[code] OTScanIt logfile created on: 4/15/2008 2:33:09 AM OTScanIt by OldTimer - Version 1.0.9.0 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1021.44 Mb Total Physical Memory | 458.33 Mb Available Physical Memory | 44.87% Memory free 2.39 Gb Paging File | 1.94 Gb Available in Paging File | 81.25% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 228.23 Gb Total Space | 175.49 Gb Free Space | 76.89% Space Free | Partition Type: NTFS Drive D: | 4.64 Gb Total Space | 2.41 Gb Free Space | 51.85% Space Free | Partition Type: FAT32 Drive E: | 172.21 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive Z: | 298.09 Gb Total Space | 74.70 Gb Free Space | 25.06% Space Free | Partition Type: NTFS Computer Name: GATEWAY Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] btntservice.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = | Size = 166520 bytes | Modified Date = 9/30/2007 10:16:40 AM | Attr = ] ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ] gearsec.exe -> %SystemRoot%\system32\gearsec.exe -> GEAR Software [Ver = 1, 0, 0, 6 | Size = 53248 bytes | Modified Date = 7/29/2004 3:53:58 AM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 10/22/2006 1:22:00 PM | Attr = ] prismxl.sys -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 8/12/2005 1:11:58 PM | Attr = ] startskysolsvc.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -> [Ver = | Size = 51816 bytes | Modified Date = 9/30/2007 10:16:38 AM | Attr = ] tavsvc.exe -> %ProgramFiles%\Trend Micro\AntiVirus 2007\tavsvc.exe -> Trend Micro Inc. [Ver = 15.1.0.1206 | Size = 251408 bytes | Modified Date = 1/22/2007 1:49:55 AM | Attr = ] tmproxy.exe -> %ProgramFiles%\Trend Micro\AntiVirus 2007\components\TmProxy.exe -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 566872 bytes | Modified Date = 1/22/2007 1:49:24 AM | Attr = ] viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ] zhotkey.exe -> %SystemRoot%\zHotkey.exe -> [Ver = 3, 0, 0, 7 | Size = 543232 bytes | Modified Date = 5/3/2005 5:02:00 PM | Attr = ] cthelper.exe -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 41 | Size = 17920 bytes | Modified Date = 8/11/2006 3:56:02 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] tavui.exe -> %ProgramFiles%\Trend Micro\AntiVirus 2007\tavui.exe -> Trend Micro Inc. [Ver = 15.1.0.2002 | Size = 4609288 bytes | Modified Date = 7/5/2007 8:09:54 PM | Attr = ] sttray.exe -> D:\i386\Apps\App10949\stacgui\sttray.exe -> [Ver = | Size = 393216 bytes | Modified Date = 7/18/2005 6:49:16 PM | Attr = ] viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 5:38:18 PM | Attr = ] igfxsrvc.exe -> %SystemRoot%\system32\igfxsrvc.exe -> Intel Corporation [Ver = 3.0.0.4308 | Size = 155648 bytes | Modified Date = 4/25/2005 1:28:52 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 4/4/2008 12:24:38 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (BlueSoleil Hid Service) BlueSoleil Hid Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = | Size = 166520 bytes | Modified Date = 9/30/2007 10:16:40 AM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] (GEARSecurity) GEARSecurity [Win32_Own | Auto | Running] -> %SystemRoot%\system32\gearsec.exe -> GEAR Software [Ver = 1, 0, 0, 6 | Size = 53248 bytes | Modified Date = 7/29/2004 3:53:58 AM | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (lxbx_device) lxbx_device [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\lxbxcoms.exe -> Lexmark International, Inc. [Ver = 1.101.75.0 | Size = 462848 bytes | Modified Date = 1/6/2005 1:41:22 PM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 10/22/2006 1:22:00 PM | Attr = ] (PrismXL) PrismXL [Win32_Own | Auto | Running] -> %CommonProgramFiles%\New Boundary\PrismXL\PRISMXL.SYS -> New Boundary Technologies, Inc. [Ver = 6.0.1.22 | Size = 172032 bytes | Modified Date = 8/12/2005 1:11:58 PM | Attr = ] (QWAVE) QWAVE service [Win32_Shared | Unknown | Stopped] -> -> File not found (Start BT in service) Start BT in service [Win32_Own | Auto | Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\StartSkysolSvc.exe -> [Ver = | Size = 51816 bytes | Modified Date = 9/30/2007 10:16:38 AM | Attr = ] (tavsvc) Trend Micro AntiVirus Protection Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\AntiVirus 2007\tavsvc.exe -> Trend Micro Inc. [Ver = 15.1.0.1206 | Size = 251408 bytes | Modified Date = 1/22/2007 1:49:55 AM | Attr = ] (tmproxy) Trend Micro Proxy Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Trend Micro\AntiVirus 2007\components\TmProxy.exe -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 566872 bytes | Modified Date = 1/22/2007 1:49:24 AM | Attr = ] (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> CHotkey -> %SystemRoot%\zHotkey.exe [zHotkey.exe] -> [Ver = 3, 0, 0, 7 | Size = 543232 bytes | Modified Date = 5/3/2005 5:02:00 PM | Attr = ] CTHelper -> %SystemRoot%\CTHELPER.EXE [CTHELPER.EXE] -> Creative Technology Ltd [Ver = 2, 0, 0, 41 | Size = 17920 bytes | Modified Date = 8/11/2006 3:56:02 PM | Attr = ] CTxfiHlp -> %SystemRoot%\system32\CTXFIHLP.EXE [CTXFIHLP.EXE] -> Creative Technology Ltd [Ver = 2, 0, 1, 3 | Size = 18944 bytes | Modified Date = 8/11/2006 3:56:04 PM | Attr = ] HotKeysCmds -> d:\i386\apps\app10679\win2000\hkcmd.exe [d:\i386\apps\app10679\win2000\hkcmd.exe] -> [Ver = | Size = 77824 bytes | Modified Date = 4/25/2005 10:29:00 AM | Attr = ] IgfxTray -> d:\i386\apps\app10679\win2000\igfxtray.exe [d:\i386\apps\app10679\win2000\igfxtray.exe] -> [Ver = | Size = 94208 bytes | Modified Date = 4/25/2005 10:32:12 AM | Attr = ] IntelAudioStudio -> %ProgramFiles%\Intel Audio Studio\IntelAudioStudio.exe ["C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT] -> Intel Corporation [Ver = 1.05.0076 | Size = 7090176 bytes | Modified Date = 7/20/2005 3:55:24 AM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 10/22/2006 1:22:00 PM | Attr = ] Persistence -> d:\i386\apps\app10679\win2000\igfxpers.exe [d:\i386\apps\app10679\win2000\igfxpers.exe] -> [Ver = | Size = 114688 bytes | Modified Date = 4/25/2005 10:32:52 AM | Attr = ] SigmatelSysTrayApp -> D:\i386\Apps\App10949\stacgui\sttray.exe [D:\i386\Apps\App10949\stacgui\sttray.exe] -> [Ver = | Size = 393216 bytes | Modified Date = 7/18/2005 6:49:16 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] Trend Micro AntiVirus 2007 -> %ProgramFiles%\Trend Micro\AntiVirus 2007\tavui.exe [C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15] -> Trend Micro Inc. [Ver = 15.1.0.2002 | Size = 4609288 bytes | Modified Date = 7/5/2007 8:09:54 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl [C:\Program Files\AIM\aim.exe -cnetwait.odl] -> File not found < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 4:32:54 PM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> MySpaceIM -> %ProgramFiles%\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe] -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 4:32:54 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\] > -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl [C:\Program Files\AIM\aim.exe -cnetwait.odl] -> File not found < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < MCX1 Startup Folder > -> C:\Documents and Settings\MCX1\Start Menu\Programs\Startup -> < MCX2 Startup Folder > -> C:\Documents and Settings\MCX2\Start Menu\Programs\Startup -> < MCX3 Startup Folder > -> C:\Documents and Settings\MCX3\Start Menu\Programs\Startup -> < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> wbsys.dll -> %SystemRoot%\system32\wbsys.dll -> Stardock.Net, Inc [Ver = 4, 0, 0, 0 | Size = 36864 bytes | Modified Date = 2/26/2003 10:27:44 PM | Attr = ] *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006] > -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4308 | Size = 131072 bytes | Modified Date = 4/25/2005 1:28:06 PM | Attr = ] khffghf -> -> File not found WBSrv -> %ProgramFiles%\Stardock\Object Desktop\WindowBlinds\WbSrv.dll -> Stardock Corporation [Ver = 5, 0, 0, 1 | Size = 225280 bytes | Modified Date = 10/9/2006 12:40:38 PM | Attr = ] WRNotifier -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> C:\WINDOWS\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> C:\WINDOWS\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006] > -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive -> 0 -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://home.microsoft.com/search/lobby/search.asp -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://my.yahoo.com/index.html -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: SearchURL\\ -> http://www.google.com/keyword/%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\] > -> -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\: Main\\Start Page -> http://my.yahoo.com/index.html -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4162 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4166 domain(s) found. -> //@signup.mar@ .[money] -> My Computer -> download.windowsupdate_microsoft.com [https] -> Trusted sites -> update_microsoft.com [https] -> Trusted sites -> live_xbox.com [https] -> Trusted sites -> 37 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4161 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\] > -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4166 domain(s) found. -> //@signup.mar@ .[money] -> My Computer -> download.windowsupdate_microsoft.com [https] -> Trusted sites -> update_microsoft.com [https] -> Trusted sites -> live_xbox.com [https] -> Trusted sites -> 37 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\] > -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 63136 bytes | Modified Date = 9/24/2005 12:12:08 AM | Attr = ] {6C0DA5A5-A78C-4FD4-8293-BE0B786CA195} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ddayy.dll [Reg Error: Value does not exist or could not be read.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\] > -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell] -> File not found {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [ieSpell Options] -> File not found {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} [HKEY_LOCAL_MACHINE] -> [ieSpell] -> File not found CmdMapping\\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKEY_LOCAL_MACHINE] -> [ieSpell Options] -> File not found CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> Reg Error: Value does not exist or could not be read. -> File not found &ieSpell Options -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 1, 1, 325 | Size = 212992 bytes | Modified Date = 1/22/2005 11:51:43 AM | Attr = ] Check &Spelling -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 1, 1, 325 | Size = 212992 bytes | Modified Date = 1/22/2005 11:51:43 AM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> &Google Search -> Reg Error: Value does not exist or could not be read. -> File not found Backward Links -> Reg Error: Value does not exist or could not be read. -> File not found Cached Snapshot of Page -> Reg Error: Value does not exist or could not be read. -> File not found Similar Pages -> Reg Error: Value does not exist or could not be read. -> File not found Translate into English -> Reg Error: Value does not exist or could not be read. -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> &Google Search -> Reg Error: Value does not exist or could not be read. -> File not found Backward Links -> Reg Error: Value does not exist or could not be read. -> File not found Cached Snapshot of Page -> Reg Error: Value does not exist or could not be read. -> File not found Similar Pages -> Reg Error: Value does not exist or could not be read. -> File not found Translate into English -> Reg Error: Value does not exist or could not be read. -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\] > -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} [HKEY_LOCAL_MACHINE] -> [ieSpell] -> File not found CmdMapping\\{1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} [HKEY_LOCAL_MACHINE] -> [ieSpell Options] -> File not found CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\] > -> HKEY_USERS\S-1-5-21-1532077525-639112909-19953499-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> Reg Error: Value does not exist or could not be read. -> File not found &ieSpell Options -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 1, 1, 325 | Size = 212992 bytes | Modified Date = 1/22/2005 11:51:43 AM | Attr = ] Check &Spelling -> %ProgramFiles%\ieSpell\ieSpell.dll -> Red Egg Software [Ver = 2, 1, 1, 325 | Size = 212992 bytes | Modified Date = 1/22/2005 11:51:43 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {08CE0899-00F2-4A3D-BEFF-F68DC41C2F13} -> (Intel(R) PRO/100 VE Network Connection) -> {36C8303B-3DEB-45D2-AD83-54200AA333A4} -> (1394 Net Adapter) -> {4F5DD7D9-2EA1-43DF-AFA7-C15BFAFA1118} -> (1394 Net Adapter) -> {92289915-45ED-494A-A6B9-E8D60FD64102} -> (Linksys Wireless-G PCI Adapter) -> {EFE54419-BCF5-4AEC-A227-6E2BE517C74A} -> () -> {F6245F31-13E2-4ACD-86CC-A414D08C48B1} -> () -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000023 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000024 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000025 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000026 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000027 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000028 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000029 -> %SystemRoot%\system32\TmLsp.dll -> Trend Micro Inc. [Ver = 3.1.0.1013 | Size = 284240 bytes | Modified Date = 1/22/2007 1:52:14 AM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> Logitech Inc. [Ver = Version 8.1.1 (Build 50R) | Size = 28711 bytes | Modified Date = 3/6/2007 5:42:44 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 0, 22 | Size = 1717848 bytes | Modified Date = 2/7/2007 5:38:00 PM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15015/CTSUEng.cab[Creative Software AutoUpdate] -> {0B79F48A-E8D6-11DB-9283-E25056D89593}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.1] -> {0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://support.gateway.com/support/profiler/PCPitStop.CAB[PCPitstop