm.exe -> [Folder | Created Date = 3/17/2008 6:37:38 PM | Attr = RHS] rvreg.exe -> %SystemRoot%\System32\rvreg.exe -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS] s4helper.dll -> %SystemRoot%\System32\s4helper.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] safesearch.dll -> %SystemRoot%\System32\safesearch.dll -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] sbus.dll -> %SystemRoot%\System32\sbus.dll -> [Folder | Created Date = 3/17/2008 6:37:47 PM | Attr = RHS] scalpe91.exe -> %SystemRoot%\System32\scalpe91.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] scp3jgaw.dll -> %SystemRoot%\System32\scp3jgaw.dll -> [Folder | Created Date = 3/17/2008 6:37:59 PM | Attr = RHS] scrigz.exe -> %SystemRoot%\System32\scrigz.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] sd.exe -> %SystemRoot%\System32\sd.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] sd16win.dll -> %SystemRoot%\System32\sd16win.dll -> [Folder | Created Date = 3/17/2008 6:37:59 PM | Attr = RHS] sdkdh.exe -> %SystemRoot%\System32\sdkdh.exe -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] sdkhb32.exe -> %SystemRoot%\System32\sdkhb32.exe -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] sdkly.exe -> %SystemRoot%\System32\sdkly.exe -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] sdmapi.sys -> %SystemRoot%\System32\sdmapi.sys -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] seantb.dll -> %SystemRoot%\System32\seantb.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] searchaddon.dll -> %SystemRoot%\System32\searchaddon.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] searchsquire.dll -> %SystemRoot%\System32\searchsquire.dll -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] searchsquire2.dll -> %SystemRoot%\System32\searchsquire2.dll -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] searchsquire3.dll -> %SystemRoot%\System32\searchsquire3.dll -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] searchsquire33.dll -> %SystemRoot%\System32\searchsquire33.dll -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] searchupdate31.exe -> %SystemRoot%\System32\searchupdate31.exe -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] searchupdate33.exe -> %SystemRoot%\System32\searchupdate33.exe -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] secumsje.exe -> %SystemRoot%\System32\secumsje.exe -> [Folder | Created Date = 3/17/2008 6:37:59 PM | Attr = RHS] sed.exe -> %SystemRoot%\System32\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 3/22/2008 6:41:56 PM | Attr = ] semd32.dll -> %SystemRoot%\System32\semd32.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] seqsb.dll -> %SystemRoot%\System32\seqsb.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] sertgs.dll -> %SystemRoot%\System32\sertgs.dll -> [Folder | Created Date = 3/17/2008 6:37:44 PM | Attr = RHS] servehost.exe -> %SystemRoot%\System32\servehost.exe -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] service5.exe -> %SystemRoot%\System32\service5.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] services -> %SystemRoot%\System32\services -> [Ver = | Size = 242 bytes | Created Date = 3/17/2008 6:37:35 PM | Attr = RH ] servises.exe -> %SystemRoot%\System32\servises.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] shell.exe -> %SystemRoot%\System32\shell.