[code] OTScanIt logfile created on: 4/27/2008 4:21:08 PM OTScanIt by OldTimer - Version 1.0.11.5 Folder = C:\Documents and Settings\Dan\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.42 Mb Total Physical Memory | 255.44 Mb Available Physical Memory | 49.95% Memory free 1.22 Gb Paging File | 1.01 Gb Available in Paging File | 82.91% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 70.63 Gb Total Space | 57.17 Gb Free Space | 80.94% Space Free | Partition Type: NTFS Drive D: | 3.89 Gb Total Space | 1.01 Gb Free Space | 25.84% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: YOUR-JBUYPAGWHK Current User Name: Dan Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 17272 bytes | Modified Date = 3/29/2008 11:11:18 AM | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 144760 bytes | Modified Date = 3/29/2008 11:37:02 AM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 5.13.01.2183 | Size = 57344 bytes | Modified Date = 9/14/2001 2:52:00 PM | Attr = ] pctspk.exe -> %SystemRoot%\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 3:36:54 PM | Attr = ] ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 247160 bytes | Modified Date = 3/29/2008 11:36:22 AM | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 345464 bytes | Modified Date = 3/29/2008 11:30:47 AM | Attr = ] acmonitor_x83.exe -> %ProgramFiles%\LexmarkX83\ACMonitor_X83.exe -> Jetsoft Development Company [Ver = 1, 0, 0, 1 | Size = 40960 bytes | Modified Date = 10/18/2001 11:25:18 AM | Attr = ] acbtnmgr_x83.exe -> %ProgramFiles%\LexmarkX83\AcBtnMgr_X83.exe -> Jetsoft Development Company [Ver = 1, 0, 0, 1 | Size = 53248 bytes | Modified Date = 6/14/2001 1:42:26 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ] hstrans.exe -> %ProgramFiles%\ACNielsen\Homescan Internet Transporter\HSTrans.exe -> ACNielsen [Ver = 3.0.03 | Size = 2064384 bytes | Modified Date = 5/11/2006 2:30:42 PM | Attr = H ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.11.5 | Size = 370688 bytes | Modified Date = 4/24/2008 4:30:38 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 17272 bytes | Modified Date = 3/29/2008 11:11:18 AM | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 144760 bytes | Modified Date = 3/29/2008 11:37:02 AM | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 247160 bytes | Modified Date = 3/29/2008 11:36:22 AM | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 345464 bytes | Modified Date = 3/29/2008 11:30:47 AM | Attr = ] (Compaq_RBA) Compaq Advisor [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\COMPAQ\Compaq Advisor\bin\compaq-rba.exe -> NeoPlanet [Ver = 1, 0, 0, 567 | Size = 221184 bytes | Modified Date = 8/29/2001 3:34:02 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] (NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 5.13.01.2183 | Size = 57344 bytes | Modified Date = 9/14/2001 2:52:00 PM | Attr = ] (Pctspk) PCTEL Speaker Phone [Win32_Own | Auto | Running] -> %SystemRoot%\system32\pctspk.exe -> PCtel, Inc. [Ver = 4.00 | Size = 86016 bytes | Modified Date = 8/17/2001 3:36:54 PM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/9/2003 1:31:02 PM | Attr = R ] [Driver Services - Non-Microsoft Only] (Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 26944 bytes | Modified Date = 3/29/2008 11:26:52 AM | Attr = ] (aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 20560 bytes | Modified Date = 3/29/2008 11:35:49 AM | Attr = ] (aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 94544 bytes | Modified Date = 3/29/2008 11:35:21 AM | Attr = ] (aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 23152 bytes | Modified Date = 3/29/2008 11:29:08 AM | Attr = ] (aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 75856 bytes | Modified Date = 3/29/2008 11:31:34 AM | Attr = ] (aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\system32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 42912 bytes | Modified Date = 3/29/2008 11:27:33 AM | Attr = ] (CdaD10BA) CdaD10BA [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\CdaD10BA.SYS -> Macrovision Europe Ltd [Ver = 3.17.000 | Size = 12464 bytes | Modified Date = 10/4/2006 3:53:47 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:17 PM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:16 PM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/18/2001 5:00:00 AM | Attr = ] (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 5.41.22.0000 built by: WinDDK | Size = 117760 bytes | Modified Date = 8/17/2001 5:12:10 AM | Attr = ] (FTDIBUS) USB Serial Converter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ftdibus.sys -> FTDI Ltd. [Ver = 1.00.2176 | Size = 28449 bytes | Modified Date = 12/19/2005 4:02:36 PM | Attr = ] (FTSER2K) USB Serial Port Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ftser2k.sys -> FTDI Ltd. [Ver = 1.00.2176 | Size = 60572 bytes | Modified Date = 12/19/2005 4:02:36 PM | Attr = ] (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\hpzid412.sys -> HP [Ver = 6, 0, 0, 0 | Size = 51024 bytes | Modified Date = 3/9/2003 1:31:00 PM | Attr = R ] (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 16080 bytes | Modified Date = 3/9/2003 1:31:02 PM | Attr = R ] (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> HP [Ver = 6, 0, 0, 0 | Size = 21456 bytes | Modified Date = 3/9/2003 1:31:02 PM | Attr = R ] (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 5.13.01.2183 | Size = 905097 bytes | Modified Date = 9/14/2001 11:51:59 AM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/18/2001 5:00:00 AM | Attr = ] (Ptserlp) PCTEL Serial Device Driver for PCI [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptserlp.sys -> PCTEL, INC. [Ver = 7.54.07 | Size = 112574 bytes | Modified Date = 8/17/2001 6:28:14 AM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr = ] (smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3030 | Size = 438200 bytes | Modified Date = 7/25/2001 4:40:30 PM | Attr = ] (Vmodem) XP Vmodem [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vmodem.sys -> PCTEL, INC. [Ver = 7.60.10A | Size = 604253 bytes | Modified Date = 8/17/2001 6:28:14 AM | Attr = ] (Vpctcom) XP Vpctcom [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vpctcom.sys -> PCtel, Inc. [Ver = 8.00-9K | Size = 397502 bytes | Modified Date = 8/17/2001 6:28:16 AM | Attr = ] (Vvoice) XP Vvoice [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\vvoice.sys -> PCtel, Inc. [Ver = 3.53.00 | Size = 64605 bytes | Modified Date = 8/17/2001 6:28:16 AM | Attr = ] (wandrv) WAN Network Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wandrv.sys -> America Online, Inc. [Ver = 6.0.0.8 | Size = 22608 bytes | Modified Date = 8/9/2001 5:25:22 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> First Principle Group -> %ProgramFiles%\First Principle Group\fpg.exe [C:\Program Files\First Principle Group\fpg.exe /s] -> File not found Lexmark X83 Button Manager -> %ProgramFiles%\LexmarkX83\AcBtnMgr_X83.exe [C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe] -> Jetsoft Development Company [Ver = 1, 0, 0, 1 | Size = 53248 bytes | Modified Date = 6/14/2001 1:42:26 PM | Attr = ] Lexmark X83 Button Monitor -> %ProgramFiles%\LexmarkX83\ACMonitor_X83.exe [C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe] -> Jetsoft Development Company [Ver = 1, 0, 0, 1 | Size = 40960 bytes | Modified Date = 10/18/2001 11:25:18 AM | Attr = ] MegaPanel -> %ProgramFiles%\ACNielsen\Homescan Internet Transporter\HSTrans.exe [C:\Program Files\ACNielsen\Homescan Internet Transporter\HSTrans.exe] -> ACNielsen [Ver = 3.0.03 | Size = 2064384 bytes | Modified Date = 5/11/2006 2:30:42 PM | Attr = H ] Microsoft Works Portfolio -> %ProgramFiles%\Microsoft Works\wkssb.exe [C:\Program Files\Microsoft Works\WksSb.exe /AllUsers] -> Microsoft® Corporation [Ver = 6.00.1902.0 | Size = 311350 bytes | Modified Date = 7/13/2000 1:00:00 PM | Attr = ] Microsoft Works Update Detection -> %ProgramFiles%\Microsoft Works\WkDetect.exe [C:\Program Files\Microsoft Works\WkDetect.exe] -> Microsoft® Corporation [Ver = 6.00.1828.1 | Size = 28739 bytes | Modified Date = 7/13/2000 1:00:00 PM | Attr = ] PrinTray -> %SystemRoot%\system32\spool\drivers\w32x86\3\printray.exe [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe] -> Lexmark [Ver = 1, 0, 0, 7 | Size = 36864 bytes | Modified Date = 10/25/2001 11:20:09 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr = ] srmclean -> %SystemDrive%\CPQS\scom\srmclean.exe [C:\Cpqs\Scom\srmclean.exe] -> [Ver = | Size = 36864 bytes | Modified Date = 7/24/2001 2:34:25 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_01\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 83608 bytes | Modified Date = 3/14/2007 3:43:44 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\hp psc 1000 series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.021 | Size = 147456 bytes | Modified Date = 4/9/2003 6:21:38 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 4/9/2003 6:11:12 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk -> %CommonProgramFiles%\Microsoft Shared\Works Shared\WkCalRem.exe -> Microsoft® Corporation [Ver = 6.00.1828.1 | Size = 24633 bytes | Modified Date = 7/13/2000 1:00:00 PM | Attr = ] < Dan Startup Folder > -> C:\Documents and Settings\Dan\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> -> -> File not found *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_LOCAL_MACHINE\: SearchURL\\ -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[Reg Error: Value provider does not exist or could not be read.] -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> yahoo.com -> HKEY_CURRENT_USER\: Search\\CustomizeSearch -> http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchcust.htm -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://ie.search.msn.com/{sub_rfc1766}/srchasst/srchasst.htm -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> .[msn] -> My Computer -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 4/16/2001 5:39:02 PM | Attr = H ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:41 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> Intertrust Technologies, Inc. [Ver = 1.0.0.32 | Size = 270336 bytes | Modified Date = 8/1/2001 5:05:42 PM | Attr = ] < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {0A66D4D4-0164-486A-B830-97E0FCCFB6ED} -> (1394 Net Adapter) -> {970F89D8-3C79-45F5-A9DF-9EC674B5EE43} -> (Intel(R) PRO/100 VM Network Connection) -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> {05D44720-58E3-49E6-BDF6-D00330E511D3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab[StagingUI Object] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> {33E54F7F-561C-49E6-929B-D7E76D3AFEB1}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v50/pool/pool.cab[Pool Control] -> {3BB54395-5982-4788-8AF4-B5388FFDD0D8}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab[ZoneBuddy Class] -> {512FC5A1-7DE1-43F1-BC0C-371622FCB409}[HKEY_LOCAL_MACHINE] -> http://www.nanoscan.com/as/cabs/ascstubie.cab[TotalScan Installer Class] -> {5445BE81-B796-11D2-B931-002018654E2E}[HKEY_LOCAL_MACHINE] -> http://livesupport.hotpeppercasino.com/system/web/view/live/messaging/ie/SecMgr.cab[MeadCo Security Manager] -> {5736C456-EA94-4AAC-BB08-917ABDD035B3}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab[ZonePAChat Object] -> {615F158E-D5CA-422F-A8E7-F6A5EED7063B}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v46/bejeweled/bejeweled.cab[Bejeweled Control] -> {62969CF2-0F7A-433B-A221-FD8818C06C2F}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab[Blockwerx Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {94299420-321F-4FF9-A247-62A23EBB640B}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab[WordMojo