Utility] -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab[CKAVWebScan Object] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {1F2F4C9E-6F09-47BC-970D-3C54734667FE}[HKEY_LOCAL_MACHINE] -> http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab[Reg Error: Key does not exist or could not be opened.] -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> {3451DEDE-631F-421C-8127-FD793AFC6CC8}[HKEY_LOCAL_MACHINE] -> https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab[Reg Error: Key does not exist or could not be opened.] -> {44990200-3C9D-426D-81DF-AAB636FA4345}[HKEY_LOCAL_MACHINE] -> https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab[Symantec SmartIssue] -> {44990301-3C9D-426D-81DF-AAB636FA4345}[HKEY_LOCAL_MACHINE] -> https://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab[Symantec Script Runner Class] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://by101w.bay101.mail.live.com/mail/resources/MsnPUpld.cab[MSN Photo Upload Tool] -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader3.cab[Facebook Photo Uploader 4 Control] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152376705893[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {9A57B18E-2F5D-11D5-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://support.gateway.com/support/serialharvest/gwCID.CAB[compid Class] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078}[HKEY_LOCAL_MACHINE] -> http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab[Reg Error: Key does not exist or could not be opened.] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15027/CTPID.cab[Creative Software AutoUpdate Support Package] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\.Owner -> {0B79F48A-E8D6-11DB-9283-E25056D89593} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ca.pub\\{0B79F48A-E8D6-11DB-9283-E25056D89593} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/SymAData.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/SymAData.dll\\.Owner -> {3451DEDE-631F-421C-8127-FD793AFC6CC8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/SymAData.dll\\{3451DEDE-631F-421C-8127-FD793AFC6CC8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\.Owner -> {F6ACF75C-C32C-447B-9BEF-46B766368D29} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\.Owner -> {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\.Owner -> {0B79F48A-E8D6-11DB-9283-E25056D89593} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/daas_s.dll\\{0B79F48A-E8D6-11DB-9283-E25056D89593} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fsauc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fsauc.dll\\.Owner -> {0B79F48A-E8D6-11DB-9283-E25056D89593} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fsauc.dll\\{0B79F48A-E8D6-11DB-9283-E25056D89593} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\.Owner -> {0B79F48A-E8D6-11DB-9283-E25056D89593} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/fscax.dll\\{0B79F48A-E8D6-11DB-9283-E25056D89593} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gwCID.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gwCID.dll\\.Owner -> {9A57B18E-2F5D-11D5-8997-00104BD12D94} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gwCID.dll\\{9A57B18E-2F5D-11D5-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\\.Owner -> {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader4.ocx\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LSSupCtl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LSSupCtl.dll\\.Owner -> {1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LSSupCtl.dll\\{1F2F4C9E-6F09-47BC-970D-3C54734667FE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sdclicense.txt\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sdclicense.txt\\.Owner -> {01010E00-5E80-11D8-9E86-0007E96C65AE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sdclicense.txt\\{01010E00-5E80-11D8-9E86-0007E96C65AE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\\.Owner -> {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SymAData.dll\\{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlsi.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlsi.dll\\.Owner -> {01010E00-5E80-11D8-9E86-0007E96C65AE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlsi.dll\\{01010E00-5E80-11D8-9E86-0007E96C65AE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlsr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlsr.dll\\.Owner -> {01012101-5E80-11D8-9E86-0007E96C65AE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlsr.dll\\{01012101-5E80-11D8-9E86-0007E96C65AE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/biosid.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/biosid.exe\\.Owner -> {9A57B18E-2F5D-11D5-8997-00104BD12D94} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/biosid.exe\\{9A57B18E-2F5D-11D5-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> finalfantasy7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\finalfantasy7 -> finalfantasy7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> finalfantasy7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\finalfantasy7 -> finalfantasy7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> finalfantasy7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\finalfantasy7 -> finalfantasy7 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 888 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [iissuba] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11477 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe -> C:\Program Files\MSN Messenger\msncall.exe [C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/6/2007 5:42:44 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 1/14/2008 3:45:52 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\ehome\ehshell.exe -> C:\WINDOWS\ehome\ehshell.exe [C:\WINDOWS\ehome\ehshell.exe:LocalSubNet:Enabled:Media Center] -> Microsoft Corporation [Ver = 5.1.2715.3011 (xpsp(wmbla).061009-1511) | Size = 3223552 bytes | Modified Date = 10/9/2006 5:19:14 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech Inc. [Ver = 2.52.21.16 | Size = 67128 bytes | Modified Date = 3/6/2007 5:42:44 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 2/4/2008 6:31:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> Lime Wire, LLC [Ver = 1, 0, 0, 2 | Size = 147456 bytes | Modified Date = 2/8/2008 5:32:57 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe -> C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil] -> IVT Corporation. [Ver = 2.7.0.8 | Size = 691720 bytes | Modified Date = 9/30/2007 10:16:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MySpace\IM\MySpaceIM.exe -> C:\Program Files\MySpace\IM\MySpaceIM.exe [C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM] -> [Ver = 1.0.754.0 | Size = 8699904 bytes | Modified Date = 2/1/2008 4:32:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3776:UDP -> 3776:UDP:*:Enabled:Media Center Extender Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3390:TCP -> 3390:TCP:*:Enabled:Remote Media Center Experience -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/10/2004 