[code] OTScanIt logfile created on: 4/11/2008 12:34:17 PM OTScanIt by OldTimer - Version 1.0.9.0 Folder = C:\Documents and Settings\winroot\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 78.38% Memory free 2.02 Gb Paging File | 1.71 Gb Available in Paging File | 84.55% Paging File free Paging file location(s): c:\pagefile.sys 180 360; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.27 Gb Total Space | 24.91 Gb Free Space | 66.83% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Z: | 38.28 Gb Total Space | 27.22 Gb Free Space | 71.12% Space Free | Partition Type: NTFS Computer Name: HPREAROFFICE Current User Name: winroot Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] defwatch.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 32768 bytes | Modified Date = 5/20/2003 10:22:36 PM | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 610304 bytes | Modified Date = 5/20/2003 10:27:46 PM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2039 | Size = 114688 bytes | Modified Date = 1/23/2003 3:05:06 AM | Attr = ] vptray.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 90112 bytes | Modified Date = 5/20/2003 10:21:18 PM | Attr = ] acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe -> Adobe Systems Inc. [Ver = 8.1.2.2008011100 | Size = 623992 bytes | Modified Date = 1/11/2008 7:54:31 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/23/2007 9:00:09 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 4/4/2008 12:24:38 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 32768 bytes | Modified Date = 5/20/2003 10:22:36 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/23/2007 9:00:09 AM | Attr = ] (Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 610304 bytes | Modified Date = 5/20/2003 10:27:46 PM | Attr = ] (winvnc) VNC Server [Win32_Own | Auto | Stopped] -> %ProgramFiles%\TightVNC\WinVNC.exe -> File not found [Driver Services - Non-Microsoft Only] (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ac97intc.sys -> Intel Corporation [Ver = 5.10.3523 built by: WinDDK | Size = 96256 bytes | Modified Date = 8/17/2001 6:20:04 AM | Attr = ] (adpu320) adpu320 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\adpu320.sys -> Adaptec, Inc. [Ver = 1.0.000.000 built by: WinDDK | Size = 105472 bytes | Modified Date = 5/8/2002 4:44:42 PM | Attr = ] (aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 12:15:00 PM | Attr = ] (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> Broadcom Corporation [Ver = 3.48.0.0 built by: WinDDK | Size = 41728 bytes | Modified Date = 9/9/2002 12:45:50 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 6:12:10 AM | Attr = ] (i81x) i81x [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 161020 bytes | Modified Date = 8/3/2004 10:29:36 PM | Attr = ] (iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12415 bytes | Modified Date = 8/3/2004 10:29:37 PM | Attr = ] (iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12127 bytes | Modified Date = 8/3/2004 10:29:37 PM | Attr = ] (iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11775 bytes | Modified Date = 8/3/2004 10:29:37 PM | Attr = ] (iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12063 bytes | Modified Date = 8/3/2004 10:29:47 PM | Attr = ] (iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 19455 bytes | Modified Date = 8/3/2004 10:29:49 PM | Attr = ] (iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 29311 bytes | Modified Date = 8/3/2004 10:29:41 PM | Attr = ] (iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 19551 bytes | Modified Date = 8/3/2004 10:29:42 PM | Attr = ] (iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 33599 bytes | Modified Date = 8/3/2004 10:29:43 PM | Attr = ] (iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 23615 bytes | Modified Date = 8/3/2004 10:29:45 PM | Attr = ] (ialm) ialm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmnt5.sys -> Intel Corporation [Ver = 6.13.01.3460 | Size = 89371 bytes | Modified Date = 2/3/2003 5:04:00 PM | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 11868 bytes | Modified Date = 8/3/2004 10:41:55 PM | Attr = ] (NAVAP) NAVAP [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -> Symantec Corporation [Ver = 9.1.0.26 | Size = 224256 bytes | Modified Date = 5/2/2003 6:08:18 PM | Attr = ] (NAVAPEL) NAVAPEL [Kernel | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -> Symantec Corporation [Ver = 9.1.0.26 | Size = 30208 bytes | Modified Date = 5/2/2003 6:08:22 PM | Attr = ] (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080411.003\naveng.sys -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 82256 bytes | Modified Date = 4/11/2008 1:00:00 AM | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080411.003\navex15.sys -> Symantec Corporation [Ver = 20071.4.3.10 | Size = 895408 bytes | Modified Date = 4/11/2008 1:00:00 AM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr = ] (smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3538 | Size = 539008 bytes | Modified Date = 12/19/2002 5:48:48 PM | Attr = ] (SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.2.2.11 | Size = 73496 bytes | Modified Date = 8/21/2003 6:51:00 PM | Attr = ] (Symmpi) Symmpi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symmpi.sys -> LSI Logic [Ver = SYMMPI-1.08.00 built by: dprill | Size = 28416 bytes | Modified Date = 4/3/2002 9:32:06 PM | Attr = R ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmsbw.sys -> Intel Corporation [Ver = 6.13.01.3460 | Size = 109280 bytes | Modified Date = 2/3/2003 5:05:24 PM | Attr = ] ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ialmkchw.sys -> Intel Corporation [Ver = 6.13.01.3460 | Size = 78304 bytes | Modified Date = 2/3/2003 5:05:12 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> [] -> File not found Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ["C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 8.1.2.2008011100 | Size = 623992 bytes | Modified Date = 1/11/2008 7:54:31 PM | Attr = ] b06eeeb9 -> %SystemRoot%\system32\vjfobaqb.dll [rundll32.exe "C:\WINDOWS\system32\vjfobaqb.dll",b] -> [Ver = | Size = 86080 bytes | Modified Date = 4/11/2008 10:42:45 AM | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3,0,0,2039 | Size = 114688 bytes | Modified Date = 1/23/2003 3:05:06 AM | Attr = ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3,0,0,2039 | Size = 155648 bytes | Modified Date = 1/23/2003 3:17:02 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] vptray -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] -> Symantec Corporation [Ver = 8.1.0.825 | Size = 90112 bytes | Modified Date = 