Control] -> {9903F4ED-B673-456A-A15F-ED90C7DE9EF5}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v46/sol/sol.cab[Sol Control] -> {AB86CE53-AC9F-449F-9399-D8ABCA09EC09}[HKEY_LOCAL_MACHINE] -> https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx[Get_ActiveX Control] -> {AC2881FD-5760-46DB-83AE-20A5C6432A7E}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v67/swapit/swapit.cab[SwapIt Control] -> {B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab[ZoneIntro Class] -> {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v42/tilecity/tilecity.cab[Tilecity Control] -> {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab[Reg Error: Key does not exist or could not be opened.] -> {C02226EB-A5D7-4B1F-BD7E-635E46C2288D}[HKEY_LOCAL_MACHINE] -> http://a.download.toontown.com/sv1.0.30.16/ttinst.cab[Toontown Installer ActiveX Control] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {D8089245-3211-40F6-819B-9E5E92CD61A2}[HKEY_LOCAL_MACHINE] -> https://jackpotflash.microgaming.com/jackpotflash/FlashAX.cab[FlashXControl Object] -> {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/binframework/v10/StProxy.cab41227.cab[StadiumProxy Class] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> Yahoo! Backgammon[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/clients/y/at1_x.cab[Reg Error: Key does not exist or could not be opened.] -> Yahoo! Literati[HKEY_LOCAL_MACHINE] -> http://download2.games.yahoo.com/games/clients/y/tt4_x.cab[Reg Error: Key does not exist or could not be opened.] -> Yahoo! Pinochle[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/clients/y/ut2_x.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bejeweled.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bejeweled.ocx\\.Owner -> {615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bejeweled.ocx\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bja.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bja.ocx\\.Owner -> {58FC4C77-71C2-4972-A8CD-78691AD85158} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bja.ocx\\{58FC4C77-71C2-4972-A8CD-78691AD85158} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/blockwerx.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/blockwerx.ocx\\.Owner -> {62969CF2-0F7A-433B-A221-FD8818C06C2F} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/blockwerx.ocx\\{62969CF2-0F7A-433B-A221-FD8818C06C2F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/brickout.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/brickout.ocx\\.Owner -> {2C153C75-8476-434B-B3C3-57B63A3D1939} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/brickout.ocx\\{2C153C75-8476-434B-B3C3-57B63A3D1939} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ascstubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ascstubie.dll\\.Owner -> {512FC5A1-7DE1-43F1-BC0C-371622FCB409} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/ascstubie.dll\\{512FC5A1-7DE1-43F1-BC0C-371622FCB409} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/libcomm.dll\\.Owner -> {512FC5A1-7DE1-43F1-BC0C-371622FCB409} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/libcomm.dll\\{512FC5A1-7DE1-43F1-BC0C-371622FCB409} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cubis.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cubis.ocx\\.Owner -> {97438FE9-D361-4279-BA82-98CC0877A717} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/cubis.ocx\\{97438FE9-D361-4279-BA82-98CC0877A717} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dinerdash.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dinerdash.ocx\\.Owner -> {C5326A4D-E9AA-40AD-A09A-E74304D86B47} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dinerdash.ocx\\{C5326A4D-E9AA-40AD-A09A-E74304D86B47} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dlhelper.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dlhelper.dll\\.Owner -> {AED98630-0251-4E83-917D-43A23D66D507} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dlhelper.dll\\{AED98630-0251-4E83-917D-43A23D66D507} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/freecell.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/freecell.ocx\\.Owner -> {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/freecell.ocx\\{6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FunGamesLoader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FunGamesLoader.dll\\.Owner -> {1A1F56AA-3401-46F9-B277-D57F3421F821} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FunGamesLoader.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/golfsol.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/golfsol.ocx\\.Owner -> {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/golfsol.ocx\\{E12EB891-D000-421B-A8ED-EDE1BDCA14A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hangman.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hangman.ocx\\.Owner -> {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hangman.ocx\\{B06CE1BC-5D9D-4676-BD28-1752DBF394E0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPGetDownloadManager.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPGetDownloadManager.ocx\\.Owner -> {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPGetDownloadManager.ocx\\{AB86CE53-AC9F-449F-9399-D8ABCA09EC09} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/jigsaw.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/jigsaw.ocx\\.Owner -> {41D1977F-4161-4720-800F-EA4903983A38} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/jigsaw.ocx\\{41D1977F-4161-4720-800F-EA4903983A38} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/luxor.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/luxor.ocx\\.Owner -> {A91FB93D-7561-4524-8484-5C27C8FA8D42} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/luxor.ocx\\{A91FB93D-7561-4524-8484-5C27C8FA8D42} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mines.