[code] OTScanIt logfile created on: 3/23/2008 3:40:34 PM OTScanIt by OldTimer - Version 1.0.6.0 Folder = C:\Documents and Settings\Bryan\Desktop\MALWARE PROGRAMS\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.48 Mb Total Physical Memory | 177.40 Mb Available Physical Memory | 34.68% Memory free 1.22 Gb Paging File | 0.94 Gb Available in Paging File | 77.18% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 27.58 Gb Free Space | 37.01% Space Free | Partition Type: NTFS Drive D: | 476.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BRIAN Current User Name: Bryan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] isafe.exe -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 259184 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] kodakccs.exe -> %SystemRoot%\system32\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.4900.0 | Size = 294972 bytes | Modified Date = 6/18/2003 10:54:10 AM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ] scsiaccess.exe -> %SystemRoot%\system32\ScsiAccess.EXE -> [Ver = | Size = 181312 bytes | Modified Date = 2/4/2003 9:22:30 AM | Attr = ] vetmsg.exe -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 201840 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] yop.exe -> %ProgramFiles%\Yahoo!\YOP\yop.exe -> Yahoo! Inc. [Ver = 2006, 7, 20, 1 | Size = 407032 bytes | Modified Date = 7/21/2006 11:43:10 AM | Attr = ] usrmlnka.exe -> %SystemRoot%\system32\usrmlnka.exe -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 77891 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 1/1/2005 11:11:21 AM | Attr = ] nvmixertray.exe -> %ProgramFiles%\NVIDIA Corporation\NvMixer\NvMixerTray.exe -> NVIDIA Corporation [Ver = 1.0.451 | Size = 131072 bytes | Modified Date = 12/20/2004 5:12:36 PM | Attr = ] motivesb.exe -> %ProgramFiles%\SBC Self Support Tool\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.6.7.asst_classic.smartbridge.20031210_035000 | Size = 380928 bytes | Modified Date = 12/10/2003 4:52:40 AM | Attr = ] ipmon32.exe -> %ProgramFiles%\Visual Networks\Visual IP InSight\SBC\ipmon32.exe -> Visual Networks [Ver = 5.8.0.13 | Size = 122880 bytes | Modified Date = 6/11/2003 1:52:26 AM | Attr = ] ipclient.exe -> %ProgramFiles%\Visual Networks\Visual IP InSight\SBC\IPClient.exe -> Visual Networks [Ver = 5.8.0.13 | Size = 380928 bytes | Modified Date = 6/11/2003 1:52:24 AM | Attr = ] hpi_jetsend.exe -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe -> [Ver = 2.5.0.1 | Size = 585728 bytes | Modified Date = 8/22/2000 1:24:46 PM | Attr = ] hphmon05.exe -> %SystemRoot%\system32\hphmon05.exe -> Hewlett-Packard [Ver = 5,2,10 | Size = 495616 bytes | Modified Date = 2/2/2004 4:41:58 AM | Attr = ] hpztsb09.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.241.0.0 | Size = 176128 bytes | Modified Date = 12/4/2003 8:44:34 AM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 1/12/2005 2:54:58 PM | Attr = ] hpi_monitor.exe -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe -> Hewlett-Packard Company [Ver = 2.5.0.1 | Size = 32768 bytes | Modified Date = 8/22/2000 1:20:10 PM | Attr = ] cavrid.exe -> %ProgramFiles%\Yahoo!\Antivirus\CAVRid.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 185456 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] cavtray.exe -> %ProgramFiles%\Yahoo!\Antivirus\CAVTray.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 230512 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] cfd.exe -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 9:26:26 PM | Attr = ] usrshuta.exe -> %SystemRoot%\system32\usrshuta.exe -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 69700 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ] usrmlnka.exe -> %SystemRoot%\system32\usrmlnka.exe -> U.S. Robotics Corporation [Ver = 4. 11. 