5/20/2003 10:21:18 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> MoneyInsights -> %ProgramFiles%\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe ["C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe"] -> Microsoft(R) Corporation [Ver = 17.00.1414 | Size = 502800 bytes | Modified Date = 2/19/2008 10:07:04 AM | Attr = ] vfkkfudn -> %SystemRoot%\system32\hqtmtmxm.exe [C:\WINDOWS\system32\hqtmtmxm.exe] -> File not found < Run [HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\] > -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> MoneyInsights -> %ProgramFiles%\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe ["C:\Program Files\Microsoft Money Plus\MNYCoreFiles\mnyinsit.exe"] -> Microsoft(R) Corporation [Ver = 17.00.1414 | Size = 502800 bytes | Modified Date = 2/19/2008 10:07:04 AM | Attr = ] vfkkfudn -> %SystemRoot%\system32\hqtmtmxm.exe [C:\WINDOWS\system32\hqtmtmxm.exe] -> File not found < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < winroot Startup Folder > -> C:\Documents and Settings\winroot\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {A98D0065-7326-41B5-B8D9-C5B692CDB82F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006] > -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> geBuUmJD -> -> File not found igfxcui -> %SystemRoot%\system32\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2039 | Size = 315392 bytes | Modified Date = 1/23/2003 3:04:18 AM | Attr = ] NavLogon -> %SystemRoot%\system32\NavLogon.dll -> [Ver = | Size = 45056 bytes | Modified Date = 5/20/2003 10:19:00 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006] > -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < HOSTS File > (793 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 1 -> HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\] > -> -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\: ProxyEnable -> 1 -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\: ProxyOverride -> 127.0.0.1 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> //@surf.mar@ .[money] -> Local intranet -> //@surf.mar@/ .[money] -> Local intranet -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\] > -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> //@surf.mar@ .[money] -> Local intranet -> //@surf.mar@/ .[money] -> Local intranet -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\] > -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {A4AFBE82-C316-451C-AC0F-9EA3D7902746} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mlJArpQK.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 270336 bytes | Modified Date = 4/9/2008 12:34:35 PM | Attr = ] {A98D0065-7326-41B5-B8D9-C5B692CDB82F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Value does not exist or could not be read.] -> File not found {AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\] > -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\] > -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {B13B4423-2647-4cfc-A4B3-C7D56CB83487}:{B13B4423-2647-4cfc-A4B3-C7D56CB83487} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Hello\PicasaCapture.dll [Share in Hello] -> Picasa, Inc. [Ver = 1, 0, 0, 651 | Size = 303104 bytes | Modified Date = 1/11/2005 7:09:26 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Hello\PicasaCapture.dll [IECmdExecute Class] -> Picasa, Inc. [Ver = 1, 0, 0, 651 | Size = 303104 bytes | Modified Date = 1/11/2005 7:09:26 PM | Attr = ] CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\] > -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{B13B4423-2647-4cfc-A4B3-C7D56CB83487} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Hello\PicasaCapture.dll [IECmdExecute Class] -> Picasa, Inc. [Ver = 1, 0, 0, 651 | Size = 303104 bytes | Modified Date = 1/11/2005 7:09:26 PM | Attr = ] CmdMapping\\{E023F504-0C5A-4750-A1E7-A9046DEA8A21} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\] > -> HKEY_USERS\S-1-5-21-1280234154-173378581-383782332-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 8.1.0.0 | Size = 321120 bytes | Modified Date = 5/10/2007 10:47:03 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {49D00C95-6DDA-4C6F-8569-4900496CD1C5} -> (Broadcom 440x 10/100 Integrated Controller) -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {01010200-5E80-11D8-9E86-0007E96C65AE}[HKEY_LOCAL_MACHINE] -> https://ra.qwest.com/sdccommon/download/tgctlins.cab[SupportSoft Installer] -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab[Office Genuine Advantage Validation Tool] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37928.5404861111[Reg Error: Key does not exist or could not be opened.] -> {B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> {C7DB51B4-BCF7-4923-8874-7F1A0DC92277}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CF4A2C45-CB89-4018-94BB-C2CACB83A537}[HKEY_LOCAL_MACHINE] -> https://homesight.xanboo.com/homesight/device/xancamx.ocx[XancamX Camera Control] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlins.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlins.dll\\.Owner -> {01010200-5E80-11D8-9E86-0007E96C65AE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlins.dll\\{01010200-5E80-11D8-9E86-0007E96C65AE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/xancamx.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/xancamx.ocx\\.Owner -> {CF4A2C45-CB89-4018-94BB-C2CACB83A537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/xancamx.ocx\\{CF4A2C45-CB89-4018-94BB-C2CACB83A537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> -> [Registry - Additional Scans - Non-Microsoft Only] < App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> Acrobat.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\] -> Adobe Systems Incorporated [Ver = 8.1.0.2007051100 | Size = 349808 bytes | Modified Date = 5/11/2007 2:59:23 AM | Attr = ] AcrobatInfo.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 14456 bytes | Modified Date = 10/22/2006 11:34:30 PM | Attr = ] AcroDist.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\Acrodist.exe [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\] -> Adobe Systems Incorporated. [Ver = 8.1.2.2008011100 | Size = 144768 bytes | Modified Date = 1/11/2008 7:54:25 PM | Attr = ] act.exe -> %ProgramFiles%\ACT\act.exe [C:\Program Files\ACT] -> Interact Commerce Corporation [Ver = 6.0.3.979 | Size = 5337138 bytes | Modified Date = 4/24/2003 9:22:56 AM | Attr = ] ActDiag.Exe -> %ProgramFiles%\ACT\actdiag.exe [C:\Program Files\ACT] -> Interact Commerce Corporation [Ver = 6.0.3.951 | Size = 966656 bytes | Modified Date = 3/26/2003 8:10:10 AM | Attr = ] HijackThis.exe -> %ProgramFiles%\Trend Micro\HijackThis\HijackThis.exe [C:\Program Files\Trend Micro\HijackThis] -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 4/10/2008 2:01:30 PM | Attr = ] hypertrm.exe -> %ProgramFiles%\Windows NT\hypertrm.exe [Reg Error: Value Path does not exist or could not be read.] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 28160 bytes | Modified Date = 8/17/2001 10:36:46 PM | Attr = ] javaws.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\javaws.exe [C:\Program Files\Java\jre1.6.0_05\bin] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 2:33:32 AM | Attr = ] LUALL.EXE -> %ProgramFiles%\Symantec\LiveUpdate\LUALL.EXE [C:\Program Files\Symantec\LiveUpdate] -> Symantec Corporation [Ver = 1.80.19.0 | Size = 1160856 bytes | Modified Date = 8/7/2002 6:04:28 AM | Attr = ] mplayer2.exe -> %ProgramFiles%\Windows Media Player\mplayer2.exe ["C:\Program Files\Windows Media Player"] -> [Ver = | Size = 4639 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ] msimn.exe -> [%ProgramFiles%\Outlook Express] -> File not found MSMoney.EXE -> %ProgramFiles%\Microsoft Money Plus\MNYCoreFiles\msmoney.exe [C:\Program Files\Microsoft Money Plus\MNYCoreFiles] -> Microsoft(R) Corporation [Ver = 17.00.1414 | Size = 66064 bytes | Modified Date = 2/19/2008 10:06:51 AM | Attr = ] prnsys.Exe -> %ProgramFiles%\Hewlett-Packard\hp print screen utility\prnsys.exe [C:\Program Files\Hewlett-Packard\hp print screen utility] -> [Ver = 1.0.0.0 | Size = 36864 bytes | Modified Date = 8/1/2002 12:03:58 PM | Attr = R ] VPC32.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\VPC32.exe [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus] -> Symantec Corporation [Ver = 8.1.0.825 | Size = 233472 bytes | Modified Date = 5/20/2003 10:19:50 PM | Attr = ] wab.exe -> [%ProgramFiles%\Outlook Express] -> File not found wabmig.exe -> [%ProgramFiles%\Outlook Express] -> File not found WORDPAD.EXE -> [Reg Error: Value Path does not exist or could not be read.] -> File not found WRITE.EXE -> [Reg Error: Value Path does not exist or could not be read.] -> File not found < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] C:\WINDOWS\system32\mlJArpQK -> %SystemRoot%\system32\mlJArpQK.dll -> [Ver = | Size = 270336 bytes | Modified Date = 4/9/2008 12:34:35 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 10:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 7:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 9:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 700 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [iissuba] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 7631 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 12:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 9:24:37 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe -> C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe [C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 768512 bytes | Modified Date = 8/4/2004 12:56:49 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\winroot\Local Settings\Temp\WZSE0.TMP\recover.exe -> C:\Documents and Settings\winroot\Local Settings\Temp\WZSE0.TMP\recover.exe [C:\Documents and Settings\winroot\Local Settings\Temp\WZSE0.TMP\recover.exe:*:Enabled:Firmware Recovery Program] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 1 -> [Files/Folders - Created Within 90 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 4/10/2008 3:20:31 PM | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2138624000 bytes | Created Date = 4/11/2008 12:27:43 PM | Attr = HS] bqabofjv.ini -> %SystemRoot%\System32\bqabofjv.ini -> [Ver = | Size = 708700 bytes | Created Date = 4/11/2008 10:42:57 AM | Attr = HS] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Created Date = 4/11/2008 7:43:55 AM | Attr = H ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ipulgaov.ini -> %SystemRoot%\System32\ipulgaov.ini -> [Ver = | Size = 709715 bytes | Created Date = 4/10/2008 10:39:12 AM | Attr = HS] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/10/2008 7:38:45 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 3/10/2008 7:38:45 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 3/10/2008 7:38:45 AM | Attr = ] KQprAJlm.ini -> %SystemRoot%\System32\KQprAJlm.ini -> [Ver = | Size = 183522 bytes | Created Date = 4/9/2008 12:34:37 PM | Attr = HS] KQprAJlm.ini2 -> %SystemRoot%\System32\KQprAJlm.ini2 -> [Ver = | Size = 183522 bytes | Created Date = 4/9/2008 12:34:38 PM | Attr = HS] mlJArpQK.dll -> %SystemRoot%\System32\mlJArpQK.dll -> [Ver = | Size = 270336 bytes | Created Date = 4/9/2008 12:34:32 PM | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 206 bytes | Created Date = 4/10/2008 1:44:51 PM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 2200 bytes | Created Date = 4/11/2008 12:20:54 PM | Attr = ] vjfobaqb.dll -> %SystemRoot%\System32\vjfobaqb.dll -> [Ver = | Size = 86080 bytes | Created Date = 4/11/2008 10:42:44 AM | Attr = ] apoxqwfv.exe -> %SystemRoot%\apoxqwfv.exe -> [Ver = | Size = 81920 bytes | Created Date = 4/9/2008 12:29:56 PM | Attr = ] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 758 bytes | Created Date = 4/10/2008 10:39:25 AM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 4/10/2008 1:48:41 PM | Attr = H ] 7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> mslagent -> %SystemRoot%\mslagent -> [Folder | Created Date = 4/10/2008 10:32:23 AM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 4/9/2008 3:40:51 PM | Attr = ] resources -> %SystemRoot%\resources -> [Folder | Created Date = 4/11/2008 12:27:47 PM | Attr = ] system32akttzn.exe -> %SystemRoot%\system32akttzn.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:55 PM | Attr = ] system32anticipator.dll -> %SystemRoot%\system32anticipator.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:55 PM | Attr = ] system32awtoolb.dll -> %SystemRoot%\system32awtoolb.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:54 PM | Attr = ] system32bdn.com -> %SystemRoot%\system32bdn.com -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:55 PM | Attr = ] system32bsva-egihsg52.exe -> %SystemRoot%\system32bsva-egihsg52.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:30:00 PM | Attr = ] system32dpcproxy.exe -> %SystemRoot%\system32dpcproxy.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:57 PM | Attr = ] system32emesx.dll -> %SystemRoot%\system32emesx.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:55 PM | Attr = ] system32h@tkeysh@@k.dll -> %SystemRoot%\system32h@tkeysh@@k.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:58 PM | Attr = ] system32hoproxy.dll -> %SystemRoot%\system32hoproxy.