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] 71e45220678f3bac615f -> %SystemDrive%\71e45220678f3bac615f -> [Folder | Created Date = 3/28/2008 4:00:17 AM | Attr = ] 6 C:\*.tmp files -> C:\*.tmp -> ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 5/14/2008 5:39:41 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 5/13/2008 6:34:35 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071132672 bytes | Created Date = 4/9/2008 1:59:45 AM | Attr = HS] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 4/14/2008 7:59:51 PM | Attr = ] core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk -> [Ver = | Size = 932 bytes | Created Date = 4/14/2008 11:27:15 PM | Attr = ] lgusbbus.sys -> %SystemRoot%\System32\drivers\lgusbbus.sys -> LG Electronics Inc. [Ver = Ver 4.5 | Size = 20156 bytes | Created Date = 3/4/2008 3:15:20 AM | Attr = ] lgusbdiag.sys -> %SystemRoot%\System32\drivers\lgusbdiag.sys -> LG Electronics Inc. [Ver = Ver 4.5 | Size = 39328 bytes | Created Date = 3/4/2008 3:15:21 AM | Attr = ] lgusbmodem.sys -> %SystemRoot%\System32\drivers\lgusbmodem.sys -> LG Electronics Inc. [Ver = Ver 4.5 | Size = 39672 bytes | Created Date = 3/4/2008 3:15:21 AM | Attr = ] tmpreflt.sys -> %SystemRoot%\System32\drivers\tmpreflt.sys -> Trend Micro Inc. [Ver = 8.550.0.1001 | Size = 35856 bytes | Created Date = 3/9/2008 8:14:21 PM | Attr = ] aac_parser.ax -> %SystemRoot%\System32\aac_parser.ax -> [Ver = 1.1 | Size = 81920 bytes | Created Date = 2/13/2008 2:07:07 AM | Attr = RHS] abeacb8_s.ocx -> %SystemRoot%\System32\abeacb8_s.ocx -> [Ver = | Size = 41 bytes | Created Date = 2/6/2008 2:03:23 AM | Attr = ] ac3DX.ax -> %SystemRoot%\System32\ac3DX.ax -> [Ver = 1.01a | Size = 227328 bytes | Created Date = 2/13/2008 2:07:07 AM | Attr = RHS] AVCDX.ax -> %SystemRoot%\System32\AVCDX.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Created Date = 2/13/2008 2:07:07 AM | Attr = RHS] avisynth.dll -> %SystemRoot%\System32\avisynth.dll -> The Public [Ver = 2, 5, 8, 0 | Size = 318976 bytes | Created Date = 2/13/2008 2:07:30 AM | Attr = ] AVSredirect.dll -> %SystemRoot%\System32\AVSredirect.dll -> [Ver = | Size = 27648 bytes | Created Date = 2/13/2008 2:07:30 AM | Attr = ] CoreAAC.ax -> %SystemRoot%\System32\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Created Date = 2/13/2008 2:07:07 AM | Attr = RHS] devil.dll -> %SystemRoot%\System32\devil.dll -> Abysmal Software [Ver = 1.6.6 | Size = 719872 bytes | Created Date = 2/13/2008 2:07:30 AM | Attr = ] DiracSplitter.ax -> %SystemRoot%\System32\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Created Date = 2/13/2008 2:07:08 AM | Attr = RHS] DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 682496 bytes | Created Date = 3/31/2008 5:25:46 PM | Attr = ] DivXCodecVersionChecker.exe -> %SystemRoot%\System32\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 0,0,0,0 | Size = 161096 bytes | Created Date = 3/31/2008 5:25:52 PM | Attr = ] divxdec.ax -> %SystemRoot%\System32\divxdec.ax -> DivX, Inc. [Ver = 6.8.0.0 | Size = 630784 bytes | Created Date = 3/24/2008 3:45:56 PM | Attr = ] DivXMedia.ax -> %SystemRoot%\System32\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Created Date = 3/21/2008 4:28:42 PM | Attr = ] DivXsm.exe -> %SystemRoot%\System32\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Created Date = 3/21/2008 4:30:12 PM | Attr = ] divxsm.tlb -> %SystemRoot%\System32\divxsm.tlb -> [Ver = | Size = 4816 bytes | Created Date = 3/21/2008 4:30:12 PM | Attr = ] DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll -> [Ver = | Size = 12288 bytes | Created Date = 3/21/2008 4:28:20 PM | Attr = ] divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 823296 bytes | Created Date = 3/31/2008 5:25:48 PM | Attr = ] divx_xx0a.dll -> %SystemRoot%\System32\divx_xx0a.dll -> [Ver = | Size = 831488 bytes | Created Date = 3/31/2008 5:25:46 PM | Attr = ] divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 823296 bytes | Created Date = 3/31/2008 5:25:48 PM | Attr = ] divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 802816 bytes | Created Date = 3/31/2008 5:25:46 PM | Attr = ] dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 81920 bytes | Created Date = 3/21/2008 4:28:54 PM | Attr = ] dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest -> [Ver = | Size = 416 bytes | Created Date = 3/21/2008 4:28:54 PM | Attr = ] dpu10.dll -> %SystemRoot%\System32\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 3/21/2008 4:28:50 PM | Attr = ] dpu11.dll -> %SystemRoot%\System32\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 3/21/2008 4:28:50 PM | Attr = ] dpuGUI10.dll -> %SystemRoot%\System32\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 3/21/2008 4:28:52 PM | Attr = ] dpuGUI11.dll -> %SystemRoot%\System32\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 3/21/2008 4:28:50 PM | Attr = ] dpus11.dll -> %SystemRoot%\System32\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 3/21/2008 4:28:50 PM | Attr = ] dpv11.dll -> %SystemRoot%\System32\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 3/21/2008 4:28:50 PM | Attr = ] dtu100.dll -> %SystemRoot%\System32\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 196608 bytes | Created Date = 3/21/2008 4:28:54 PM | Attr = ] dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest -> [Ver = | Size = 416 bytes | Created Date = 3/21/2008 4:28:54 PM | Attr = ] dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 1/17/2008 11:56:48 AM | Attr = ] flvDX.dll -> %SystemRoot%\System32\flvDX.dll -> Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Created Date = 2/13/2008 2:07:08 AM | Attr = RHS] i420vfw.dll -> %SystemRoot%\System32\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 2/13/2008 2:07:30 AM | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 1/17/2008 11:56:49 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 5/14/2008 6:11:11 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 5/14/2008 6:11:11 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 5/14/2008 6:11:11 PM | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 2/8/2008 3:58:35 AM | Attr = ] 15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 3/21/2008 4:30:00 PM | Attr = ] MatroskaDX.ax -> %SystemRoot%\System32\MatroskaDX.ax -> Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Created Date = 2/13/2008 2:07:08 AM | Attr = RHS] memopitj.dll -> %SystemRoot%\System32\memopitj.dll -> On The Net Consolidated Services, S.A. [Ver = 4, 3, 0, 0 | Size = 430080 bytes | Created Date = 2/3/2008 1:15:56 PM | Attr = ] memoutji.dll -> %SystemRoot%\System32\memoutji.dll -> On The Net Consolidated Services, S.A. [Ver = 4, 3, 0, 0 | Size = 430080 bytes | Created Date = 2/3/2008 1:15:56 PM | Attr = ] msfDX.dll -> %SystemRoot%\System32\msfDX.dll -> Hans Mayerl [Ver = 2.02.2113 | Size = 31232 bytes | Created Date = 2/13/2008 2:07:08 AM | Attr = RHS] Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 1/17/2008 11:56:46 AM | Attr = ] qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Created Date = 3/21/2008 4:30:08 PM | Attr = ] RealMediaDX.ax -> %SystemRoot%\System32\RealMediaDX.