21 | Size = 77891 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 5:25:21 AM | Attr = ] mssysmgr.exe -> %ProgramFiles%\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe -> Simple Star, Inc. [Ver = 3.0.0.0 | Size = 163840 bytes | Modified Date = 1/21/2005 8:04:42 PM | Attr = ] reminder.exe -> %ProgramFiles%\U.S. Robotics\ControlCenter\Reminder.exe -> [Ver = | Size = 529920 bytes | Modified Date = 12/21/2001 6:05:58 PM | Attr = ] easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 2, 0, 4, 237 | Size = 614531 bytes | Modified Date = 6/25/2003 7:25:38 AM | Attr = ] trueassistant.exe -> %ProgramFiles%\TrueAssistant\TrueAssistant.exe -> Esaya, Inc. [Ver = 2, 1, 3, 5 | Size = 468992 bytes | Modified Date = 1/23/2006 2:30:56 PM | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 5/14/2003 2:45:04 AM | Attr = R ] ycommon.exe -> %ProgramFiles%\Yahoo!\browser\ycommon.exe -> Yahoo!, Inc. [Ver = 2006, 3, 2, 1 | Size = 200704 bytes | Modified Date = 3/3/2006 3:18:10 PM | Attr = ] ocrawr32.exe -> %SystemDrive%\OPLIMIT\OCRAWR32.EXE -> Caere Corporation [Ver = 5, 0, 0, 1 | Size = 41984 bytes | Modified Date = 3/19/1998 4:22:02 PM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 3/16/2008 9:31:37 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\MALWARE PROGRAMS\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.6.0 | Size = 311808 bytes | Modified Date = 3/19/2008 6:01:26 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.66.000 | Size = 77944 bytes | Modified Date = 8/10/2006 5:13:13 PM | Attr = ] (CAISafe) CAISafe [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\iSafe.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 259184 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 4:24:18 AM | Attr = ] (KodakCCS) Kodak Camera Connection Software [Win32_Own | Auto | Running] -> %SystemRoot%\system32\drivers\KodakCCS.exe -> Eastman Kodak Company [Ver = 1.1.4900.0 | Size = 294972 bytes | Modified Date = 6/18/2003 10:54:10 AM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 155716 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 7, 0, 0, 0 | Size = 65795 bytes | Modified Date = 5/14/2003 2:45:04 AM | Attr = R ] (ScsiAccess) ScsiAccess [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ScsiAccess.EXE -> [Ver = | Size = 181312 bytes | Modified Date = 2/4/2003 9:22:30 AM | Attr = ] (VETMSGNT) VET Message Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Yahoo!\Antivirus\VetMsg.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 201840 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] (YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 4:07:38 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> anvshell -> %SystemRoot%\anvshell.exe -> AsusTeK Computer Inc. [Ver = 1.00.00 | Size = 348160 bytes | Modified Date = 5/29/2003 3:53:56 AM | Attr = R ] BJCFD -> %ProgramFiles%\BroadJump\Client Foundation\CFD.exe -> [Ver = | Size = 368706 bytes | Modified Date = 9/10/2002 9:26:26 PM | Attr = ] CaAvTray -> %ProgramFiles%\Yahoo!\Antivirus\CAVTray.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 230512 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] CAVRID -> %ProgramFiles%\Yahoo!\Antivirus\CAVRid.exe -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 185456 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] CXMon -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_monitor.exe -> Hewlett-Packard Company [Ver = 2.5.0.1 | Size = 32768 bytes | Modified Date = 8/22/2000 1:20:10 PM | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 1/12/2005 2:54:58 PM | Attr = ] HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ] HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.241.0.0 | Size = 176128 bytes | Modified Date = 12/4/2003 8:44:34 AM | Attr = ] HPHmon05 -> %SystemRoot%\system32\hphmon05.exe -> Hewlett-Packard [Ver = 5,2,10 | Size = 495616 bytes | Modified Date = 2/2/2004 4:41:58 AM | Attr = ] HPHUPD05 -> %ProgramFiles%\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe -> Hewlett-Packard [Ver = 5,2,3 | Size = 49152 bytes | Modified Date = 11/12/2003 9:23:42 AM | Attr = ] HPIJetSend -> %ProgramFiles%\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe -> [Ver = 2.5.0.1 | Size = 585728 bytes | Modified Date = 8/22/2000 1:24:46 PM | Attr = ] IPInSightLAN 02 -> %ProgramFiles%\Visual Networks\Visual IP InSight\SBC\IPClient.exe -> Visual Networks [Ver = 5.8.0.13 | Size = 380928 bytes | Modified Date = 6/11/2003 1:52:24 AM | Attr = ] IPInSightMonitor 02 -> %ProgramFiles%\Visual Networks\Visual IP InSight\SBC\ipmon32.exe -> Visual Networks [Ver = 5.8.0.13 | Size = 122880 bytes | Modified Date = 6/11/2003 