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:30:04 PM | Attr = ] system32hxiwlgpm.dat -> %SystemRoot%\system32hxiwlgpm.dat -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:30:03 PM | Attr = ] system32hxiwlgpm.exe -> %SystemRoot%\system32hxiwlgpm.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:30:03 PM | Attr = ] system32medup012.dll -> %SystemRoot%\system32medup012.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:59 PM | Attr = ] system32medup020.dll -> %SystemRoot%\system32medup020.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:59 PM | Attr = ] system32msgp.exe -> %SystemRoot%\system32msgp.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:58 PM | Attr = ] system32msnbho.dll -> %SystemRoot%\system32msnbho.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:30:00 PM | Attr = ] system32mssecu.exe -> %SystemRoot%\system32mssecu.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:55 PM | Attr = ] system32msvchost.exe -> %SystemRoot%\system32msvchost.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:57 PM | Attr = ] system32mtr2.exe -> %SystemRoot%\system32mtr2.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:59 PM | Attr = ] system32mwin32.exe -> %SystemRoot%\system32mwin32.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:30:04 PM | Attr = ] system32netode.exe -> %SystemRoot%\system32netode.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:59 PM | Attr = ] system32newsd32.exe -> %SystemRoot%\system32newsd32.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:55 PM | Attr = ] system32ps1.exe -> %SystemRoot%\system32ps1.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:30:01 PM | Attr = ] system32psof1.exe -> %SystemRoot%\system32psof1.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:30:01 PM | Attr = ] system32psoft1.exe -> %SystemRoot%\system32psoft1.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:30:01 PM | Attr = ] system32regc64.dll -> %SystemRoot%\system32regc64.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:57 PM | Attr = ] system32regm64.dll -> %SystemRoot%\system32regm64.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:57 PM | Attr = ] system32Rundl1.exe -> %SystemRoot%\system32Rundl1.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:56 PM | Attr = ] system32smp -> %SystemRoot%\system32smp -> [Folder | Created Date = 4/9/2008 12:29:59 PM | Attr = ] system32sncntr.exe -> %SystemRoot%\system32sncntr.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:30:03 PM | Attr = ] system32ssurf022.dll -> %SystemRoot%\system32ssurf022.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:59 PM | Attr = ] system32ssvchost.com -> %SystemRoot%\system32ssvchost.com -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:57 PM | Attr = ] system32ssvchost.exe -> %SystemRoot%\system32ssvchost.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:57 PM | Attr = ] system32sysreq.exe -> %SystemRoot%\system32sysreq.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:55 PM | Attr = ] system32taack.dat -> %SystemRoot%\system32taack.dat -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:30:03 PM | Attr = ] system32taack.exe -> %SystemRoot%\system32taack.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:30:03 PM | Attr = ] system32temp#01.exe -> %SystemRoot%\system32temp#01.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:58 PM | Attr = ] system32thun.dll -> %SystemRoot%\system32thun.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:56 PM | Attr = ] system32thun32.dll -> %SystemRoot%\system32thun32.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:56 PM | Attr = ] system32VBIEWER.OCX -> %SystemRoot%\system32VBIEWER.OCX -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:30:04 PM | Attr = ] system32vbsys2.dll -> %SystemRoot%\system32vbsys2.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:54 PM | Attr = ] system32vcatchpi.dll -> %SystemRoot%\system32vcatchpi.dll -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:55 PM | Attr = ] system32winlogonpc.exe -> %SystemRoot%\system32winlogonpc.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:30:05 PM | Attr = ] system32winsystem.exe -> %SystemRoot%\system32winsystem.exe -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:55 PM | Attr = ] system32WINWGPX.EXE -> %SystemRoot%\system32WINWGPX.EXE -> [Ver = | Size = 4096 bytes | Created Date = 4/9/2008 12:29:55 PM | Attr = ] vnbptxlf.dll -> %SystemRoot%\vnbptxlf.dll -> [Ver = | Size = 184320 bytes | Created Date = 4/9/2008 12:29:56 PM | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Created Date = 4/10/2008 9:58:37 AM | Attr = H ] SpyHunter Scanner.job -> %SystemRoot%\tasks\SpyHunter Scanner.job -> [Ver = | Size = 446 bytes | Created Date = 4/10/2008 3:08:01 PM | Attr = ] XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job -> [Ver = | Size = 452 bytes | Created Date = 4/11/2008 10:00:38 AM | Attr = ] XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> [Ver = | Size = 366 bytes | Created Date = 4/11/2008 10:00:37 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] nwpufspc -> %AllUsersProfile%\Application Data\nwpufspc -> [Folder | Created Date = 4/9/2008 12:29:38 PM | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [Folder | Created Date = 4/9/2008 2:03:18 PM | Attr = ] OfficeUpdate12 -> %AppData%\OfficeUpdate12 -> [Folder | Created Date = 1/30/2008 8:17:58 AM | Attr = ] Client Intro RJP.doc -> %UserProfile%\My Documents\Client Intro RJP.doc -> [Ver = | Size = 14966 bytes | Created Date = 3/19/2008 2:01:41 PM | Attr = ] Client Intro RJP.pdf -> %UserProfile%\My Documents\Client Intro RJP.pdf -> [Ver = | Size = 3902 bytes | Created Date = 3/19/2008 1:43:39 PM | Attr = ] f1040--2005.pdf -> %UserProfile%\My Documents\f1040--2005.pdf -> [Ver = | Size = 207158 bytes | Created Date = 2/6/2008 10:20:37 AM | Attr = ] f1040--2006.pdf -> %UserProfile%\My Documents\f1040--2006.pdf -> [Ver = | Size = 408550 bytes | Created Date = 2/6/2008 9:59:35 AM | Attr = ] f1040sab--2006.pdf -> %UserProfile%\My Documents\f1040sab--2006.pdf -> [Ver = | Size = 375928 bytes | Created Date = 3/6/2008 7:21:45 AM | Attr = ] petsafe.pdf -> %UserProfile%\My Documents\petsafe.pdf -> [Ver = | Size = 34220 bytes | Created Date = 3/11/2008 10:37:39 AM | Attr = ] Sub-lease.doc -> %UserProfile%\My Documents\Sub-lease.doc -> [Ver = | Size = 38400 bytes | Created Date = 2/18/2008 11:18:18 AM | Attr = ] AvailableUnit11Listing.pdf -> %UserProfile%\Desktop\AvailableUnit11Listing.pdf -> [Ver = | Size = 104333 bytes | Created Date = 2/1/2008 9:21:18 AM | Attr = ] AvailableUnit11Pictures.pdf -> %UserProfile%\Desktop\AvailableUnit11Pictures.pdf -> [Ver = | Size = 535965 bytes | Created Date = 2/1/2008 9:01:31 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 4/10/2008 2:01:30 PM | Attr = ] Moon largeaaa.jpg -> %UserProfile%\Desktop\Moon largeaaa.jpg -> [Ver = | Size = 79585 bytes | Created Date = 3/19/2008 1:51:36 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 4/11/2008 12:31:59 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 540250 bytes | Created Date = 4/11/2008 12:31:23 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier PCRegistryCleaner.lnk -> %UserProfile%\Desktop\PCRegistryCleaner.lnk -> [Ver = | Size = 806 bytes | Created Date = 4/10/2008 12:43:20 PM | Attr = ] SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [Folder | Created Date = 4/11/2008 12:19:46 PM | Attr = ] SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> [Ver = | Size = 1307936 bytes | Created Date = 4/11/2008 12:15:24 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SmitfraudFix.exe:Zone.Identifier XoftSpySE.lnk -> %UserProfile%\Desktop\XoftSpySE.lnk -> [Ver = | Size = 700 bytes | Created Date = 4/11/2008 10:00:32 AM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 4/10/2008 1:09:15 PM | Attr = ] [Files/Folders - Modified Within 90 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/10/2008 3:49:37 PM | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2138624000 bytes | Modified Date = 4/11/2008 12:27:43 PM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/11/2008 10:08:42 AM | Attr = R ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/11/2008 12:27:47 PM | Attr = ] bqabofjv.ini -> %SystemRoot%\System32\bqabofjv.ini -> [Ver = | Size = 708700 bytes | Modified Date = 4/11/2008 12:29:53 PM | Attr = HS] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 4/10/2008 2:00:56 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 4/11/2008 9:16:48 AM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 4/10/2008 10:34:20 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 4/10/2008 2:15:34 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 4/11/2008 8:19:20 AM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 4/10/2008 1:58:43 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 265416 bytes | Modified Date = 4/10/2008 2:17:23 PM | Attr = ] GroupPolicy -> %SystemRoot%\System32\GroupPolicy -> [Folder | Modified Date = 4/11/2008 7:43:56 AM | Attr = H ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 4/11/2008 12:30:05 PM | Attr = ] ipulgaov.ini -> %SystemRoot%\System32\ipulgaov.ini -> [Ver = | Size = 709715 bytes | Modified Date = 4/10/2008 1:36:01 PM | Attr = HS] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:35 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2/22/2008 2:33:31 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:39 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 2:33:32 AM | Attr = ] KQprAJlm.ini -> %SystemRoot%\System32\KQprAJlm.ini -> [Ver = | Size = 183522 bytes | Modified Date = 4/11/2008 12:34:51 PM | Attr = HS] KQprAJlm.ini2 -> %SystemRoot%\System32\KQprAJlm.ini2 -> [Ver = | Size = 183522 bytes | Modified Date = 4/11/2008 12:34:36 PM | Attr = HS] mlJArpQK.dll -> %SystemRoot%\System32\mlJArpQK.dll -> [Ver = | Size = 270336 bytes | Modified Date = 4/9/2008 12:34:35 PM | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 206 bytes | Modified Date = 4/10/2008 1:44:51 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 74340 bytes | Modified Date = 4/10/2008 3:25:30 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 445342 bytes | Modified Date = 4/10/2008 3:25:30 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 508264 bytes | Modified Date = 4/10/2008 3:25:30 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 4/10/2008 7:45:36 AM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 2200 bytes | Modified Date = 4/11/2008 12:20:54 PM | Attr = ] vjfobaqb.dll -> %SystemRoot%\System32\vjfobaqb.dll -> [Ver = | Size = 86080 bytes | Modified Date = 4/11/2008 10:42:45 AM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 4/10/2008 10:33:20 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 12672 bytes | Modified Date = 4/11/2008 12:28:48 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/9/2008 2:49:13 PM | Attr = H ] 7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> apoxqwfv.exe -> %SystemRoot%\apoxqwfv.exe -> [Ver = | Size = 81920 bytes | Modified Date = 4/9/2008 10:49:54 AM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/10/2008 5:16:17 PM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/11/2008 12:27:44 PM | Attr = S] cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 758 bytes | Modified Date = 4/11/2008 10:48:49 AM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/10/2008 9:53:29 AM | Attr = S] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 1/30/2008 8:49:39 AM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 4/10/2008 2:10:35 PM | Attr = ] hpbafd.ini -> %SystemRoot%\hpbafd.ini -> [Ver = | Size = 440 bytes | Modified Date = 4/11/2008 12:30:44 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 4/10/2008 1:49:56 PM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 4/10/2008 1:58:11 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 4/10/2008 2:15:38 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/10/2008 2:15:53 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/11/2008 7:21:05 AM | Attr = HS] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 4/10/2008 1:50:14 PM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 4/10/2008 5:16:51 PM | Attr = ] mslagent -> %SystemRoot%\mslagent -> [Folder | Modified Date = 4/11/2008 10:08:40 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/11/2008 12:31:56 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 4/9/2008 3:40:51 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/10/2008 5:58:43 PM | Attr = ] resources -> %SystemRoot%\resources -> [Folder | Modified Date = 4/11/2008 12:27:48 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 4/10/2008 4:40:07 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 4/11/2008 12:29:53 PM | Attr = ] system32akttzn.exe -> %SystemRoot%\system32akttzn.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:55 PM | Attr = ] system32anticipator.dll -> %SystemRoot%\system32anticipator.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:55 PM | Attr = ] system32awtoolb.dll -> %SystemRoot%\system32awtoolb.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:54 PM | Attr = ] system32bdn.com -> %SystemRoot%\system32bdn.com -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:55 PM | Attr = ] system32bsva-egihsg52.exe -> %SystemRoot%\system32bsva-egihsg52.