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Created Date = 2/13/2008 2:07:08 AM | Attr = RHS] RLAPEDec.ax -> %SystemRoot%\System32\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Created Date = 2/13/2008 2:07:08 AM | Attr = RHS] RLMPCDec.ax -> %SystemRoot%\System32\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Created Date = 2/13/2008 2:07:08 AM | Attr = RHS] RLOgg.ax -> %SystemRoot%\System32\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Created Date = 2/13/2008 2:07:08 AM | Attr = RHS] RLSpeexDec.ax -> %SystemRoot%\System32\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Created Date = 2/13/2008 2:07:08 AM | Attr = RHS] RLTheoraDec.ax -> %SystemRoot%\System32\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Created Date = 2/13/2008 2:07:08 AM | Attr = RHS] RLVorbisDec.ax -> %SystemRoot%\System32\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Created Date = 2/13/2008 2:07:08 AM | Attr = RHS] SBFC.dat -> %SystemRoot%\System32\SBFC.dat -> [Ver = | Size = 0 bytes | Created Date = 2/23/2008 3:00:02 AM | Attr = ] SBRC.dat -> %SystemRoot%\System32\SBRC.dat -> [Ver = | Size = 0 bytes | Created Date = 2/23/2008 3:00:02 AM | Attr = ] Smab.dll -> %SystemRoot%\System32\Smab.dll -> [Ver = | Size = 399360 bytes | Created Date = 2/13/2008 2:07:30 AM | Attr = ] Smab0.dll -> %SystemRoot%\System32\Smab0.dll -> [Ver = | Size = 27648 bytes | Created Date = 2/13/2008 2:07:08 AM | Attr = HS] SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 1/17/2008 11:56:47 AM | Attr = ] ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 3/21/2008 4:30:00 PM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 4556 bytes | Created Date = 1/17/2008 11:58:01 AM | Attr = ] VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 1/17/2008 11:56:49 AM | Attr = ] VistaUltm.dll -> %SystemRoot%\System32\VistaUltm.dll -> [Ver = | Size = 151040 bytes | Created Date = 2/13/2008 2:07:08 AM | Attr = HS] WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 1/17/2008 11:56:49 AM | Attr = ] x.264.exe -> %SystemRoot%\System32\x.264.exe -> [Ver = | Size = 240128 bytes | Created Date = 2/13/2008 2:07:29 AM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Created Date = 3/28/2008 4:03:16 AM | Attr = ] yv12vfw.dll -> %SystemRoot%\System32\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 2/13/2008 2:07:30 AM | Attr = ] _BLOCK.WB4 -> %SystemRoot%\System32\_BLOCK.WB4 -> [Ver = | Size = 75944 bytes | Created Date = 4/14/2008 8:16:39 PM | Attr = ] crmtemp1.dat -> %SystemRoot%\crmtemp1.dat -> [Ver = | Size = 3856 bytes | Created Date = 1/25/2008 3:29:12 AM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 5/13/2008 6:35:16 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 4/14/2008 7:59:50 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 4/14/2008 7:59:50 PM | Attr = ] iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 5/14/2008 5:49:37 PM | Attr = ] meta4.exe -> %SystemRoot%\meta4.exe -> [Ver = | Size = 217073 bytes | Created Date = 2/13/2008 2:07:29 AM | Attr = ] MOTA113.exe -> %SystemRoot%\MOTA113.exe -> [Ver = | Size = 66560 bytes | Created Date = 2/13/2008 2:07:30 AM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 4/14/2008 7:59:50 PM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 4/14/2008 7:59:50 PM | Attr = ] super.chm -> %SystemRoot%\super.chm -> [Ver = | Size = 9884 bytes | Created Date = 2/13/2008 2:07:07 AM | Attr = H ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 4/14/2008 7:59:50 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 4/14/2008 7:59:50 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 4/14/2008 7:59:50 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 4/14/2008 7:59:50 PM | Attr = ] x2.64.exe -> %SystemRoot%\x2.64.exe -> [Ver = | Size = 502784 bytes | Created Date = 2/13/2008 2:07:29 AM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 4/14/2008 7:59:50 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Bluetooth -> %AllUsersProfile%\Application Data\Bluetooth -> [Folder | Created Date = 3/3/2008 4:20:39 PM | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 2/8/2008 3:58:35 AM | Attr = ] logs -> %AllUsersProfile%\Application Data\logs -> [Folder | Created Date = 2/9/2008 12:10:46 AM | Attr = ] MySpace -> %AppData%\MySpace -> [Folder | Created Date = 3/30/2008 3:46:15 AM | Attr = ] Sunbelt Software -> %AppData%\Sunbelt Software -> [Folder | Created Date = 2/8/2008 11:26:11 PM | Attr = ] ATF Cleaner.exe -> %UserProfile%\My Documents\ATF Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 4/7/2008 2:02:19 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\ATF Cleaner.exe:Zone.Identifier bitpim -> %UserProfile%\My Documents\bitpim -> [Folder | Created Date = 3/4/2008 2:55:16 AM | Attr = ] Bluetooth -> %UserProfile%\My Documents\Bluetooth -> [Folder | Created Date = 3/3/2008 4:20:39 PM | Attr = ] CyberLink -> %UserProfile%\My Documents\CyberLink -> [Folder | Created Date = 2/26/2008 8:32:56 PM | Attr = ] DSCN0658.MOV -> %UserProfile%\My Documents\DSCN0658.MOV -> [Ver = | Size = 28338532 bytes | Created Date = 3/2/2008 2:31:36 PM | Attr = ] Install Files -> %UserProfile%\My Documents\Install Files -> [Folder | Created Date = 1/16/2008 4:25:27 PM | Attr = ] LimeWire -> %UserProfile%\My Documents\LimeWire -> [Folder | Created Date = 1/16/2008 4:00:49 PM | Attr = ] Mock - Track 1.mp3 -> %UserProfile%\My Documents\Mock - Track 1.mp3 -> [Ver = | Size = 6762624 bytes | Created Date = 3/27/2008 10:31:16 PM | Attr = ] MySpaceIM Pics -> %UserProfile%\My Documents\MySpaceIM Pics -> [Folder | Created Date = 3/30/2008 3:46:56 AM | Attr = ] Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 12800 bytes | Created Date = 3/23/2008 7:56:15 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable DivX Converter.lnk -> %AllUsersProfile%\Desktop\DivX Converter.lnk -> [Ver = | Size = 810 bytes | Created Date = 5/11/2008 4:21:19 PM | Attr = ] DivX Player.lnk -> %AllUsersProfile%\Desktop\DivX Player.lnk -> [Ver = | Size = 799 bytes | Created Date = 3/9/2008 8:33:39 PM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1606 bytes | Created Date = 4/8/2008 3:40:47 AM | Attr = ] MySpaceIM.lnk -> %AllUsersProfile%\Desktop\MySpaceIM.lnk -> [Ver = | Size = 743 bytes | Created Date = 3/30/2008 3:46:16 AM | Attr = ] SUPER ©.lnk -> %AllUsersProfile%\Desktop\SUPER ©.lnk -> [Ver = | Size = 1669 bytes | Created Date = 2/13/2008 2:07:08 AM | Attr = ] Trend Micro AntiVirus 2007.lnk -> %AllUsersProfile%\Desktop\Trend Micro AntiVirus 2007.lnk -> [Ver = | Size = 1761 bytes | Created Date = 3/9/2008 8:13:56 PM | Attr = ] catchme.exe -> %UserProfile%\Desktop\catchme.exe -> [Ver = | Size = 140288 bytes | Created Date = 4/15/2008 2:29:52 AM | Attr = ] Combo-Fix.exe -> %UserProfile%\Desktop\Combo-Fix.exe -> [Ver = | Size = 1700404 bytes | Created Date = 5/14/2008 7:58:24 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Combo-Fix.exe:Zone.Identifier Cuddling.jpg -> %UserProfile%\Desktop\Cuddling.jpg -> [Ver = | Size = 73390 