1:52:26 AM | Attr = ] LiveNote -> %SystemRoot%\livenote.exe -> [Ver = | Size = 40960 bytes | Modified Date = 7/11/2002 9:31:44 AM | Attr = R ] Motive SmartBridge -> %ProgramFiles%\SBC Self Support Tool\SmartBridge\MotiveSB.exe -> Motive Communications, Inc. [Ver = 5.6.7.asst_classic.smartbridge.20031210_035000 | Size = 380928 bytes | Modified Date = 12/10/2003 4:52:40 AM | Attr = ] NeroCheck -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 6:50:42 AM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 8523776 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6921 | Size = 81920 bytes | Modified Date = 12/5/2007 2:41:00 AM | Attr = ] NVMixerTray -> %ProgramFiles%\NVIDIA Corporation\NvMixer\NvMixerTray.exe -> NVIDIA Corporation [Ver = 1.0.451 | Size = 131072 bytes | Modified Date = 12/20/2004 5:12:36 PM | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 12/5/2007 1:41:00 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ] RegistrySmart -> %ProgramFiles%\RegistrySmart\RegistrySmart.exe -> [Ver = 2, 6, 2, 0 | Size = 7615984 bytes | Modified Date = 5/10/2007 12:38:52 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 5:25:21 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 1/1/2005 11:11:21 AM | Attr = ] USRpdA -> -> File not found YOP -> %ProgramFiles%\Yahoo!\YOP\yop.exe -> Yahoo! Inc. [Ver = 2006, 7, 20, 1 | Size = 407032 bytes | Modified Date = 7/21/2006 11:43:10 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> PhotoShow Deluxe Media Manager -> %ProgramFiles%\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe -> Simple Star, Inc. [Ver = 3.0.0.0 | Size = 163840 bytes | Modified Date = 1/21/2005 8:04:42 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> PhotoShow Deluxe Media Manager -> %ProgramFiles%\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe -> Simple Star, Inc. [Ver = 3.0.0.0 | Size = 163840 bytes | Modified Date = 1/21/2005 8:04:42 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk -> %CommonProgramFiles%\Autodesk Shared\acstart16.exe -> Autodesk, Inc [Ver = 16.2.54.0 | Size = 10872 bytes | Modified Date = 3/5/2005 9:18:22 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Instant Update Reminder.lnk -> %ProgramFiles%\U.S. Robotics\ControlCenter\Reminder.exe -> [Ver = | Size = 529920 bytes | Modified Date = 12/21/2001 6:05:58 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 2, 0, 4, 237 | Size = 614531 bytes | Modified Date = 6/25/2003 7:25:38 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\SBC Self Support Tool.lnk -> %ProgramFiles%\SBC Self Support Tool\bin\matcli.exe -> Motive Communications, Inc. [Ver = 5.6.1.asst_classic.asst_matcli.20031010_085000 | Size = 217088 bytes | Modified Date = 10/10/2003 9:06:10 AM | Attr = ] < Amy Startup Folder > -> C:\Documents and Settings\Amy\Start Menu\Programs\Startup -> < Bryan Startup Folder > -> C:\Documents and Settings\Bryan\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\OCRAWARE.lnk -> %SystemDrive%\OPLIMIT\OCRAWARE.EXE -> Caere Corporation [Ver = | Size = 51360 bytes | Modified Date = 7/18/1998 12:26:06 PM | Attr = ] %UserProfile%\Start Menu\Programs\Startup\TrueAssistant.lnk -> %ProgramFiles%\TrueAssistant\TrueAssistant.exe -> Esaya, Inc. [Ver = 2, 1, 3, 5 | Size = 468992 bytes | Modified Date = 1/23/2006 2:30:56 PM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://google.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1;localhost -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\: Main\\Default_Search_URL -> -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\: Main\\Start Page -> http://google.com/ -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\: SearchURL\\ -> http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\: ProxyOverride -> 127.0.0.1;localhost -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn8\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 1:02:04 PM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 5:25:19 AM | Attr = ] {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn8\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn8\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn8\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 5:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 