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mines.ocx\\.Owner -> {04063354-A10E-4427-A1EC-F3CC81587BC6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mines.ocx\\{04063354-A10E-4427-A1EC-F3CC81587BC6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/paint.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/paint.ocx\\.Owner -> {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/paint.ocx\\{C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pool.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pool.ocx\\.Owner -> {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pool.ocx\\{33E54F7F-561C-49E6-929B-D7E76D3AFEB1} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/royal.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/royal.ocx\\.Owner -> {BB637307-92FA-47EC-B3F7-6969078673CC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/royal.ocx\\{BB637307-92FA-47EC-B3F7-6969078673CC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scrabblecubes.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scrabblecubes.ocx\\.Owner -> {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scrabblecubes.ocx\\{02A2D714-433E-46E4-B217-7C3B3FAF8EAE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/skillgam.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/skillgam.ocx\\.Owner -> {18C3FD15-74F6-4280-9C98-3590C966B7B8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/skillgam.ocx\\{18C3FD15-74F6-4280-9C98-3590C966B7B8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sol.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sol.ocx\\.Owner -> {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sol.ocx\\{9903F4ED-B673-456A-A15F-ED90C7DE9EF5} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\\.Owner -> {05D44720-58E3-49E6-BDF6-D00330E511D3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StagingUI.ocx\\{05D44720-58E3-49E6-BDF6-D00330E511D3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\\.Owner -> {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/StProxy.dll\\{DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swapit.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swapit.ocx\\.Owner -> {AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/swapit.ocx\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tilecity.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tilecity.ocx\\.Owner -> {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tilecity.ocx\\{BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ttinst.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ttinst.dll\\.Owner -> {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ttinst.dll\\{C02226EB-A5D7-4B1F-BD7E-635E46C2288D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wordmojo.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wordmojo.ocx\\.Owner -> {94299420-321F-4FF9-A247-62A23EBB640B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wordmojo.ocx\\{94299420-321F-4FF9-A247-62A23EBB640B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\.Owner -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwspades.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwspades.ocx\\.Owner -> {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwspades.ocx\\{E70E3E64-2793-4AEF-8CC8-F1606BE563B0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\\.Owner -> {3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZBuddy.ocx\\{3BB54395-5982-4788-8AF4-B5388FFDD0D8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\\.Owner -> {5736C456-EA94-4AAC-BB08-917ABDD035B3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPAChat.ocx\\{5736C456-EA94-4AAC-BB08-917ABDD035B3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPA_Backgammon.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPA_Backgammon.ocx\\.Owner -> {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZPA_Backgammon.ocx\\{FF3C5A9F-5A99-4930-80E8-4709194C2AD3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comintfs.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comintfs.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comintfs.dll\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comintfs.dll\\{E12EB891-D000-421B-A8ED-EDE1BDCA14A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/comintfs.dll\\{C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{2C153C75-8476-434B-B3C3-57B63A3D1939} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{E12EB891-D000-421B-A8ED-EDE1BDCA14A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{58FC4C77-71C2-4972-A8CD-78691AD85158} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{9903F4ED-B673-456A-A15F-ED90C7DE9EF5} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{62969CF2-0F7A-433B-A221-FD8818C06C2F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{41D1977F-4161-4720-800F-EA4903983A38} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{E70E3E64-2793-4AEF-8CC8-F1606BE563B0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{94299420-321F-4FF9-A247-62A23EBB640B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{97438FE9-D361-4279-BA82-98CC0877A717} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{33E54F7F-561C-49E6-929B-D7E76D3AFEB1} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{BB637307-92FA-47EC-B3F7-6969078673CC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{A91FB93D-7561-4524-8484-5C27C8FA8D42} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{18C3FD15-74F6-4280-9C98-3590C966B7B8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{02A2D714-433E-46E4-B217-7C3B3FAF8EAE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{04063354-A10E-4427-A1EC-F3CC81587BC6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{B06CE1BC-5D9D-4676-BD28-1752DBF394E0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{C5326A4D-E9AA-40AD-A09A-E74304D86B47} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{2C153C75-8476-434B-B3C3-57B63A3D1939} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{E12EB891-D000-421B-A8ED-EDE1BDCA14A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{58FC4C77-71C2-4972-A8CD-78691AD85158} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{9903F4ED-B673-456A-A15F-ED90C7DE9EF5} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{62969CF2-0F7A-433B-A221-FD8818C06C2F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{41D1977F-4161-4720-800F-EA4903983A38} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{E70E3E64-2793-4AEF-8CC8-F1606BE563B0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{94299420-321F-4FF9-A247-62A23EBB640B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{97438FE9-D361-4279-BA82-98CC0877A717} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{33E54F7F-561C-49E6-929B-D7E76D3AFEB1} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{BB637307-92FA-47EC-B3F7-6969078673CC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{A91FB93D-7561-4524-8484-5C27C8FA8D42} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{18C3FD15-74F6-4280-9C98-3590C966B7B8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{02A2D714-433E-46E4-B217-7C3B3FAF8EAE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{04063354-A10E-4427-A1EC-F3CC81587BC6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{B06CE1BC-5D9D-4676-BD28-1752DBF394E0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{C5326A4D-E9AA-40AD-A09A-E74304D86B47} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{AC2881FD-5760-46DB-83AE-20A5C6432A7E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{2C153C75-8476-434B-B3C3-57B63A3D1939} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{E12EB891-D000-421B-A8ED-EDE1BDCA14A0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{C93C1C34-CEA9-49B1-9046-040F59E0E0D8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{58FC4C77-71C2-4972-A8CD-78691AD85158} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{9903F4ED-B673-456A-A15F-ED90C7DE9EF5} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{615F158E-D5CA-422F-A8E7-F6A5EED7063B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{62969CF2-0F7A-433B-A221-FD8818C06C2F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{41D1977F-4161-4720-800F-EA4903983A38} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{E70E3E64-2793-4AEF-8CC8-F1606BE563B0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{94299420-321F-4FF9-A247-62A23EBB640B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{97438FE9-D361-4279-BA82-98CC0877A717} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{33E54F7F-561C-49E6-929B-D7E76D3AFEB1} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{BB637307-92FA-47EC-B3F7-6969078673CC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{A91FB93D-7561-4524-8484-5C27C8FA8D42} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{18C3FD15-74F6-4280-9C98-3590C966B7B8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{02A2D714-433E-46E4-B217-7C3B3FAF8EAE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{04063354-A10E-4427-A1EC-F3CC81587BC6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{B06CE1BC-5D9D-4676-BD28-1752DBF394E0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{C5326A4D-E9AA-40AD-A09A-E74304D86B47} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:43 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 10:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:43 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 7:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 9:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 688 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 7D 85 1F 7D 20 0B 2D 32 DD 27 2F 0C 8C 99 2B C8 63 62 32 31 31 35 37 35 00 00 00 00 01 00 00 00 BC 01 00 00 C0 01 00 00 40 CA 06 00 5B A5 BF 71 04 00 00 00 10 00 00 00 00 00 00 00 AB 43 5D 24 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> EC 7A CE 78 71 B8 C4 8B 4D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 54 DC 26 C7 41 0C [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 86 83 5C 63 91 B9 6E C8 CA C8 46 D3 63 B6 59 04 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> A4 7E 47 46 A2 A6 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 6F E3 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11615 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> -> -> Reg Error: Key does not exist or could not be opened. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{9BCC20E5-B7B5-41CA-9F86-F5857C28C194} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{970F89D8-3C79-45F5-A9DF-9EC674B5EE43} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{0A66D4D4-0164-486A-B830-97E0FCCFB6ED} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{510B8C46-049E-46AD-871C-5E7BFAB9A60B} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> Rpcss -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll [%systemroot%\system32\qmgr.dll] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11615 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> -> -> Reg Error: Key does not exist or could not be opened. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{9BCC20E5-B7B5-41CA-9F86-F5857C28C194} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{970F89D8-3C79-45F5-A9DF-9EC674B5EE43} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{0A66D4D4-0164-486A-B830-97E0FCCFB6ED} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{510B8C46-049E-46AD-871C-5E7BFAB9A60B} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> [Files/Folders - Created Within 30 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 4/24/2008 11:51:25 PM | Attr = ] 1 C:\*.tmp files -> C:\*.tmp -> Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 4/24/2008 11:26:35 PM | Attr = HS] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536334336 bytes | Created Date = 4/25/2008 5:24:08 PM | Attr = HS] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 4/24/2008 11:51:35 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 4/25/2008 5:20:09 PM | Attr = HS] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 20560 bytes | Created Date = 4/6/2008 12:22:05 PM | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 75856 bytes | Created Date = 4/6/2008 12:22:05 PM | Attr = ] LXASUSCI.INI -> %SystemRoot%\System32\LXASUSCI.INI -> [Ver = | Size = 62 bytes | Created Date = 2/16/2100 5:09:06 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 4/24/2008 11:54:14 PM | Attr = ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 4/24/2008 11:51:32 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 4/24/2008 11:51:32 PM | Attr = ] Lexmark_ICM.ini -> %SystemRoot%\Lexmark_ICM.ini -> [Ver = | Size = 821 bytes | Created Date = 2/24/2100 3:15:04 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 4/24/2008 11:51:33 PM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 4/24/2008 11:51:32 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 4/24/2008 11:51:33 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 4/24/2008 11:51:32 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 4/24/2008 11:51:32 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 4/24/2008 11:51:32 PM | Attr = ] X83_DS.ini -> %SystemRoot%\X83_DS.ini -> [Ver = | Size = 194 bytes | Created Date = 4/1/2100 6:22:34 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 4/24/2008 11:51:33 PM | Attr = ] [Files/Folders - Modified Within 30 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 4/25/2008 12:14:12 AM | Attr = ] 1 C:\*.tmp files -> C:\*.tmp -> Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/25/2008 12:02:03 AM | Attr = HS] data.cph -> %SystemDrive%\data.cph -> [Ver = | Size = 0 bytes | Modified Date = 4/25/2008 12:05:06 AM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536334336 bytes | Modified Date = 4/27/2008 4:14:11 PM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/26/2008 10:32:11 PM | Attr = RH ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 4/25/2008 12:13:55 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 4/25/2008 5:20:09 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/27/2008 4:15:05 PM | Attr = ] X83_DS.bmp -> %SystemDrive%\X83_DS.bmp -> [Ver = | Size = 32822 bytes | Modified Date = 4/27/2008 8:49:59 AM | Attr = ] aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 26944 bytes | Modified Date = 3/29/2008 11:26:52 AM | Attr = ] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 20560 bytes | Modified Date = 3/29/2008 11:35:49 AM | Attr = ] aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 94544 bytes | Modified Date = 3/29/2008 11:35:21 AM | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 23152 bytes | Modified Date = 3/29/2008 11:29:08 AM | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 75856 bytes | Modified Date = 3/29/2008 11:31:34 AM | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1169.0 | Size = 42912 bytes | Modified Date = 3/29/2008 11:27:33 AM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 4/25/2008 12:02:34 AM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 4/25/2008 12:02:34 AM | Attr = ] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 1146232 bytes | Modified Date = 3/29/2008 11:45:49 AM | Attr = ] AVASTSS.scr -> %SystemRoot%\System32\AVASTSS.scr -> ALWIL Software [Ver = 4, 8, 1169, 0 | Size = 95608 bytes | Modified Date = 3/29/2008 11:23:22 AM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 4/26/2008 11:06:11 PM | Attr = ] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 4/25/2008 12:00:42 AM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2626 bytes | Modified Date = 4/6/2008 12:22:05 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 4/9/2008 3:05:15 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 4/27/2008 1:05:26 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 211288 bytes | Modified Date = 4/9/2008 3:11:49 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 4/10/2008 6:28:04 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 4/27/2008 4:15:16 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/9/2008 3:05:21 AM | Attr = H ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ACMonitor_X83.ini -> %SystemRoot%\ACMonitor_X83.ini -> [Ver = | Size = 20 bytes | Modified Date = 4/27/2008 4:15:05 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 4/27/2008 4:14:13 PM | Attr = S] cdcert_casino_vegas.cat -> %SystemRoot%\cdcert_casino_vegas.cat -> [Ver = | Size = 684 bytes | Modified Date = 4/26/2008 3:14:39 AM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/25/2008 5:28:35 PM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 4/24/2008 11:59:29 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 4/24/2008 11:59:03 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 4/10/2008 7:01:57 PM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 4/9/2008 3:04:20 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 4/9/2008 3:05:18 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/25/2008 11:06:44 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/24/2008 11:26:44 PM | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 4/27/2008 8:49:24 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 4/10/2008 7:30:24 PM | Attr = H ] SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [Folder | Modified Date = 4/25/2008 12:02:03 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 285 bytes | Modified Date = 4/25/2008 12:03:06 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 4/27/2008 1:06:52 AM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/24/2008 11:26:37 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 