[code] OTScanIt logfile created on: 5/2/2008 9:47:28 PM OTScanIt by OldTimer - Version 1.0.11.12 Folder = C:\Documents and Settings\Sorin\Desktop\Malware new\OTScanIt Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1023.48 Mb Total Physical Memory | 642.58 Mb Available Physical Memory | 62.78% Memory free 3.90 Gb Paging File | 3.60 Gb Available in Paging File | 92.31% Paging File free Paging file location(s): C:\pagefile.sys 3072 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 29.29 Gb Total Space | 2.60 Gb Free Space | 8.89% Space Free | Partition Type: NTFS Drive D: | 78.13 Gb Total Space | 8.15 Gb Free Space | 10.43% Space Free | Partition Type: NTFS Drive E: | 125.46 Gb Total Space | 4.10 Gb Free Space | 3.27% Space Free | Partition Type: NTFS Drive F: | 39.06 Gb Total Space | 1.63 Gb Free Space | 4.17% Space Free | Partition Type: NTFS Drive G: | 111.79 Gb Total Space | 0.25 Gb Free Space | 0.22% Space Free | Partition Type: NTFS Drive H: | 109.99 Gb Total Space | 3.72 Gb Free Space | 3.38% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Computer Name: IBM Current User Name: Sorin Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 5/4/2005 10:22:48 AM | Attr = ] vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 75304 bytes | Modified Date = 3/13/2008 11:11:08 PM | Attr = ] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 4/20/2008 1:57:54 AM | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 5/4/2005 10:22:48 AM | Attr = ] dkservice.exe -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 11.0.693.0 | Size = 913408 bytes | Modified Date = 12/21/2006 5:09:00 PM | Attr = ] nod32krn.exe -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 16 | Size = 549256 bytes | Modified Date = 5/2/2007 8:19:44 AM | Attr = ] slserv.exe -> %SystemRoot%\system32\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 11/29/2001 4:10:28 PM | Attr = ] zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 919016 bytes | Modified Date = 3/13/2008 11:11:10 PM | Attr = ] winpatrol.exe -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe -> BillP Studios [Ver = 14, 0, 2007, 1 | Size = 316728 bytes | Modified Date = 1/27/2008 8:38:16 AM | Attr = ] wfwiz.exe -> %ProgramFiles%\WinFast\WFTVFM\WFWIZ.exe -> Leadtek Research Inc. [Ver = 5.13.01.2007-0212 | Size = 397312 bytes | Modified Date = 2/12/2007 5:22:24 PM | Attr = ] soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 54 | Size = 577536 bytes | Modified Date = 6/21/2006 6:42:44 AM | Attr = ] nod32kui.exe -> %ProgramFiles%\ESET\nod32kui.exe -> Eset [Ver = 2, 70, 16 | Size = 950664 bytes | Modified Date = 5/2/2007 8:19:44 AM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> SUPERAntiSpyware.com [Ver = 4, 0, 0, 1154 | Size = 1481968 bytes | Modified Date = 5/1/2008 10:09:17 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\Malware new\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.11.12 | Size = 371712 bytes | Modified Date = 5/1/2008 4:35:22 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 4/20/2008 1:57:54 AM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 9/6/2007 1:28:18 PM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 364544 bytes | Modified Date = 5/4/2005 10:22:48 AM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0024 | Size = 516096 bytes | Modified Date = 5/3/2005 9:05:00 PM | Attr = ] (Diskeeper) Diskeeper [Win32_Own | Auto | Running] -> %ProgramFiles%\Diskeeper Corporation\Diskeeper\DkService.exe -> Diskeeper Corporation [Ver = 11.0.693.0 | Size = 913408 bytes | Modified Date = 12/21/2006 5:09:00 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/14/2008 5:42:18 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 10.50.125 | Size = 73728 bytes | Modified Date = 10/22/2004 3:24:18 AM | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (ioloDMV) iolo DMV Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iolo\Common\Lib\ioloDMVSvc.exe -> [Ver = | Size = 504424 bytes | Modified Date = 12/7/2006 5:45:22 PM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 2:10:24 PM | Attr = ] (NOD32krn) NOD32 Kernel Service [Win32_Own | Auto | Running] -> %ProgramFiles%\ESET\nod32krn.exe -> Eset [Ver = 2, 70, 16 | Size = 549256 bytes | Modified Date = 5/2/2007 8:19:44 AM | Attr = ] (PinnacleSys.MediaServer) Pinnacle Systems Media Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe -> Pinnacle Systems [Ver = 1.1.232.0 | Size = 49152 bytes | Modified Date = 1/19/2006 9:22:20 AM | Attr = ] (RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 1.1.0808 | Size = 167936 bytes | Modified Date = 8/8/2005 1:54:00 PM | Attr = ] (ServiceLayer) ServiceLayer [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\PC Connectivity Solution\ServiceLayer.exe -> Nokia. [Ver = 6, 82, 69, 5 | Size = 212480 bytes | Modified Date = 2/8/2007 5:13:46 PM | Attr = ] (SLService) SmartLinkService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 11/29/2001 4:10:28 PM | Attr = ] (UleadBurningHelper) Ulead Burning Helper [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> File not found (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 75304 bytes | Modified Date = 3/13/2008 11:11:08 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> nod32kui -> %ProgramFiles%\ESET\nod32kui.exe ["C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE] -> Eset [Ver = 2, 70, 16 | Size = 950664 bytes | Modified Date = 5/2/2007 8:19:44 AM | Attr = ] SoundMan -> %SystemRoot%\soundman.exe [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 54 | Size = 577536 bytes | Modified Date = 6/21/2006 6:42:44 AM | Attr = ] WinFast Schedule -> %ProgramFiles%\WinFast\WFTVFM\WFWIZ.exe [C:\Program Files\WinFast\WFTVFM\WFWIZ.exe] -> Leadtek Research Inc. [Ver = 5.13.01.2007-0212 | Size = 397312 bytes | Modified Date = 2/12/2007 5:22:24 PM | Attr = ] WinPatrol -> %ProgramFiles%\BillP Studios\WinPatrol\WinPatrol.exe [C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot] -> BillP Studios [Ver = 14, 0, 2007, 1 | Size = 316728 bytes | Modified Date = 1/27/2008 8:38:16 AM | Attr = ] ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 919016 bytes | Modified Date = 3/13/2008 11:11:10 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 0, 0, 1154 | Size = 1481968 bytes | Modified Date = 5/1/2008 10:09:17 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\] > -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 0, 0, 1154 | Size = 1481968 bytes | Modified Date = 5/1/2008 10:09:17 AM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Eugen Startup Folder > -> C:\Documents and Settings\Eugen\Start Menu\Programs\Startup -> < Honey Startup Folder > -> C:\Documents and Settings\Honey\Start Menu\Programs\Startup -> < Maia Startup Folder > -> C:\Documents and Settings\Maia\Start Menu\Programs\Startup -> < Sorin Startup Folder > -> C:\Documents and Settings\Sorin\Start Menu\Programs\Startup -> < Tata Startup Folder > -> C:\Documents and Settings\Tata\Start Menu\Programs\Startup -> < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {fbeb8a05-beee-4442-804e-409d6c4515e9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [CDBurn] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003] > -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4115 | Size = 46080 bytes | Modified Date = 5/4/2005 10:23:56 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousMachineGroupPolicy -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousUserGroupPolicy -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\VerboseStatus -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\MaxRecentDocs -> 15 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\\RestrictToList -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{645FF040-5081-101B-9F08-00AA002F954E} -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003] > -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 0 -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 1 -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoBandCustomize -> 0 -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\MaxRecentDocs -> 15 -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\\RestrictToList -> 0 -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network\ -> -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{645FF040-5081-101B-9F08-00AA002F954E} -> 0 -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/14/2008 12:10:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVD-RAM_GSA-H54N_______________1.00____\5&121198bf&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [SET PATH=C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 95 bytes | Modified Date = 5/8/2007 10:40:03 AM | Attr = ] autoexec.E00 [SET PATH=C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter | ] -> %SystemDrive%\autoexec.E00 [ NTFS ] -> [Ver = | Size = 95 bytes | Modified Date = 5/8/2007 10:40:04 AM | Attr = ] autoexec.E01 [SET PATH=C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter | ] -> %SystemDrive%\autoexec.E01 [ NTFS ] -> [Ver = | Size = 95 bytes | Modified Date = 5/8/2007 10:40:04 AM | Attr = ] Autoruns [] -> %SystemDrive%\Autoruns [ NTFS ] -> [Folder | Modified Date = 4/21/2008 11:03:49 AM | Attr = ] < HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ncr -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\] > -> -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\: Main\\Local Page -> -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\: Main\\Start Page -> http://www.google.com/ncr -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\] > -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\] > -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {31FF080D-12A3-439A-A2EF-4BA95A3148E8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GetRight\xx2gr.dll [IE to GetRight Helper] -> Headlight Software, Inc. [Ver = 6.3a | Size = 246848 bytes | Modified Date = 7/18/2007 4:54:28 PM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\] > -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\] > -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {36ECAF82-3300-8F84-092E-AFF36D6C7040}:{86529161-034E-4F8A-88D2-3C625E612E04} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\WinHTTrack\WinHTTrackIEBar.dll [Run WinHTTrack] -> [Ver = 1, 0, 0, 1 | Size = 131072 bytes | Modified Date = 1/14/2007 2:57:38 PM | Attr = ] {85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 5/25/2006 2:22:06 AM | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{36ECAF82-3300-8F84-092E-AFF36D6C7040} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\WinHTTrack\WinHTTrackIEBar.dll [Run WinHTTrack] -> [Ver = 1, 0, 0, 1 | Size = 131072 bytes | Modified Date = 1/14/2007 2:57:38 PM | Attr = ] CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 5/25/2006 2:22:06 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.84 | Size = 4526144 bytes | Modified Date = 2/8/2007 11:49:42 AM | Attr = ] &D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.84 | Size = 4526144 bytes | Modified Date = 2/8/2007 11:49:42 AM | Attr = ] &D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.84 | Size = 4526144 bytes | Modified Date = 2/8/2007 11:49:42 AM | Attr = ] Download with GetRight -> %ProgramFiles%\GetRight\GRDownload.htm -> [Ver = | Size = 994 bytes | Modified Date = 3/29/2006 3:35:12 PM | Attr = ] Open with GetRight Browser -> %ProgramFiles%\GetRight\GRBrowse.htm -> [Ver = | Size = 977 bytes | Modified Date = 3/29/2006 3:35:12 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\] > -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\{36ECAF82-3300-8F84-092E-AFF36D6C7040} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\WinHTTrack\WinHTTrackIEBar.dll [Run WinHTTrack] -> [Ver = 1, 0, 0, 1 | Size = 131072 bytes | Modified Date = 1/14/2007 2:57:38 PM | Attr = ] CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 5/25/2006 2:22:06 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\] > -> HKEY_USERS\S-1-5-21-2000478354-1708537768-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> &D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.84 | Size = 4526144 bytes | Modified Date = 2/8/2007 11:49:42 AM | Attr = ] &D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.84 | Size = 4526144 bytes | Modified Date = 2/8/2007 11:49:42 AM | Attr = ] &D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.84 | Size = 4526144 bytes | Modified Date = 2/8/2007 11:49:42 AM | Attr = ] Download with GetRight -> %ProgramFiles%\GetRight\GRDownload.htm -> [Ver = | Size = 994 bytes | Modified Date = 3/29/2006 3:35:12 PM | Attr = ] Open with GetRight Browser -> %ProgramFiles%\GetRight\GRBrowse.htm -> [Ver = | Size = 977 bytes | Modified Date = 3/29/2006 3:35:12 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {3650D352-4083-4D09-B222-2CE4EDE601C8} -> (1394 Net Adapter) -> {746EE235-7CA4-4F54-9135-E2945E243183} -> 194.102.255.2,194.102.255.3 () -> {8A18BCA9-B982-4DED-A848-9357D1BE3235} -> () -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 16 | Size = 299392 bytes | Modified Date = 5/2/2007 8:19:45 AM | Attr = ] < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 27, 1 | Size = 1828440 bytes | Modified Date = 5/10/2007 4:09:14 PM | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0742B9EF-8C83-41CA-BFBA-830A59E23533}[HKEY_LOCAL_MACHINE] -> https://support.microsoft.com/OAS/ActiveX/MSDcode.cab[Reg Error: Key does not exist or could not be opened.] -> {0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://pcpitstop.com/pcpitstop/PCPitStop.CAB[Reg Error: Key does not exist or could not be opened.] -> {1EF9F042-C2EB-4293-8213-474CAEEF531D}[HKEY_LOCAL_MACHINE] -> http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB[TmHcmsX Control] -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://www.bitdefender.ro/scan_ro/scan8/oscan8.cab[BDSCANONLINE Control] -> {644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Reg Error: Key does not exist or could not be opened.] -> {9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39273.9904050926[Reg Error: Key does not exist or could not be opened.] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {E8F628B5-259A-4734-97EE-BA914D7BE941}[HKEY_LOCAL_MACHINE] -> http://driveragent.com/files/driveragent.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/driveragent.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/driveragent.ocx\\.Owner -> {E8F628B5-259A-4734-97EE-BA914D7BE941} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/driveragent.ocx\\{E8F628B5-259A-4734-97EE-BA914D7BE941} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HcmsL10NStr.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HcmsL10NStr.ini\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HcmsL10NStr.ini\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSDcode.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSDcode.dll\\.Owner -> {0742B9EF-8C83-41CA-BFBA-830A59E23533} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSDcode.dll\\{0742B9EF-8C83-41CA-BFBA-830A59E23533} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan8.