5:25:19 AM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\ylogin.dll [] -> Yahoo! Inc. [Ver = 2004, 6, 11, 1 | Size = 128216 bytes | Modified Date = 6/11/2004 6:07:16 PM | Attr = ] CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{2499216C-4BA5-11D5-BD9C-000103C116D5} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\ylogin.dll [] -> Yahoo! Inc. [Ver = 2004, 6, 11, 1 | Size = 128216 bytes | Modified Date = 6/11/2004 6:07:16 PM | Attr = ] CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\] > -> HKEY_USERS\S-1-5-21-448539723-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2006, 10, 31, 3 | Size = 198136 bytes | Modified Date = 10/31/2006 4:33:54 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 2:56:24 PM | Attr = ] < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> YPC 3.2.0 -> Yahoo! Parental Controls -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {8CDA5B90-84A3-47CE-AF0F-B1FE19792404} -> (NVIDIA nForce MCP Networking Adapter) -> {AB163A87-896E-405D-B7E4-2B2273C84CE2} -> (3Com 3C920B-EMB Integrated Fast Ethernet Controller) -> {AC70E35F-2504-4CF9-AC78-A406BECF845B} -> (1394 Net Adapter) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000023 -> %SystemRoot%\system32\VetRedir.dll -> Computer Associates International, Inc. [Ver = Version 11.0.7.4 | Size = 74864 bytes | Modified Date = 6/2/2007 10:58:47 PM | Attr = ] < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> Belarc, Inc. [Ver = 7.2x | Size = 106496 bytes | Modified Date = 3/6/2008 6:37:36 PM | Attr = ] cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.6.2 | Size = 81920 bytes | Modified Date = 1/12/2005 2:54:56 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value does not exist or could not be read.] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}[HKEY_LOCAL_MACHINE] -> http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[FilePlanet Download Control Class] -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc.cab[Office Update Installation Engine] -> {4C39376E-FA9D-4349-BACC-D305C1750EF3}[HKEY_LOCAL_MACHINE] -> http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab[EPUImageControl Class] -> {56336BCB-3D8A-11D6-A00B-0050DA18DE71}[HKEY_LOCAL_MACHINE] -> http://software-dl.real.com/073c65eab0fea8e41417/netzip/RdxIE601.cab[RdxIE Class] -> {62475759-9E84-458E-A1AB-5D2C442ADFDE}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/20040427/qtinstall.info.apple.com/saba/us/win/QuickTimeInstaller.exe[Reg Error: Key does not exist or could not be opened.] -> {74D05D43-3236-11D4-BDCD-00C04F9A3B61}[HKEY_LOCAL_MACHINE] -> http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab[HouseCall Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {9CF28A69-7659-4C51-BFD5-9ADE19E19EC3}[HKEY_LOCAL_MACHINE] -> http://download.yahoo.com/dl/installs/bkm/prod/yregcfg.cab[RegConfig Class] -> {9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37945.7604398148[Reg Error: Key does not exist or could not be opened.] -> {A17E30C4-A9BA-11D4-8673-60DB54C10000}[HKEY_LOCAL_MACHINE] -> http://download.yahoo.com/dl/installs/ymail/ymmapi.dll[YahooYMailTo Class] -> {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}[HKEY_LOCAL_MACHINE] -> http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab[MsnMessengerSetupDownloadControl Class] -> {B9191F79-5613-4C76-AA2A-398534BB8999}[HKEY_LOCAL_MACHINE] -> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[YAddBook Class] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D18F962A-3722-4B59-B08D-28BB9EB2281E}[HKEY_LOCAL_MACHINE] -> http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab[PhotosCtrl Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> {E855A2D4-987E-4F3B-A51C-64D10A7E2479}[HKEY_LOCAL_MACHINE] -> http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab[EPSImageControl Class] -> {F54C1137-5E34-4B95-95A5-BA56D4D8D743}[HKEY_LOCAL_MACHINE] -> http://www.gamespot.com/KDX/kdx.cab[Secure Delivery] -> {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}[HKEY_LOCAL_MACHINE] -> http://chat.msn.com/bin/msnchat45.cab[MSN Chat Control 4.5] -> {FFFFFFFF-CACE-BABE-BABE-00AA0055595A}[HKEY_LOCAL_MACHINE] -> http://www.trueswitch.com/sbcyahoo/TrueInstallSBC.exe[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> Yahoo! Chat[HKEY_LOCAL_MACHINE] -> http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab[Reg Error: Key does not exist or could not be opened.] -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1172 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 1:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11890 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\PROGRA~1\Yahoo!