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:30:00 PM | Attr = ] system32dpcproxy.exe -> %SystemRoot%\system32dpcproxy.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:57 PM | Attr = ] system32emesx.dll -> %SystemRoot%\system32emesx.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:55 PM | Attr = ] system32h@tkeysh@@k.dll -> %SystemRoot%\system32h@tkeysh@@k.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:58 PM | Attr = ] system32hoproxy.dll -> %SystemRoot%\system32hoproxy.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:30:04 PM | Attr = ] system32hxiwlgpm.dat -> %SystemRoot%\system32hxiwlgpm.dat -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:30:03 PM | Attr = ] system32hxiwlgpm.exe -> %SystemRoot%\system32hxiwlgpm.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:30:03 PM | Attr = ] system32medup012.dll -> %SystemRoot%\system32medup012.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:59 PM | Attr = ] system32medup020.dll -> %SystemRoot%\system32medup020.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:59 PM | Attr = ] system32msgp.exe -> %SystemRoot%\system32msgp.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:58 PM | Attr = ] system32msnbho.dll -> %SystemRoot%\system32msnbho.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:30:00 PM | Attr = ] system32mssecu.exe -> %SystemRoot%\system32mssecu.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:55 PM | Attr = ] system32msvchost.exe -> %SystemRoot%\system32msvchost.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:57 PM | Attr = ] system32mtr2.exe -> %SystemRoot%\system32mtr2.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:59 PM | Attr = ] system32mwin32.exe -> %SystemRoot%\system32mwin32.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:30:04 PM | Attr = ] system32netode.exe -> %SystemRoot%\system32netode.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:59 PM | Attr = ] system32newsd32.exe -> %SystemRoot%\system32newsd32.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:55 PM | Attr = ] system32ps1.exe -> %SystemRoot%\system32ps1.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:30:01 PM | Attr = ] system32psof1.exe -> %SystemRoot%\system32psof1.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:30:01 PM | Attr = ] system32psoft1.exe -> %SystemRoot%\system32psoft1.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:30:01 PM | Attr = ] system32regc64.dll -> %SystemRoot%\system32regc64.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:57 PM | Attr = ] system32regm64.dll -> %SystemRoot%\system32regm64.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:57 PM | Attr = ] system32Rundl1.exe -> %SystemRoot%\system32Rundl1.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:56 PM | Attr = ] system32smp -> %SystemRoot%\system32smp -> [Folder | Modified Date = 4/9/2008 12:29:59 PM | Attr = ] system32sncntr.exe -> %SystemRoot%\system32sncntr.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:30:03 PM | Attr = ] system32ssurf022.dll -> %SystemRoot%\system32ssurf022.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:59 PM | Attr = ] system32ssvchost.com -> %SystemRoot%\system32ssvchost.com -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:57 PM | Attr = ] system32ssvchost.exe -> %SystemRoot%\system32ssvchost.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:57 PM | Attr = ] system32sysreq.exe -> %SystemRoot%\system32sysreq.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:55 PM | Attr = ] system32taack.dat -> %SystemRoot%\system32taack.dat -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:30:03 PM | Attr = ] system32taack.exe -> %SystemRoot%\system32taack.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:30:03 PM | Attr = ] system32temp#01.exe -> %SystemRoot%\system32temp#01.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:58 PM | Attr = ] system32thun.dll -> %SystemRoot%\system32thun.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:56 PM | Attr = ] system32thun32.dll -> %SystemRoot%\system32thun32.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:56 PM | Attr = ] system32VBIEWER.OCX -> %SystemRoot%\system32VBIEWER.OCX -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:30:04 PM | Attr = ] system32vbsys2.dll -> %SystemRoot%\system32vbsys2.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:54 PM | Attr = ] system32vcatchpi.dll -> %SystemRoot%\system32vcatchpi.dll -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:55 PM | Attr = ] system32winlogonpc.exe -> %SystemRoot%\system32winlogonpc.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:30:05 PM | Attr = ] system32winsystem.exe -> %SystemRoot%\system32winsystem.exe -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:55 PM | Attr = ] system32WINWGPX.EXE -> %SystemRoot%\system32WINWGPX.EXE -> [Ver = | Size = 4096 bytes | Modified Date = 4/9/2008 12:29:55 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/11/2008 10:00:38 AM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/11/2008 12:03:08 PM | Attr = ] vnbptxlf.dll -> %SystemRoot%\vnbptxlf.dll -> [Ver = | Size = 184320 bytes | Modified Date = 4/9/2008 10:49:54 AM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 4/10/2008 1:50:25 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 613 bytes | Modified Date = 4/9/2008 3:42:24 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/10/2008 3:24:45 PM | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 4/11/2008 2:25:00 AM | Attr = H ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/11/2008 12:28:01 PM | Attr = H ] SpyHunter Scanner.job -> %SystemRoot%\tasks\SpyHunter Scanner.job -> [Ver = | Size = 446 bytes | Modified Date = 4/11/2008 2:15:07 AM | Attr = ] XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job -> [Ver = | Size = 452 bytes | Modified Date = 4/11/2008 12:28:44 PM | Attr = ] XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job -> [Ver = | Size = 366 bytes | Modified Date = 4/11/2008 10:00:38 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5470 bytes | Modified Date = 4/10/2008 3:11:56 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 4/10/2008 3:11:56 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 3804 bytes | Modified Date = 12/6/2004 8:22:16 AM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 4/19/2006 10:12:11 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/19/2003 8:48:10 PM | Attr = ] index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/19/2003 9:28:37 PM | Attr = ] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 8/19/2003 9:28:37 PM | Attr = ] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 8/19/2003 9:28:38 PM | Attr = ] desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 8/19/2003 11:42:20 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 8/19/2003 11:42:20 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\81Q38TEB\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 8/19/2003 11:42:20 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\GLQ3S563\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 8/19/2003 11:42:20 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\PC5F9YW2\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 8/19/2003 11:42:20 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ZOK7YLGE\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 8/19/2003 11:42:20 PM | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 4/10/2008 9:55:15 AM | Attr = S] nwpufspc -> %AllUsersProfile%\Application Data\nwpufspc -> [Folder | Modified Date = 4/10/2008 1:44:49 PM | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [Folder | Modified Date = 4/10/2008 10:32:26 AM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2/21/2008 10:26:56 AM | Attr = S] OfficeUpdate12 -> %AppData%\OfficeUpdate12 -> [Folder | Modified Date = 1/30/2008 8:51:31 AM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 68960 bytes | Modified Date = 1/31/2008 4:49:48 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 1656336 bytes | Modified Date = 4/11/2008 12:26:48 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 4/10/2008 12:44:53 PM | Attr = ] Andre Resume.doc -> %UserProfile%\My Documents\Andre Resume.doc -> [Ver = | Size = 30208 bytes | Modified Date = 2/11/2008 11:03:13 AM | Attr = ] AOM -> %UserProfile%\My Documents\AOM -> [Folder | Modified Date = 3/19/2008 9:51:17 AM | Attr = ] Art Proofs -> %UserProfile%\My Documents\Art Proofs -> [Folder | Modified Date = 3/21/2008 12:33:57 PM | Attr = ] Client Intro RJP.doc -> %UserProfile%\My Documents\Client Intro RJP.doc -> [Ver = | Size = 14966 bytes | Modified Date = 3/19/2008 2:01:43 PM | Attr = ] Client Intro RJP.pdf -> %UserProfile%\My Documents\Client Intro RJP.pdf -> [Ver = | Size = 3902 bytes | Modified Date = 3/19/2008 2:01:26 PM | Attr = ] Client Invoices -> %UserProfile%\My Documents\Client Invoices -> [Folder | Modified Date = 3/25/2008 9:02:00 AM | Attr = ] Comp -> %UserProfile%\My Documents\Comp -> [Folder | Modified Date = 2/8/2008 9:09:06 AM | Attr = ] Credit worksheet.xls -> %UserProfile%\My Documents\Credit worksheet.xls -> [Ver = | Size = 19968 bytes | Modified Date = 4/1/2008 8:47:51 AM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 78 bytes | Modified Date = 4/10/2008 2:12:30 PM | Attr = HS] Earnings -> %UserProfile%\My Documents\Earnings -> [Folder | Modified Date = 4/10/2008 9:04:47 AM | Attr = ] f1040--2005.pdf -> %UserProfile%\My Documents\f1040--2005.pdf -> [Ver = | Size = 207158 bytes | Modified Date = 2/6/2008 10:29:25 AM | Attr = ] f1040--2006.pdf -> %UserProfile%\My Documents\f1040--2006.pdf -> [Ver = | Size = 408550 bytes | Modified Date = 2/6/2008 10:29:20 AM | Attr = ] f1040sab--2006.pdf -> %UserProfile%\My Documents\f1040sab--2006.pdf -> [Ver = | Size = 375928 bytes | Modified Date = 3/6/2008 7:21:45 AM | Attr = ] fw2_05.pdf -> %UserProfile%\My Documents\fw2_05.pdf -> [Ver = | Size = 120478 bytes | Modified Date = 3/21/2008 8:34:13 AM | Attr = ] fw2_06.pdf -> %UserProfile%\My Documents\fw2_06.pdf -> [Ver = | Size = 56099 bytes | Modified Date = 2/6/2008 10:12:15 AM | Attr = ] Insurance Docs -> %UserProfile%\My Documents\Insurance Docs -> [Folder | Modified Date = 1/14/2008 12:45:27 PM | Attr = ] Job Order Complete Record Listing.pdf -> %UserProfile%\My Documents\Job Order Complete Record Listing.pdf -> [Ver = | Size = 12041 bytes | Modified Date = 4/10/2008 4:20:44 PM | Attr = ] My Money.mny -> %UserProfile%\My Documents\My Money.mny -> [Ver = | Size = 10031104 bytes | Modified Date = 4/11/2008 9:48:47 AM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 4/10/2008 2:12:32 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 4/10/2008 2:12:30 PM | Attr = R ] Outlook.pst -> %UserProfile%\My Documents\Outlook.pst -> [Ver = | Size = 310854656 bytes | Modified Date = 4/11/2008 12:30:44 PM | Attr = ] Perm Invoice logo.doc -> %UserProfile%\My Documents\Perm Invoice logo.doc -> [Ver = | Size = 706048 bytes | Modified Date = 2/25/2008 12:55:30 PM | Attr = ] Perm Invoice.doc -> %UserProfile%\My Documents\Perm Invoice.doc -> [Ver = | Size = 30720 bytes | Modified Date = 2/14/2008 10:28:51 AM | Attr = ] petsafe.pdf -> %UserProfile%\My Documents\petsafe.pdf -> [Ver = | Size = 34220 bytes | Modified Date = 3/11/2008 10:37:39 AM | Attr = ] Sub-lease.doc -> %UserProfile%\My Documents\Sub-lease.doc -> [Ver = | Size = 38400 bytes | Modified Date = 2/18/2008 11:55:56 AM | Attr = ] Surveys -> %UserProfile%\My Documents\Surveys -> [Folder | Modified Date = 3/17/2008 8:51:06 AM | Attr = ] Vacation-Sick time accruals.xls -> %UserProfile%\My Documents\Vacation-Sick time accruals.xls -> [Ver = | Size = 39936 bytes | Modified Date = 3/26/2008 3:08:44 PM | Attr = ] AvailableUnit11Listing.pdf -> %UserProfile%\Desktop\AvailableUnit11Listing.pdf -> [Ver = | Size = 104333 bytes | Modified Date = 2/1/2008 9:21:18 AM | Attr = ] AvailableUnit11Pictures.pdf -> %UserProfile%\Desktop\AvailableUnit11Pictures.pdf -> [Ver = | Size = 535965 bytes | Modified Date = 2/1/2008 9:17:41 AM | Attr = ] Corp. Commun..url -> %UserProfile%\Desktop\Corp. Commun..url -> [Ver = | Size = 137 bytes | Modified Date = 4/10/2008 4:38:25 PM | Attr = ] Cox Webmail.url -> %UserProfile%\Desktop\Cox Webmail.url -> [Ver = | Size = 169 bytes | Modified Date = 4/9/2008 2:32:36 PM | Attr = ] External.xls -> %UserProfile%\Desktop\External.xls -> [Ver = | Size = 536064 bytes | Modified Date = 1/16/2008 9:56:11 AM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 4/10/2008 2:01:30 PM | Attr = ] Internal.xls -> %UserProfile%\Desktop\Internal.xls -> [Ver = | Size = 659968 bytes | Modified Date = 4/11/2008 9:12:57 AM | Attr = ] Internet Explorer.lnk -> %UserProfile%\Desktop\Internet Explorer.lnk -> [Ver = | Size = 803 bytes | Modified Date = 4/10/2008 2:12:40 PM | Attr = ] Job Order Input Form.pdf -> %UserProfile%\Desktop\Job Order Input Form.pdf -> [Ver = | Size = 26996 bytes | Modified Date = 2/14/2008 10:07:29 AM | Attr = ] Microsoft Office Outlook 2003.lnk -> %UserProfile%\Desktop\Microsoft Office Outlook 2003.lnk -> [Ver = | Size = 2407 bytes | Modified Date = 4/10/2008 3:56:49 PM | Attr = ] Moon largeaaa.jpg -> %UserProfile%\Desktop\Moon largeaaa.jpg -> [Ver = | Size = 79585 bytes | Modified