4/27/2008 4:17:05 PM | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 4/10/2008 7:20:42 PM | Attr = R ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/10/2008 10:14:55 PM | Attr = ] X83_DS.ini -> %SystemRoot%\X83_DS.ini -> [Ver = | Size = 194 bytes | Modified Date = 4/27/2008 8:49:59 AM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 4/22/2008 8:19:02 PM | Attr = ] Comprobar actualizaciones de Windows Live Toolbar.job -> %SystemRoot%\tasks\Comprobar actualizaciones de Windows Live Toolbar.job -> [Ver = | Size = 250 bytes | Modified Date = 4/27/2008 4:02:27 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 4/27/2008 4:14:22 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 4/19/2002 2:52:34 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 4/10/2008 10:21:00 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5460 bytes | Modified Date = 4/10/2008 10:20:57 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 6/11/2002 10:06:32 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 12/31/2001 1:53:01 PM | Attr = ] wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 469616 bytes | Modified Date = 1/21/2008 11:54:28 PM | Attr = ] wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 469616 bytes | Modified Date = 1/21/2008 11:54:28 PM | Attr = ] C:\Documents and Settings\Dan\Local Settings\Temp\ -> C:\Documents and Settings\Dan\Local Settings\Temp -> [Folder | Modified Date = 4/27/2008 4:15:32 PM | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\Dan\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 143360 bytes | Modified Date = 2/17/2006 3:55:46 PM | Attr = ] _unps.exe -> C:\Documents and Settings\Dan\Local Settings\Temp\_unps.exe -> [Ver = | Size = 270336 bytes | Modified Date = 7/26/2007 6:42:41 PM | Attr = ] 4 C:\Documents and Settings\Dan\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dan\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Dan\Local Settings\Temp\WZSE0.TMP\ -> C:\Documents and Settings\Dan\Local Settings\Temp\WZSE0.TMP\ -> [Folder | Modified Date = 4/26/2008 10:22:03 PM | Attr = ] CFP_Setup_3.0.22.349_XP_Vista_x64.exe -> C:\Documents and Settings\Dan\Local Settings\Temp\WZSE0.TMP\CFP_Setup_3.0.22.349_XP_Vista_x64.exe -> COMODO [Ver = 1.0.0.1 | Size = 50937600 bytes | Modified Date = 4/18/2008 7:07:30 PM | Attr = ] C:\Documents and Settings\Dan\Local Settings\Temp\WZSE1.TMP\ -> C:\Documents and Settings\Dan\Local Settings\Temp\WZSE1.TMP\ -> [Folder | Modified Date = 4/26/2008 10:22:27 PM | Attr = ] CFP_Setup_3.0.22.349_XP_Vista_x64.exe -> C:\Documents and Settings\Dan\Local Settings\Temp\WZSE1.TMP\CFP_Setup_3.0.22.349_XP_Vista_x64.exe -> COMODO [Ver = 1.0.0.1 | Size = 50937600 bytes | Modified Date = 4/18/2008 7:07:30 PM | Attr = ] C:\Documents and Settings\Dan\Local Settings\Temp\CDIResData\ -> C:\Documents and Settings\Dan\Local Settings\Temp\CDIResData -> [Folder | Modified Date = 4/26/2008 11:05:23 PM | Attr = ] CDIRes.dll -> C:\Documents and Settings\Dan\Local Settings\Temp\CDIResData\CDIRes.dll -> [Ver = | Size = 1814528 bytes | Modified Date = 4/26/2008 10:31:25 PM | Attr = ] C:\Documents and Settings\Dan\Local Settings\Temp\ -> C:\Documents and Settings\Dan\Local Settings\Temp -> [Folder | Modified Date = 4/27/2008 4:15:32 PM | Attr = ] cfpinfo.ini -> C:\Documents and Settings\Dan\Local Settings\Temp\cfpinfo.ini -> [Ver = | Size = 0 bytes | Modified Date = 4/27/2008 12:37:28 AM | Attr = ] 4 C:\Documents and Settings\Dan\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Dan\Local Settings\Temp\*.tmp -> C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 4/27/2008 4:17:05 PM | Attr = ] Perflib_Perfdata_588.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_588.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/25/2008 11:00:32 PM | Attr = ] Perflib_Perfdata_58c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_58c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/27/2008 4:14:23 PM | Attr = ] Perflib_Perfdata_5ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5ac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/27/2008 1:07:12 AM | Attr = ] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c2170d07eef6.tif:Xj1phwzh5qcwungrN45kt3kiCe 904 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c2170d07eef6.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c21710ad102f.tif:Xj1phwzh5qcwungrN45kt3kiCe 892 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c21710ad102f.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c29c9aee53a1.tif:Xj1phwzh5qcwungrN45kt3kiCe 880 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c29c9aee53a1.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c29c9b85d7ed.tif:Xj1phwzh5qcwungrN45kt3kiCe 904 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c29c9b85d7ed.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c2a6e213f1f9.tif:Xj1phwzh5qcwungrN45kt3kiCe 944 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c2a6e213f1f9.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c2f27c53aabc.tif:Xj1phwzh5qcwungrN45kt3kiCe 964 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c2f27c53aabc.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c3138b1eddf3.tif:Xj1phwzh5qcwungrN45kt3kiCe 972 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c3138b1eddf3.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c31512546e5f.tif:Xj1phwzh5qcwungrN45kt3kiCe 944 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c31512546e5f.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c3159a8fa444.tif:Xj1phwzh5qcwungrN45kt3kiCe 1008 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c3159a8fa444.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c3167b03d44f.tif:Xj1phwzh5qcwungrN45kt3kiCe 1020 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c3167b03d44f.