\MESSEN~1\yserver.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91640 bytes | Modified Date = 1/19/2007 1:49:30 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe -> C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe [C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_JetSend.exe:*:Enabled:JetSendTray Application] -> [Ver = 2.5.0.1 | Size = 585728 bytes | Modified Date = 8/22/2000 1:24:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\kdx\khost.exe -> C:\WINDOWS\kdx\khost.exe [C:\WINDOWS\kdx\khost.exe:*:Enabled:Secure Delivery Plug-In] -> Kontiki Inc. [Ver = 2.20.40120.0 | Size = 1757184 bytes | Modified Date = 1/20/2004 11:45:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe -> C:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe [C:\Program Files\Fox\Aliens vs. Predator 2\lithtech.exe:*:Enabled:Client] -> [Ver = 1, 0, 0, 1 | Size = 937984 bytes | Modified Date = 4/17/2002 3:42:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\StubInstaller.exe -> C:\StubInstaller.exe [C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer] -> LimeWire [Ver = 1.0.0.2 | Size = 700416 bytes | Modified Date = 10/31/2005 11:56:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp\LimeWire.exe -> C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp\LimeWire.exe [C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 81920 bytes | Modified Date = 9/14/2005 4:12:17 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 3/16/2008 9:31:37 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\UnrealTournament\System\UnrealTournament.exe -> C:\UnrealTournament\System\UnrealTournament.exe [C:\UnrealTournament\System\UnrealTournament.exe:*:Disabled:UnrealTournament] -> [Ver = | Size = 241664 bytes | Modified Date = 6/4/2007 9:18:47 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe -> C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe [C:\Program Files\LucasArts\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Disabled:BattlefrontII] -> [Ver = | Size = 7790592 bytes | Modified Date = 10/6/2005 3:31:27 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LucasArts\Star Wars Battlefront\GameData\Battlefront.exe -> C:\Program Files\LucasArts\Star Wars Battlefront\GameData\Battlefront.exe [C:\Program Files\LucasArts\Star Wars Battlefront\GameData\Battlefront.exe:LocalSubNet:Disabled:Battlefront] -> [Ver = | Size = 5128192 bytes | Modified Date = 8/30/2004 3:17:12 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EA GAMES\Battlefield Vietnam\BfVietnam.exe -> C:\Program Files\EA GAMES\Battlefield Vietnam\BfVietnam.exe [C:\Program Files\EA GAMES\Battlefield Vietnam\BfVietnam.exe:LocalSubNet:Enabled:BfVietnam] -> [Ver = | Size = 9688576 bytes | Modified Date = 10/19/2004 3:32:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{8CDA5B90-84A3-47CE-AF0F-B1FE19792404} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{AB163A87-896E-405D-B7E4-2B2273C84CE2} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{62CD8233-636F-4398-AA13-E7400AEF4ABE} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{BA10AC3E-7314-48EC-8CFD-BAD4ED20441B} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < ControlSets > HKEY_LOCAL_MACHINE\SYSTEM\Select\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Current -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Default -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\Failed -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\Select\\LastKnownGood -> 1 -> [Files/Folders - Created Within 90 days] archivos de programa -> %SystemDrive%\archivos de programa -> [Ver = | Size = 234 bytes | Created Date = 3/17/2008 6:37:59 PM | Attr = RH ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 3/22/2008 6:42:04 PM | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 