bytes | Created Date = 4/5/2008 3:41:07 AM | Attr = ] DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [Ver = | Size = 1473 bytes | Created Date = 5/11/2008 4:21:03 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 5/13/2008 6:33:12 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier heart afire.jpg -> %UserProfile%\Desktop\heart afire.jpg -> [Ver = | Size = 24603 bytes | Created Date = 4/5/2008 3:23:21 AM | Attr = ] heart.jpg -> %UserProfile%\Desktop\heart.jpg -> [Ver = | Size = 4857 bytes | Created Date = 4/5/2008 3:20:31 AM | Attr = ] kiss.jpg -> %UserProfile%\Desktop\kiss.jpg -> [Ver = | Size = 7247 bytes | Created Date = 4/5/2008 3:53:42 AM | Attr = ] LimeWire 4.16.6.lnk -> %UserProfile%\Desktop\LimeWire 4.16.6.lnk -> [Ver = | Size = 1584 bytes | Created Date = 2/13/2008 6:30:03 AM | Attr = ] MovedFiles -> %UserProfile%\Desktop\MovedFiles -> [Folder | Created Date = 4/15/2008 2:32:59 AM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 4/15/2008 2:29:52 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Created Date = 5/14/2008 7:57:30 PM | Attr = ] pepastm_MC_KK_1505_2008___2309710(1).xls -> %UserProfile%\Desktop\pepastm_MC_KK_1505_2008___2309710(1).xls -> [Ver = | Size = 285184 bytes | Created Date = 3/15/2008 1:47:28 AM | Attr = ] spooning.jpg -> %UserProfile%\Desktop\spooning.jpg -> [Ver = | Size = 107108 bytes | Created Date = 4/5/2008 3:31:49 AM | Attr = ] [Files/Folders - Modified Within 90 days] 71e45220678f3bac615f -> %SystemDrive%\71e45220678f3bac615f -> [Folder | Modified Date = 3/28/2008 4:00:18 AM | Attr = ] 6 C:\*.tmp files -> C:\*.tmp -> boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 209 bytes | Modified Date = 4/9/2008 3:38:02 AM | Attr = HS] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 5/14/2008 5:39:42 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 5/13/2008 6:34:35 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2/3/2008 3:04:54 AM | Attr = ] drmHeader.bin -> %SystemDrive%\drmHeader.bin -> [Ver = | Size = 3532 bytes | Modified Date = 1/16/2008 4:18:44 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1071132672 bytes | Modified Date = 4/14/2008 11:27:21 PM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/14/2008 5:49:37 PM | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 4/14/2008 11:38:23 PM | Attr = ] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 4/14/2008 11:27:40 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/14/2008 11:39:39 PM | Attr = ] core.cache.dsk -> %SystemRoot%\System32\drivers\core.cache.dsk -> [Ver = | Size = 167545 bytes | Modified Date = 4/14/2008 11:27:16 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 4/14/2008 11:27:33 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 4/14/2008 11:27:33 PM | Attr = ] A85807 -> %SystemRoot%\System32\A85807 -> [Ver = | Size = 4 bytes | Modified Date = 5/14/2008 2:15:49 AM | Attr = ] abeacb8_s.ocx -> %SystemRoot%\System32\abeacb8_s.ocx -> [Ver = | Size = 41 bytes | Modified Date = 4/5/2008 11:34:57 PM | Attr = ] BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\BMXBkpCtrlState-{00000004-00000000-00000000-00001102-00000004-20021102}.rfx -> [Ver = | Size = 30528 bytes | Modified Date = 5/14/2008 5:59:50 PM | Attr = ] BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\BMXCtrlState-{00000004-00000000-00000000-00001102-00000004-20021102}.rfx -> [Ver = | Size = 30528 bytes | Modified Date = 5/14/2008 5:59:50 PM | Attr = ] BMXState-{00000004-00000000-00000000-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\BMXState-{00000004-00000000-00000000-00001102-00000004-20021102}.rfx -> [Ver = | Size = 31056 bytes | Modified Date = 5/14/2008 5:59:50 PM | Attr = ] BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000004-20021102}.rfx -> [Ver = | Size = 31056 bytes | Modified Date = 5/14/2008 5:59:50 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 3/28/2008 4:23:54 AM | Attr = ] 15 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 4/14/2008 11:27:51 PM | Attr = ] DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 682496 bytes | Modified Date = 3/31/2008 5:25:46 PM | Attr = ] DivXCodecVersionChecker.exe -> %SystemRoot%\System32\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 0,0,0,0 | Size = 161096 bytes | Modified Date = 3/31/2008 5:25:52 PM | Attr = ] divxdec.ax -> %SystemRoot%\System32\divxdec.ax -> DivX, Inc. [Ver = 6.8.0.0 | Size = 630784 bytes | Modified Date = 3/24/2008 3:45:56 PM | Attr = ] DivXMedia.ax -> %SystemRoot%\System32\DivXMedia.ax -> DivXNetworks [Ver = 0.0.0.028 | Size = 352401 bytes | Modified Date = 3/21/2008 4:28:42 PM | Attr = ] DivXsm.exe -> %SystemRoot%\System32\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Modified Date = 3/21/2008 4:30:12 PM | Attr = ] divxsm.tlb -> %SystemRoot%\System32\divxsm.tlb -> [Ver = | Size = 4816 bytes | Modified Date = 3/21/2008 4:30:12 PM | Attr = ] DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll -> [Ver = | Size = 12288 bytes | Modified Date = 3/21/2008 4:28:20 PM | Attr = ] divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 823296 bytes | Modified Date = 3/31/2008 5:25:48 PM | Attr = ] divx_xx0a.dll -> %SystemRoot%\System32\divx_xx0a.dll -> [Ver = | Size = 831488 bytes | Modified Date = 3/31/2008 5:25:46 PM | Attr = ] divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 823296 bytes | Modified Date = 3/31/2008 5:25:48 PM | Attr = ] divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.2.6 | Size = 802816 bytes | Modified Date = 3/31/2008 5:25:46 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 4/9/2008 3:06:40 AM | Attr = RHS] dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 81920 bytes | Modified Date = 3/21/2008 4:28:54 PM | Attr = ] dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest -> [Ver = | Size = 416 bytes | Modified Date = 3/21/2008 4:28:54 PM | Attr = ] dpu10.dll -> %SystemRoot%\System32\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 3/21/2008 4:28:50 PM | Attr = ] dpu11.dll -> %SystemRoot%\System32\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 3/21/2008 4:28:50 PM | Attr = ] dpuGUI10.dll -> %SystemRoot%\System32\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Modified Date = 3/21/2008 4:28:52 PM | Attr = ] dpuGUI11.dll -> %SystemRoot%\System32\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Modified Date = 3/21/2008 4:28:50 PM | Attr = ] dpus11.dll -> %SystemRoot%\System32\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Modified Date = 3/21/2008 4:28:50 PM | Attr = ] dpv11.dll -> %SystemRoot%\System32\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Modified Date = 3/21/2008 4:28:50 PM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 4/14/2008 11:39:44 PM | Attr = ] dtu100.dll -> %SystemRoot%\System32\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 196608 bytes | Modified Date = 3/21/2008 4:28:54 PM | Attr = ] dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest -> [Ver = | Size = 416 bytes | Modified Date = 3/21/2008 4:28:54 PM | Attr = ] DVCState-{00000004-00000000-00000000-00001102-00000004-20021102}.rfx -> %SystemRoot%\System32\DVCState-{00000004-00000000-00000000-00001102-00000004-20021102}.rfx -> [Ver = | Size = 11564 bytes | Modified Date = 5/14/2008 5:59:50 PM | Attr = ] edcA18 -> %SystemRoot%\System32\edcA18 -> [Folder | Modified Date = 2/8/2008 11:59:29 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 3/28/2008 4:10:20 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 228800 bytes | Modified Date = 4/9/2008 3:17:59 AM | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 4/14/2008 11:31:42 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:35 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Modified Date = 2/22/2008 2:33:31 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Modified Date = 2/22/2008 1:23:39 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Modified Date = 2/22/2008 2:33:32 AM | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 2/8/2008 3:58:35 AM | Attr = ] libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 3/21/2008 4:30:00 PM | Attr = ] mcs.rma -> %SystemRoot%\System32\mcs.rma -> [Ver = | Size = 870128 bytes | Modified Date = 5/14/2008 2:15:49 AM | Attr = ] memopitj.dll -> %SystemRoot%\System32\memopitj.dll -> On The Net Consolidated Services, S.A. [Ver = 4, 3, 0, 0 | Size = 430080 bytes | Modified Date = 1/25/2008 11:07:30 AM | Attr = ] memoutji.dll -> %SystemRoot%\System32\memoutji.dll -> On The Net Consolidated Services, S.A. [Ver = 4, 3, 0, 0 | Size = 430080 bytes | Modified Date = 1/25/2008 11:07:30 AM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 88566 bytes | Modified Date = 4/14/2008 11:27:49 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 88978 bytes | Modified Date = 3/28/2008 4:05:37 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 493244 bytes | Modified Date = 3/28/2008 4:05:37 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 591246 bytes | Modified Date = 3/28/2008 4:05:37 AM | Attr = ] qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Modified Date = 3/21/2008 4:30:08 PM | Attr = ] SBFC.dat -> %SystemRoot%\System32\SBFC.dat -> [Ver = | Size = 0 bytes | Modified Date = 2/23/2008 3:00:02 AM | Attr = ] SBRC.dat -> %SystemRoot%\System32\SBRC.dat -> [Ver = | Size = 0 bytes | Modified Date = 2/23/2008 3:00:02 AM | Attr = ] settings.sfm -> %SystemRoot%\System32\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 5/14/2008 5:59:50 PM | Attr = ] settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 5/14/2008 5:59:50 PM | Attr = ] spool -> %SystemRoot%\System32\spool -> [Folder | Modified Date = 3/28/2008 4:00:40 AM | Attr = ] ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 3/21/2008 4:30:00 PM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 4556 bytes | Modified Date = 1/18/2008 12:23:56 AM | Attr = ] VistaUltm.dll -> %SystemRoot%\System32\VistaUltm.dll -> [Ver = | Size = 151040 bytes | Modified Date = 2/4/2008 3:26:34 PM | Attr = HS] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1170 bytes | Modified Date = 4/14/2008 11:29:16 PM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 3/28/2008 4:10:17 AM | Attr = ] ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Modified Date = 2/4/2008 8:09:21 PM | Attr = ] _BLOCK.WB4 -> %SystemRoot%\System32\_BLOCK.WB4 -> [Ver = | Size = 75944 bytes | Modified Date = 4/14/2008 8:16:39 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/9/2008 3:08:05 AM | Attr = H ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 3/28/2008 4:36:11 AM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/14/2008 11:27:23 PM | Attr = S] CDPlayer.ini -> %SystemRoot%\CDPlayer.ini -> [Ver = | Size = 45736 bytes | Modified Date = 3/1/2008 9:27:33 PM | Attr = ] crmtemp1.dat -> %SystemRoot%\crmtemp1.dat -> [Ver = | Size = 3856 bytes | Modified Date = 1/25/2008 3:29:12 AM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/13/2008 6:36:56 PM | Attr = S] ehome -> %SystemRoot%\ehome -> [Folder | Modified Date = 2/3/2008 2:46:18 AM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 4/14/2008 8:03:02 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 3/28/2008 4:03:12 AM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 4/8/2008 3:35:10 AM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 2/13/2008 12:10:30 AM | Attr = ] iis6.BAK -> %SystemRoot%\iis6.BAK -> [Ver = | Size = 2004692 bytes | Modified Date = 2/3/2008 2:45:56 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 4/9/2008 3:07:48 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/9/2008 3:09:16 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/14/2008 6:11:49 PM | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 2/4/2008 8:09:21 PM | Attr = ] iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 5/14/2008 5:49:23 PM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 3/28/2008 4:36:12 AM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 2/6/2008 9:20:11 PM | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 488 bytes | Modified Date = 5/14/2008 6:03:01 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/15/2008 2:30:30 AM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 5/13/2008 6:33:20 PM | Attr = ] super.chm -> %SystemRoot%\super.chm -> [Ver = | Size = 9884 bytes | Modified Date = 2/5/2008 1:04:02 PM | Attr = H ] system -> %SystemRoot%\system -> [Folder | Modified Date = 3/9/2008 7:19:14 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 4/14/2008 11:28:26 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 4/15/2008 2:29:02 AM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/14/2008 11:41:19 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 787 bytes | Modified Date = 4/9/2008 3:38:02 AM | Attr = ] wininit.ini -> %SystemRoot%\wininit.ini -> [Ver = | Size = 592 bytes | Modified Date = 1/18/2008 3:28:46 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2/8/2008 11:17:49 PM | Attr = ] {00000004-00000000-00000000-00001102-00000004-20021102}.BAK -> %SystemRoot%\{00000004-00000000-00000000-00001102-00000004-20021102}.BAK -> [Ver = | Size = 4958588 bytes | Modified Date = 2/8/2008 11:51:07 AM | Attr = ] {00000004-00000000-00000000-00001102-00000004-20021102}.CDF -> %SystemRoot%\{00000004-00000000-00000000-00001102-00000004-20021102}.CDF -> [Ver = | Size = 4958588 bytes | Modified Date = 2/8/2008 11:51:07 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/14/2008 11:27:26 PM | Attr = H ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 5/14/2008 6:08:07 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5342 bytes | Modified Date = 5/14/2008 6:08:06 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 7/8/2006 1:32:07 AM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11156 bytes | Modified Date = 7/8/2006 1:25:43 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 3/14/2007 5:19:39 PM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 167540 bytes | Modified Date = 3/14/2007 5:22:38 PM | Attr = ] Perflib_Perfdata_304.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_304.