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c4104cc24a88.tif:Xj1phwzh5qcwungrN45kt3kiCe 908 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c4104cc24a88.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c4a1934e1722.tif:Xj1phwzh5qcwungrN45kt3kiCe 888 bytes C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\SentItems\S-1-5-21-1484400983-2845621009-2907011200-1006$201c4a1934e1722.tif:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dan\Desktop\GAMEZNFLIX.url:favicon 2238 bytes C:\Documents and Settings\Dan\Desktop\Super Mario 64 Walkthrough - IGN FAQs.url:favicon 3638 bytes C:\Documents and Settings\Dan\Favorites\aboutBLANK infection - cannot remove [CLOSED] - Geeks to Go!.url:favicon 1406 bytes C:\Documents and Settings\Dan\Favorites\Access Washington Home Page.url:favicon 822 bytes C:\Documents and Settings\Dan\Favorites\Ankle Sprain Causes, Symptoms, Diagnosis, Treatment and Prevention by eMedicineHealth.com.url:favicon 1150 bytes C:\Documents and Settings\Dan\Favorites\avast! antivirus software - computer virus, worm and Trojan protection by ALWIL Software.url:favicon 2862 bytes C:\Documents and Settings\Dan\Favorites\AVG Free Advisor Free anti-virus, anti-spyware and anti-malware tools.url:favicon 318 bytes C:\Documents and Settings\Dan\Favorites\MyDollarShop.com BackOffice.url:favicon 2238 bytes C:\Documents and Settings\Dan\Favorites\Naselle1 -.url:favicon 3638 bytes C:\Documents and Settings\Dan\Favorites\Dirt Devil Portable Spot Scrubber Shampooer - Wal-Mart.url:favicon 1406 bytes C:\Documents and Settings\Dan\Favorites\Divorce support for under 35's - Index.url:favicon 2198 bytes C:\Documents and Settings\Dan\Favorites\DSHS - Child Support Internet Payment Service.url:favicon 3638 bytes C:\Documents and Settings\Dan\Favorites\Enterprise Rent-A-Car Rental Cars at Everyday Low Rates.url:favicon 3262 bytes C:\Documents and Settings\Dan\Favorites\RTG No Deposit Reedem Codes (51 Codes) -.url:favicon 2238 bytes C:\Documents and Settings\Dan\Favorites\Skinit.com.url:favicon 1150 bytes C:\Documents and Settings\Dan\Favorites\TaxACT Online—Thank You - Prepare Your Taxes FREE Online!.url:favicon 1078 bytes C:\Documents and Settings\Dan\Favorites\b sports.url:favicon 6598 bytes C:\Documents and Settings\Dan\Favorites\Diabetes\children with DIABETES - Chat Rooms.url:favicon 1406 bytes C:\Documents and Settings\Dan\Favorites\Diabetes\Jack In The Box - Our Food.url:favicon 1406 bytes C:\Documents and Settings\Dan\Favorites\Diabetes\Medtronic MiniMed Online Store.url:favicon 1406 bytes C:\Documents and Settings\Dan\Favorites\On Your Site Builders, LLC Home Builders Contractors.url:favicon 822 bytes C:\Documents and Settings\Dan\Favorites\http--www.lib.utexas.edu-maps-united_states-ohio_90.jpg.url:favicon 1406 bytes C:\Documents and Settings\Dan\Favorites\http--www.uxcell.com-tracking-.url:favicon 1150 bytes C:\Documents and Settings\Dan\Favorites\Jobs\WorkSource Washington - Search Jobs, Post Resumes, Career Resources.url:favicon 3574 bytes C:\Documents and Settings\Dan\Favorites\Lots of viruses and malware - Geeks to Go!.url:favicon 1406 bytes C:\Documents and Settings\Dan\Favorites\Moola View Matching Page.url:favicon 1742 bytes C:\Documents and Settings\Dan\Favorites\Moto KRZR Review (Verizon) Skatter Tech.url:favicon 3638 bytes C:\Documents and Settings\Dan\Favorites\TracFone Nationwide Prepaid Wireless.url:favicon 1078 bytes C:\Documents and Settings\Dan\Favorites\BingoClasico EN.url:favicon 4286 bytes C:\Documents and Settings\Dan\Favorites\Check Point ZoneAlarm - Internet security products, online safety, software, protection.url:favicon 1150 bytes C:\Documents and Settings\Dan\Favorites\Ohio - Wikipedia, the free encyclopedia.url:favicon 318 bytes C:\Documents and Settings\Dan\Favorites\Ohio Geography - NETSTATE.url:favicon 1406 bytes C:\Documents and Settings\Dan\Favorites\pcRUSH.com - MP3-Portable Audio.url:favicon 318 bytes C:\Documents and Settings\Dan\Favorites\pinochle-yahoo.url:favicon 6598 bytes C:\Documents and Settings\Dan\Favorites\poker\Poker Forum - Welcome to the Poker Source Online Poker Forum.url:favicon 894 bytes C:\Documents and Settings\Dan\Favorites\poker\Online Poker Tournaments, FreeRolls & Best Deposit Bonus deals. Internet Poker Room Ratings by Players. Poker News.url:favicon 7406 bytes C:\Documents and Settings\Dan\Favorites\poker\P5s OT.url:favicon 13382 bytes C:\Documents and Settings\Dan\Favorites\poker\PocketFives.com Card Calculator.url:favicon 13382 bytes C:\Documents and Settings\Dan\Favorites\poker\PocketFives.com.url:favicon 1406 bytes C:\Documents and Settings\Dan\Favorites\poker\Pocketsevens Poker Page Home.url:favicon 894 bytes C:\Documents and Settings\Dan\Favorites\poker\Pro Football Pick'em.url:favicon 6598 bytes C:\Documents and Settings\Dan\Favorites\poker\The 2+2 Forums Viewing list of forums.url:favicon 318 bytes C:\Documents and Settings\Dan\Favorites\poker\poker news.url:favicon 7406 bytes C:\Documents and Settings\Dan\Favorites\Priceline.com - Travel, airline tickets, cheap flights, hotels, hotel rooms, rental cars, car rental.url:favicon 1406 bytes C:\Documents and Settings\Dan\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dan\My Documents\My Pictures\2007-05 (May)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dan\My Documents\My Pictures\2007-07 (Jul)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dan\My Documents\My Pictures\2007-11 (Nov)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dan\My Documents\My Pictures\2007-12 (Dec)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dan\My Documents\My Pictures\2008-01 (Jan)\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dan\My Documents\My Pictures\Picture\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Dan\My Documents\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 96 < End of report > [/code]