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] shfoxpob.exe -> %SystemRoot%\System32\shfoxpob.exe -> [Folder | Created Date = 3/17/2008 6:37:59 PM | Attr = RHS] shnlog.exe -> %SystemRoot%\System32\shnlog.exe -> [Folder | Created Date = 3/17/2008 6:37:55 PM | Attr = RHS] sksdrvr2.sys -> %SystemRoot%\System32\sksdrvr2.sys -> [Folder | Created Date = 3/17/2008 6:37:45 PM | Attr = RHS] skybot.exe -> %SystemRoot%\System32\skybot.exe -> [Folder | Created Date = 3/17/2008 6:37:52 PM | Attr = RHS] skytown.exe -> %SystemRoot%\System32\skytown.exe -> [Folder | Created Date = 3/17/2008 6:37:39 PM | Attr = RHS] skyx16.dll -> %SystemRoot%\System32\skyx16.dll -> [Folder | Created Date = 3/17/2008 6:37:45 PM | Attr = RHS] slbipsch.dll -> %SystemRoot%\System32\slbipsch.dll -> [Folder | Created Date = 3/17/2008 6:37:59 PM | Attr = RHS] slbipsch.exe -> %SystemRoot%\System32\slbipsch.exe -> [Folder | Created Date = 3/17/2008 6:37:59 PM | Attr = RHS] slbrmqtr.exe -> %SystemRoot%\System32\slbrmqtr.exe -> [Folder | Created Date = 3/17/2008 6:37:59 PM | Attr = RHS] slpube03.dll -> %SystemRoot%\System32\slpube03.dll -> [Folder | Created Date = 3/17/2008 6:37:54 PM | Attr = RHS] smdnn05.dll -> %SystemRoot%\System32\smdnn05.dll -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] smtapi.sys -> %SystemRoot%\System32\smtapi.sys -> [Folder | Created Date = 3/17/2008 6:37:45 PM | Attr = RHS] snda32.dll -> %SystemRoot%\System32\snda32.dll -> [Folder | Created Date = 3/17/2008 6:37:45 PM | Attr = RHS] sndu32.dll -> %SystemRoot%\System32\sndu32.dll -> [Folder | Created Date = 3/17/2008 6:37:45 PM | Attr = RHS] snmpmssw.exe -> %SystemRoot%\System32\snmpmssw.exe -> [Folder | Created Date = 3/17/2008 6:37:59 PM | Attr = RHS] socul.dll -> %SystemRoot%\System32\socul.dll -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] sodahk.dll -> %SystemRoot%\System32\sodahk.dll -> [Folder | Created Date = 3/17/2008 6:37:57 PM | Attr = RHS] somatic.dll -> %SystemRoot%\System32\somatic.dll -> [Folder | Created Date = 3/17/2008 6:37:56 PM | Attr = RHS] sp2fx.exe -> %SystemRoot%\System32\sp2fx.exe -> [Folder | Created Date = 3/17/2008 6:37:52 PM | Attr = RHS] sp2winfix.exe -> %SystemRoot%\System32\sp2winfix.exe -> [Folder | Created Date = 3/17/2008 6:37:52 PM | Attr = RHS] speeder.exe -> %SystemRoot%\System32\speeder.exe -> [Folder | Created Date = 3/17/2008 6:37:55 PM | Attr = RHS] spwgoc.exe -> %SystemRoot%\System32\spwgoc.exe -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS] sqlbgb.dll -> %SystemRoot%\System32\sqlbgb.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 3/17/2008 6:51:28 PM | Attr = ] ss.dll -> %SystemRoot%\System32\ss.dll -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] ss32.dll -> %SystemRoot%\System32\ss32.dll -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] stagmr.exe -> %SystemRoot%\System32\stagmr.exe -> [Folder | Created Date = 3/17/2008 6:37:52 PM | Attr = RHS] stcloader.exe -> %SystemRoot%\System32\stcloader.exe -> [Folder | Created Date = 3/17/2008 6:37:27 PM | Attr = RHS] stlbad123.dll -> %SystemRoot%\System32\stlbad123.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] stlbdist.dll -> %SystemRoot%\System32\stlbdist.dll -> [Folder | Created Date = 3/17/2008 6:37:30 PM | Attr = RHS] stlbupdt.dll -> %SystemRoot%\System32\stlbupdt.dll -> [Folder | Created Date = 3/17/2008 6:37:31 PM | Attr = RHS] stmtreco.exe -> %SystemRoot%\System32\stmtreco.exe -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] submithook.dll -> %SystemRoot%\System32\submithook.