Date = 3/19/2008 2:20:53 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 4/11/2008 12:31:59 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 540250 bytes | Modified Date = 4/11/2008 12:31:27 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier PCRegistryCleaner.lnk -> %UserProfile%\Desktop\PCRegistryCleaner.lnk -> [Ver = | Size = 806 bytes | Modified Date = 4/10/2008 12:43:20 PM | Attr = ] Resume Log 2007.lnk -> %UserProfile%\Desktop\Resume Log 2007.lnk -> [Ver = | Size = 627 bytes | Modified Date = 3/27/2008 1:53:47 PM | Attr = ] SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [Folder | Modified Date = 4/11/2008 12:24:39 PM | Attr = ] SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> [Ver = | Size = 1307936 bytes | Modified Date = 4/11/2008 12:15:24 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SmitfraudFix.exe:Zone.Identifier XoftSpySE.lnk -> %UserProfile%\Desktop\XoftSpySE.lnk -> [Ver = | Size = 700 bytes | Modified Date = 4/11/2008 10:00:32 AM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 3/5/2008 9:03:30 AM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 4/10/2008 1:09:15 PM | Attr = ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] C:\Documents and Settings\Administrator\Application Data\ -> C:\Documents and Settings\Administrator\Application Data -> [Folder | Modified Date = 8/19/2003 10:11:43 PM | Attr = RH ] Identities -> C:\Documents and Settings\Administrator\Application Data\Identities -> [Folder | Modified Date = 8/19/2003 10:11:43 PM | Attr = ] Microsoft -> C:\Documents and Settings\Administrator\Application Data\Microsoft -> [Folder | Modified Date = 8/19/2003 10:11:43 PM | Attr = S] C:\Documents and Settings\All Users\Application Data\ -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 4/9/2008 2:03:18 PM | Attr = RH ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 6/12/2007 8:51:38 AM | Attr = ] FLEXnet -> C:\Documents and Settings\All Users\Application Data\FLEXnet -> [Folder | Modified Date = 12/20/2007 11:32:58 AM | Attr = ] interMute -> C:\Documents and Settings\All Users\Application Data\interMute -> [Folder | Modified Date = 8/20/2003 7:58:58 PM | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 4/10/2008 9:55:15 AM | Attr = S] nwpufspc -> C:\Documents and Settings\All Users\Application Data\nwpufspc -> [Folder | Modified Date = 4/10/2008 1:44:49 PM | Attr = ] Office Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage -> [Folder | Modified Date = 10/11/2007 9:43:08 AM | Attr = ] Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec -> [Folder | Modified Date = 8/21/2003 6:52:38 PM | Attr = ] Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 7/6/2006 8:01:02 AM | Attr = ] Yahoo! Companion -> C:\Documents and Settings\All Users\Application Data\Yahoo! Companion -> [Folder | Modified Date = 4/10/2008 10:32:26 AM | Attr = ] C:\Documents and Settings\Default User\Application Data\ -> C:\Documents and Settings\Default User\Application Data -> [Folder | Modified Date = 8/19/2003 10:11:43 PM | Attr = RH ] Identities -> C:\Documents and Settings\Default User\Application Data\Identities -> [Folder | Modified Date = 8/19/2003 10:11:43 PM | Attr = ] Microsoft -> C:\Documents and Settings\Default User\Application Data\Microsoft -> [Folder | Modified Date = 8/19/2003 10:11:43 PM | Attr = S] C:\Documents and Settings\LocalService\Application Data\ -> C:\Documents and Settings\LocalService\Application Data -> [Folder | Modified Date = 9/21/2006 2:33:39 PM | Attr = ] Help -> C:\Documents and Settings\LocalService\Application Data\Help -> [Folder | Modified Date = 9/21/2006 2:33:39 PM | Attr = ] Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [Folder | Modified Date = 3/26/2007 1:29:27 PM | Attr = S] C:\Documents and Settings\NetworkService\Application Data\ -> C:\Documents and Settings\NetworkService\Application Data -> [Folder | Modified Date = 8/19/2003 10:11:43 PM | Attr = ] Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [Folder | Modified Date = 12/2/2007 10:00:43 PM | Attr = S] C:\Documents and Settings\winroot\Application Data\ -> C:\Documents and Settings\winroot\Application Data -> [Folder | Modified Date = 4/11/2008 12:20:56 PM | Attr = RH ] Adobe -> C:\Documents and Settings\winroot\Application Data\Adobe -> [Folder | Modified Date = 5/14/2007 3:14:36 PM | Attr = ] AdobeUM -> C:\Documents and Settings\winroot\Application Data\AdobeUM -> [Folder | Modified Date = 12/11/2006 7:53:40 AM | Attr = ] Help -> C:\Documents and Settings\winroot\Application Data\Help -> [Folder | Modified Date = 4/26/2005 10:43:31 AM | Attr = ] ICAClient -> C:\Documents and Settings\winroot\Application Data\ICAClient -> [Folder | Modified Date = 5/4/2005 10:33:21 AM | Attr = ] Identities -> C:\Documents and Settings\winroot\Application Data\Identities -> [Folder | Modified Date = 8/19/2003 10:11:43 PM | Attr = ] Interact Commerce -> C:\Documents and Settings\winroot\Application Data\Interact Commerce -> [Folder | Modified Date = 4/26/2005 1:30:40 PM | Attr = ] Macromedia -> C:\Documents and Settings\winroot\Application Data\Macromedia -> [Folder | Modified Date = 10/22/2004 8:34:22 AM | Attr = ] Microsoft -> C:\Documents and Settings\winroot\Application Data\Microsoft -> [Folder | Modified Date = 2/21/2008 10:26:56 AM | Attr = S] OfficeUpdate12 -> C:\Documents and Settings\winroot\Application Data\OfficeUpdate12 -> [Folder | Modified Date = 1/30/2008 8:51:31 AM | Attr = ] Sun -> C:\Documents and Settings\winroot\Application Data\Sun -> [Folder | Modified Date = 7/23/2007 4:05:17 PM | Attr = ] Template -> C:\Documents and Settings\winroot\Application Data\Template -> [Folder | Modified Date = 8/19/2003 8:48:03 PM | Attr = ] VanDyke -> C:\Documents and Settings\winroot\Application Data\VanDyke -> [Folder | Modified Date = 8/20/2003 8:57:08 PM | Attr = ] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 4/11/2008 10:00:38 AM | Attr = S] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 8/28/2002 6:00:00 PM | Attr = RH ] MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 4/11/2008 2:25:00 AM | Attr = H ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/11/2008 12:28:01 PM | Attr = H ] SpyHunter Scanner.job -> C:\WINDOWS\Tasks\SpyHunter Scanner.job -> [Ver = | Size = 446 bytes | Modified Date = 4/11/2008 2:15:07 AM | Attr = ] XoftSpySE 2.job -> C:\WINDOWS\Tasks\XoftSpySE 2.job -> [Ver = | Size = 452 bytes | Modified Date = 4/11/2008 12:28:44 PM | Attr = ] XoftSpySE.job -> C:\WINDOWS\Tasks\XoftSpySE.job -> [Ver = | Size = 366 bytes | Modified Date = 4/11/2008 10:00:38 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]