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/14/2008 11:27:42 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Bluetooth -> %AllUsersProfile%\Application Data\Bluetooth -> [Folder | Modified Date = 3/3/2008 4:21:03 PM | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 2/8/2008 3:58:35 AM | Attr = ] logs -> %AllUsersProfile%\Application Data\logs -> [Folder | Modified Date = 2/9/2008 12:10:46 AM | Attr = ] SecTaskMan -> %AllUsersProfile%\Application Data\SecTaskMan -> [Folder | Modified Date = 2/8/2008 5:29:49 AM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2/7/2008 9:37:32 PM | Attr = ] Trend Micro -> %AllUsersProfile%\Application Data\Trend Micro -> [Folder | Modified Date = 3/9/2008 8:15:22 PM | Attr = ] Viewpoint -> %AllUsersProfile%\Application Data\Viewpoint -> [Folder | Modified Date = 4/7/2008 8:12:35 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 3/23/2008 2:10:30 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %AppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 68208 bytes | Modified Date = 4/5/2008 2:05:25 AM | Attr = ] LimeWire -> %AppData%\LimeWire -> [Folder | Modified Date = 5/14/2008 2:28:57 AM | Attr = ] MySpace -> %AppData%\MySpace -> [Folder | Modified Date = 3/30/2008 3:46:15 AM | Attr = ] Sunbelt Software -> %AppData%\Sunbelt Software -> [Folder | Modified Date = 2/8/2008 11:26:11 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 5/14/2008 7:55:26 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 2/13/2008 4:11:15 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 190976 bytes | Modified Date = 5/11/2008 4:25:59 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 68208 bytes | Modified Date = 3/30/2008 3:46:54 AM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4268996 bytes | Modified Date = 1/17/2008 11:59:15 PM | Attr = H ] ATF Cleaner.exe -> %UserProfile%\My Documents\ATF Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 4/7/2008 2:02:19 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\ATF Cleaner.exe:Zone.Identifier bitpim -> %UserProfile%\My Documents\bitpim -> [Folder | Modified Date = 3/4/2008 3:29:36 AM | Attr = ] Bluetooth -> %UserProfile%\My Documents\Bluetooth -> [Folder | Modified Date = 3/3/2008 4:20:39 PM | Attr = ] CyberLink -> %UserProfile%\My Documents\CyberLink -> [Folder | Modified Date = 2/26/2008 8:32:56 PM | Attr = ] DSCN0658.MOV -> %UserProfile%\My Documents\DSCN0658.MOV -> [Ver = | Size = 28338532 bytes | Modified Date = 3/2/2008 2:31:36 PM | Attr = ] filelib -> %UserProfile%\My Documents\filelib -> [Folder | Modified Date = 4/11/2008 12:14:39 AM | Attr = ] Incomplete -> %UserProfile%\My Documents\Incomplete -> [Folder | Modified Date = 5/14/2008 2:30:16 AM | Attr = ] Install Files -> %UserProfile%\My Documents\Install Files -> [Folder | Modified Date = 1/16/2008 4:27:30 PM | Attr = ] LimeWire -> %UserProfile%\My Documents\LimeWire -> [Folder | Modified Date = 1/16/2008 4:01:18 PM | Attr = ] Mock - Track 1.mp3 -> %UserProfile%\My Documents\Mock - Track 1.mp3 -> [Ver = | Size = 6762624 bytes | Modified Date = 3/27/2008 10:31:33 PM | Attr = ] Moskau Ring.mp3 -> %UserProfile%\My Documents\Moskau Ring.mp3 -> [Ver = | Size = 975150 bytes | Modified Date = 3/16/2008 5:58:37 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 5/14/2008 2:40:07 AM | Attr = H ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 4/7/2008 1:52:31 AM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 3/8/2008 4:22:13 AM | Attr = R ] MySpaceIM Pics -> %UserProfile%\My Documents\MySpaceIM Pics -> [Folder | Modified Date = 3/30/2008 3:49:08 AM | Attr = ] Pass List.doc -> %UserProfile%\My Documents\Pass List.doc -> [Ver = | Size = 22016 bytes | Modified Date = 2/13/2008 1:58:47 PM | Attr = ] Reg10TrackingChart2007.xls -> %UserProfile%\My Documents\Reg10TrackingChart2007.xls -> [Ver = | Size = 280576 bytes | Modified Date = 4/5/2008 2:56:50 AM | Attr = ] Te Quiero Puta Ringtone.mp3 -> %UserProfile%\My Documents\Te Quiero Puta Ringtone.mp3 -> [Ver = | Size = 1111909 bytes | Modified Date = 3/16/2008 5:59:19 PM | Attr = ] Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 12800 bytes | Modified Date = 3/23/2008 7:56:16 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable DivX Converter.lnk -> %AllUsersProfile%\Desktop\DivX Converter.lnk -> [Ver = | Size = 810 bytes | Modified Date = 5/11/2008 4:21:19 PM | Attr = ] DivX Player.lnk -> %AllUsersProfile%\Desktop\DivX Player.lnk -> [Ver = | Size = 799 bytes | Modified Date = 5/11/2008 4:21:29 PM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1606 bytes | Modified Date = 4/8/2008 3:40:47 AM | Attr = ] MySpaceIM.lnk -> %AllUsersProfile%\Desktop\MySpaceIM.lnk -> [Ver = | Size = 743 bytes | Modified Date = 3/30/2008 3:46:16 AM | Attr = ] SUPER ©.lnk -> %AllUsersProfile%\Desktop\SUPER ©.lnk -> [Ver = | Size = 1669 bytes | Modified Date = 2/13/2008 2:07:08 AM | Attr = ] Trend Micro AntiVirus 2007.lnk -> %AllUsersProfile%\Desktop\Trend Micro AntiVirus 2007.lnk -> [Ver = | Size = 1761 bytes | Modified Date = 3/9/2008 8:13:56 PM | Attr = ] Winamp.lnk -> %AllUsersProfile%\Desktop\Winamp.lnk -> [Ver = | Size = 668 bytes | Modified Date = 3/30/2008 8:04:30 PM | Attr = ] Combo-Fix.exe -> %UserProfile%\Desktop\Combo-Fix.exe -> [Ver = | Size = 1700404 bytes | Modified Date = 5/14/2008 7:58:27 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Combo-Fix.exe:Zone.Identifier Cuddling.jpg -> %UserProfile%\Desktop\Cuddling.jpg -> [Ver = | Size = 73390 bytes | Modified Date = 4/5/2008 3:40:52 AM | Attr = ] DivX Movies.lnk -> %UserProfile%\Desktop\DivX Movies.lnk -> [Ver = | Size = 1473 bytes | Modified Date = 5/11/2008 4:21:03 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 5/13/2008 6:33:18 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier heart afire.jpg -> %UserProfile%\Desktop\heart afire.jpg -> [Ver = | Size = 24603 bytes | Modified Date = 4/5/2008 3:23:09 AM | Attr = ] heart.jpg -> %UserProfile%\Desktop\heart.jpg -> [Ver = | Size = 4857 bytes | Modified Date = 4/5/2008 3:20:16 AM | Attr = ] kiss.jpg -> %UserProfile%\Desktop\kiss.jpg -> [Ver = | Size = 7247 bytes | Modified Date = 4/5/2008 3:53:28 AM | Attr = ] LimeWire 4.16.6.lnk -> %UserProfile%\Desktop\LimeWire 4.16.6.lnk -> [Ver = | Size = 1584 bytes | Modified Date = 2/13/2008 6:30:03 AM | Attr = ] MovedFiles -> %UserProfile%\Desktop\MovedFiles -> [Folder | Modified Date = 4/15/2008 2:32:59 AM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 4/15/2008 2:31:24 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.9.0 | Size = 369152 bytes | Modified Date = 4/4/2008 12:24:38 PM | Attr = ] pepastm_MC_KK_1505_2008___2309710(1).xls -> %UserProfile%\Desktop\pepastm_MC_KK_1505_2008___2309710(1).xls -> [Ver = | Size = 285184 bytes | Modified Date = 3/28/2008 5:37:25 PM | Attr = ] spooning.jpg -> %UserProfile%\Desktop\spooning.jpg -> [Ver = | Size = 107108 bytes | Modified Date = 4/5/2008 3:31:42 AM | Attr = ] Extender Resource Monitor.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Extender Resource Monitor.lnk -> [Ver = | Size = 1565 bytes | Modified Date = 2/3/2008 2:46:19 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]