3/23/2008 8:32:17 AM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 3/23/2008 9:27:00 AM | Attr = ] grep.exe -> %SystemRoot%\System32\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 3/22/2008 6:41:56 PM | Attr = ] jusched32.exe -> %SystemRoot%\System32\jusched32.exe -> [Folder | Created Date = 3/17/2008 6:37:51 PM | Attr = RHS] Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 3/17/2008 6:51:28 PM | Attr = ] SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 3/17/2008 6:51:28 PM | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 3/17/2008 6:51:28 PM | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 3/17/2008 6:51:28 PM | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 3/17/2008 6:51:29 PM | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Created Date = 3/17/2008 6:51:29 PM | Attr = ] VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 3/17/2008 6:51:29 PM | Attr = ] VFind.exe -> %SystemRoot%\System32\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 3/22/2008 6:41:56 PM | Attr = ] vorbis.dll -> %SystemRoot%\System32\vorbis.dll -> [Ver = | Size = 974848 bytes | Created Date = 3/22/2008 9:49:14 PM | Attr = R ] vorbisfile.dll -> %SystemRoot%\System32\vorbisfile.dll -> [Ver = | Size = 28672 bytes | Created Date = 3/22/2008 9:49:14 PM | Attr = R ] WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 3/17/2008 6:51:29 PM | Attr = ] configsys -> %SystemRoot%\configsys -> [Ver = | Size = 234 bytes | Created Date = 3/17/2008 6:37:32 PM | Attr = RH ] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 3/23/2008 8:35:14 AM | Attr = ] extract.exe -> %SystemRoot%\extract.exe -> [Folder | Created Date = 3/17/2008 6:37:46 PM | Attr = RHS] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 1/5/2008 5:23:20 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 3/22/2008 6:41:56 PM | Attr = ] OPLIMIT.INI -> %SystemRoot%\OPLIMIT.INI -> [Ver = | Size = 77 bytes | Created Date = 3/23/2008 2:53:08 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 3/23/2008 9:56:14 AM | Attr = ] RegistrySmart Scheduled Scan.job -> %SystemRoot%\tasks\RegistrySmart Scheduled Scan.job -> [Ver = | Size = 426 bytes | Created Date = 3/23/2008 3:25:35 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] nView_Profiles -> %AllUsersProfile%\Application Data\nView_Profiles -> [Folder | Created Date = 3/22/2008 9:11:24 PM | Attr = ] VTech Phonebook Manager -> %UserProfile%\My Documents\VTech Phonebook Manager -> [Folder | Created Date = 1/5/2008 5:37:25 PM | Attr = ] Ghost Master.lnk -> %AllUsersProfile%\Desktop\Ghost Master.lnk -> [Ver = | Size = 1671 bytes | Created Date = 3/22/2008 9:53:16 PM | Attr = ] MALWARE PROGRAMS -> %UserProfile%\Desktop\MALWARE PROGRAMS -> [Folder | Created Date = 3/22/2008 7:34:01 PM | Attr = ] [Files/Folders - Modified Within 90 days] archivos de programa -> %SystemDrive%\archivos de programa -> [Ver = | Size = 234 bytes | Modified Date = 3/17/2008 6:37:59 PM | Attr = RH ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 3/23/2008 9:27:01 AM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 3/23/2008 9:56:10 AM | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 3/23/2008 8:54:43 AM | Attr = ] UnrealTournament -> %SystemDrive%\UnrealTournament -> [Folder | Modified Date = 3/22/2008 9:32:27 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 3/23/2008 3:25:44 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 3/23/2008 9:27:00 AM | Attr = ] BANTExt.sys -> %SystemRoot%\System32\drivers\BANTExt.sys -> [Ver = | Size = 3840 bytes | Modified Date = 2/27/2008 2:49:00 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 3/23/2008 8:43:32 AM | Attr = ] HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [Ver = | Size = 686 bytes | Modified Date = 3/23/2008 8:43:32 AM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 3/23/2008 9:54:30 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 3/22/2008 9:07:05 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 3/23/2008 9:47:19 AM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 1/5/2008 5:24:14 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 261432 bytes | Modified Date = 3/17/2008 5:27:22 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 