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] support.exe -> %SystemRoot%\System32\support.exe -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] susp_reco.exe -> %SystemRoot%\System32\susp_reco.exe -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] svjvpn.sys -> %SystemRoot%\System32\svjvpn.sys -> [Folder | Created Date = 3/17/2008 6:37:45 PM | Attr = RHS] svkvpn.dll -> %SystemRoot%\System32\svkvpn.dll -> [Folder | Created Date = 3/17/2008 6:37:45 PM | Attr = RHS] svkvpn.sys -> %SystemRoot%\System32\svkvpn.sys -> [Folder | Created Date = 3/17/2008 6:37:45 PM | Attr = RHS] sword.exe -> %SystemRoot%\System32\sword.exe -> [Folder | Created Date = 3/17/2008 6:37:52 PM | Attr = RHS] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 3/17/2008 6:51:28 PM | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 3/17/2008 6:51:28 PM | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 3/17/2008 6:51:29 PM | Attr = ] sysconf.exe -> %SystemRoot%\System32\sysconf.exe -> [Folder | Created Date = 3/17/2008 6:37:52 PM | Attr = RHS] sysdll32.dll -> %SystemRoot%\System32\sysdll32.dll -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] sysldr.dll -> %SystemRoot%\System32\sysldr.dll -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] sysmonnt.exe -> %SystemRoot%\System32\sysmonnt.exe -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS] systemout.exe -> %SystemRoot%\System32\systemout.exe -> [Folder | Created Date = 3/17/2008 6:38:02 PM | Attr = RHS] sys_ext.dll -> %SystemRoot%\System32\sys_ext.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] sys_xp.exe -> %SystemRoot%\System32\sys_xp.exe -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] sys_xp.exeopen -> %SystemRoot%\System32\sys_xp.exeopen -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] sys_xp.exeopenopen -> %SystemRoot%\System32\sys_xp.exeopenopen -> [Folder | Created Date = 3/17/2008 6:37:29 PM | Attr = RHS] tagmr.exe -> %SystemRoot%\System32\tagmr.exe -> [Folder | Created Date = 3/17/2008 6:37:52 PM | Attr = RHS] taskgamr.exe -> %SystemRoot%\System32\taskgamr.exe -> [Folder | Created Date = 3/17/2008 6:37:52 PM | Attr = RHS] taskgmr32.exe -> %SystemRoot%\System32\taskgmr32.exe -> [Folder | Created Date = 3/17/2008 6:37:52 PM | Attr = RHS] tbc.dll -> %SystemRoot%\System32\tbc.dll -> [Folder | Created Date = 3/17/2008 6:37:49 PM | Attr = RHS] tconini.dat -> %SystemRoot%\System32\tconini.dat -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] tcpr32.dll -> %SystemRoot%\System32\tcpr32.dll -> [Folder | Created Date = 3/17/2008 6:37:45 PM | Attr = RHS] td1.dll -> %SystemRoot%\System32\td1.dll -> [Folder | Created Date = 3/17/2008 6:37:42 PM | Attr = RHS] tfde.dll -> %SystemRoot%\System32\tfde.dll -> [Folder | Created Date = 3/17/2008 6:37:28 PM | Attr = RHS] ticads.exe -> %SystemRoot%\System32\ticads.exe -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] ticont.dll -> %SystemRoot%\System32\ticont.dll -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] timemanager.exe -> %SystemRoot%\System32\timemanager.exe -> [Folder | Created Date = 3/17/2008 6:37:52 PM | Attr = RHS] timesrv.exe -> %SystemRoot%\System32\timesrv.exe -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] tipp.dat -> %SystemRoot%\System32\tipp.dat -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] tippcls.dat -> %SystemRoot%\System32\tippcls.dat -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] tips.exe -> %SystemRoot%\System32\tips.exe -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] tisa.cnf -> %SystemRoot%\System32\tisa.cnf -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] tisa.dll -> %SystemRoot%\System32\tisa.dll -> [Folder | Created Date = 3/17/2008 6:38:00 PM | Attr = RHS] toolband.dll -> %SystemRoot%\System32\toolband.dll -> [Folder | Created Date = 3/17/2008 6:37:35 PM | Attr = RHS] toolbar.dll -> %SystemRoot%\System32\toolbar.dll -> [Folder | Created Date = 3/17/2008 6:37:48 PM | Attr = RHS] tps108.dll -> %SystemRoot%\System32\tps108.dll -> [Folder | Created Date = 3/17/2008 6:38:01 PM | Attr = RHS]