2:23:35 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2/22/2008 3:33:31 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 2:23:39 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 3:33:32 AM | Attr = ] jusched32.exe -> %SystemRoot%\System32\jusched32.exe -> [Folder | Modified Date = 3/17/2008 6:37:51 PM | Attr = RHS] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 164081 bytes | Modified Date = 3/22/2008 9:07:53 PM | Attr = ] NVUNINST.EXE -> %SystemRoot%\System32\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 3 , 8 , 0 | Size = 442368 bytes | Modified Date = 3/6/2008 5:23:32 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 52764 bytes | Modified Date = 3/22/2008 7:21:06 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 380350 bytes | Modified Date = 3/22/2008 7:21:06 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 439552 bytes | Modified Date = 3/22/2008 7:21:06 PM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 3/22/2008 7:45:24 PM | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Modified Date = 3/14/2008 9:09:32 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2262 bytes | Modified Date = 3/22/2008 7:12:03 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 3/16/2008 9:22:18 PM | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 3/23/2008 2:54:05 PM | Attr = S] configsys -> %SystemRoot%\configsys -> [Ver = | Size = 234 bytes | Modified Date = 3/17/2008 6:37:32 PM | Attr = RH ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 3/23/2008 1:24:47 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 3/22/2008 6:48:49 PM | Attr = ] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 3/23/2008 8:35:15 AM | Attr = ] extract.exe -> %SystemRoot%\extract.exe -> [Folder | Modified Date = 3/17/2008 6:37:46 PM | Attr = RHS] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 3/17/2008 6:37:36 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 3/22/2008 9:07:24 PM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 1/5/2008 5:24:03 PM | Attr = ] OPLIMIT.INI -> %SystemRoot%\OPLIMIT.INI -> [Ver = | Size = 77 bytes | Modified Date = 3/23/2008 2:53:08 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 3/23/2008 3:36:58 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 274 bytes | Modified Date = 3/23/2008 9:53:48 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 3/23/2008 1:24:47 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 3/23/2008 3:25:35 PM | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 3/23/2008 3:25:52 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 1/5/2008 5:23:02 PM | Attr = ] RegistrySmart Scheduled Scan.job -> %SystemRoot%\tasks\RegistrySmart Scheduled Scan.job -> [Ver = | Size = 426 bytes | Modified Date = 3/23/2008 3:25:37 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 3/23/2008 2:54:11 PM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 3/16/2008 9:23:57 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4617 bytes | Modified Date = 3/16/2008 9:23:57 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] nView_Profiles -> %AllUsersProfile%\Application Data\nView_Profiles -> [Folder | Modified Date = 3/22/2008 9:11:24 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 3/17/2008 5:31:29 PM | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 3/22/2008 7:27:16 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 3/23/2008 3:25:47 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 76944 bytes | Modified Date = 3/22/2008 9:12:06 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 1577168 bytes | Modified Date = 3/23/2008 8:32:36 AM | Attr = H ] HALLOWEEN MUSIC -> %UserProfile%\My Documents\HALLOWEEN MUSIC -> [Folder | Modified Date = 1/5/2008 10:27:45 PM | Attr = ] VTech Phonebook Manager -> %UserProfile%\My Documents\VTech Phonebook Manager -> [Folder | Modified Date = 1/5/2008 5:37:25 PM | Attr = ] Ghost Master.lnk -> %AllUsersProfile%\Desktop\Ghost Master.lnk -> [Ver = | Size = 1671 bytes | Modified Date = 3/22/2008 9:53:16 PM | Attr = ] MALWARE PROGRAMS -> %UserProfile%\Desktop\MALWARE PROGRAMS -> [Folder | Modified Date = 3/23/2008 10:57:24 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]