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan8.ocx\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan8.ocx\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan81.ocx_x\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan81.ocx_x\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan81.ocx_x\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\.Owner -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcms.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcms.ini\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcms.ini\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHCMSMgr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHCMSMgr.dll\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHCMSMgr.dll\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ini\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ini\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ocx\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmHcmsX.ocx\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmSvcUrl.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmSvcUrl.ini\\.Owner -> {1EF9F042-C2EB-4293-8213-474CAEEF531D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TmSvcUrl.ini\\{1EF9F042-C2EB-4293-8213-474CAEEF531D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuctl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuctl.dll\\.Owner -> {9F1C11AA-197B-4942-BA54-47A8489BB47F} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuctl.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuengine.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuengine.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/iuengine.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pcpbios.exe\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/sysres.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/14/2008 5:42:02 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/14/2008 5:41:58 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/14/2008 5:42:02 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/14/2008 5:42:10 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 788 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/14/2008 5:42:04 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 94 A5 37 90 1A 96 01 02 70 CA 59 0B 75 E2 39 EB 61 62 66 33 62 32 34 35 00 68 07 00 01 00 00 00 D8 00 00 00 DC 00 00 00 48 FA 06 00 D6 48 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 CB 98 10 F7 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 95 A6 59 E0 C7 2E 17 EF B3 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 5F 81 3A CF 58 88 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 3/31/2003 3:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> DE 12 B1 F5 F4 92 D7 5C 6A 26 C3 0B BF 62 D9 06 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> FA 6A EA C9 66 AB C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 85 6B 19 D9 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 0C FF 1C D9 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 39 30 1E D9 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 5:42:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11545 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/14/2008 5:41:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/14/2008 5:42:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/14/2008 12:23:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\CNN Desktop Alerts\cnn.exe -> C:\Program Files\CNN Desktop Alerts\cnn.exe [C:\Program Files\CNN Desktop Alerts\cnn.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -> C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe [C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/14/2008 5:42:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/14/2008 12:23:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 4/14/2008 5:42:30 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> C:\Program Files\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Pinnacle\Studio 10\programs\RM.exe -> C:\Program Files\Pinnacle\Studio 10\programs\RM.exe [C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:*:Enabled:Render Manager] -> Pinnacle Systems, Inc. [Ver = 7.0.0.4245 | Size = 65536 bytes | Modified Date = 11/14/2006 11:53:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe -> C:\Program Files\Pinnacle\Studio 10\programs\studio.exe [C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:*:Enabled:Studio] -> Pinnacle Systems [Ver = 10.7.0.4245 | Size = 4571136 bytes | Modified Date = 11/14/2006 12:24:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe -> C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe [C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile] -> [Ver = 1.0.2090.28238 | Size = 24576 bytes | Modified Date = 9/21/2005 4:22:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Pinnacle\Studio 10\programs\umi.exe -> C:\Program Files\Pinnacle\Studio 10\programs\umi.exe [C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:*:Enabled:umi] -> Pinnacle Systems, Inc. [Ver = 7.0.0.4245 | Size = 77824 bytes | Modified Date = 11/14/2006 11:52:40 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\utorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> BitTorrent, Inc. [Ver = 1.8.0.8205 | Size = 262960 bytes | Modified Date = 2/28/2008 12:58:35 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.1.9 | Size = 19897640 bytes | Modified Date = 2/19/2008 2:10:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\H:\Azureus\utorrent-1.8-alpha-8205.upx.exe -> H:\Azureus\utorrent-1.8-alpha-8205.upx.exe [H:\Azureus\utorrent-1.8-alpha-8205.upx.exe:*:Enabled:µTorrent] -> BitTorrent, Inc. [Ver = 1.8.0.8205 | Size = 262960 bytes | Modified Date = 2/28/2008 12:58:35 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.6.0.248 | Size = 21898024 bytes | Modified Date = 2/1/2008 6:22:12 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\11892:TCP -> 11892:TCP:*:Enabled:BitComet 11892 TCP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\11892:UDP -> 11892:UDP:*:Enabled:BitComet 11892 UDP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundEchoRequest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 5:42:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/14/2008 5:42:12 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 5:42:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 4/14/2008 5:42:40 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] Autoruns -> %SystemDrive%\Autoruns -> [Folder | Created Date = 4/21/2008 11:03:47 AM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 4/21/2008 3:17:47 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073270784 bytes | Created Date = 5/1/2008 4:41:31 PM | Attr = HS] Log-uri -> %SystemDrive%\Log-uri -> [Folder | Created Date = 4/21/2008 3:36:08 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 4/21/2008 2:04:39 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 4/21/2008 3:19:13 PM | Attr = HS] savxpsa -> %SystemDrive%\savxpsa -> [Folder | Created Date = 4/20/2008 6:35:39 PM | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 4/22/2008 7:10:24 AM | Attr = ] Temporar -> %SystemDrive%\Temporar -> [Folder | Created Date = 4/20/2008 2:15:08 AM | Attr = ] ac97ali.sys -> %SystemRoot%\System32\dllcache\ac97ali.sys -> Acer Laboratories Inc. [Ver = 5.12.01.6003 | Size = 231552 bytes | Created Date = 2/26/2008 10:09:12 AM | Attr = ] ac97via.sys -> %SystemRoot%\System32\dllcache\ac97via.sys -> VIA Technologies, Inc. [Ver = 5.10.00.3622 built by: WinDDK | Size = 84480 bytes | Created Date = 2/26/2008 10:09:15 AM | Attr = ] admjoy.sys -> %SystemRoot%\System32\dllcache\admjoy.sys -> Aureal, Inc. [Ver = 5.12.01.1500 | Size = 10880 bytes | Created Date = 2/26/2008 10:09:23 AM | Attr = ] Dvd43.sys -> %SystemRoot%\System32\drivers\Dvd43.sys -> Fengtao Software Inc. [Ver = 2, 6, 0, 28 | Size = 35296 bytes | Created Date = 4/1/2008 11:07:55 PM | Attr = ] hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 5/1/2008 10:31:14 AM | Attr = ] klim5.sys -> %SystemRoot%\System32\drivers\klim5.sys -> Kaspersky Lab [Ver = 6.1.26.0 | Size = 24592 bytes | Created Date = 4/19/2008 8:42:46 AM | Attr = ] tmpreflt.sys -> %SystemRoot%\System32\drivers\tmpreflt.sys -> Trend Micro Inc. [Ver = 8.550.0.1001 | Size = 35856 bytes | Created Date = 4/17/2008 11:06:51 AM | Attr = ] tmxpflt.sys -> %SystemRoot%\System32\drivers\tmxpflt.sys -> Trend Micro Inc. [Ver = 8.550.0.1001 | Size = 202768 bytes | Created Date = 4/17/2008 11:06:52 AM | Attr = ] vsapint.sys -> %SystemRoot%\System32\drivers\vsapint.sys -> Trend Micro Inc. [Ver = 8.550-1001 | Size = 1126072 bytes | Created Date = 4/17/2008 11:06:56 AM | Attr = ] backuped -> %SystemRoot%\System32\backuped -> [Folder | Created Date = 4/20/2008 2:35:23 AM | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Created Date = 5/1/2008 10:38:49 AM | Attr = ] libeay32_0.9.6l.dll -> %SystemRoot%\System32\libeay32_0.9.6l.dll -> [Ver = | Size = 796048 bytes | Created Date = 4/19/2008 8:45:23 AM | Attr = ] netsoft.exe -> %SystemRoot%\System32\netsoft.exe -> [Ver = | Size = 446706 bytes | Created Date = 4/21/2008 12:10:36 AM | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 5/1/2008 10:38:54 AM | Attr = ] vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [Ver = | Size = 335 bytes | Created Date = 4/19/2008 8:45:16 AM | Attr = ] vsdata.dll -> %SystemRoot%\System32\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 83432 bytes | Created Date = 4/19/2008 8:44:54 AM | Attr = ] vsdatant.sys -> %SystemRoot%\System32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 394952 bytes | Created Date = 4/19/2008 8:45:16 AM | Attr = ] vsinit.dll -> %SystemRoot%\System32\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 161256 bytes | Created Date = 4/19/2008 8:44:54 AM | Attr = ] vsmonapi.dll -> %SystemRoot%\System32\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 103912 bytes | Created Date = 4/19/2008 8:45:17 AM | Attr = ] vspubapi.dll -> %SystemRoot%\System32\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 275944 bytes | Created Date = 4/19/2008 8:45:17 AM | Attr = ] vsregexp.dll -> %SystemRoot%\System32\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 71144 bytes | Created Date = 4/19/2008 8:45:23 AM | Attr = ] vsutil.dll -> %SystemRoot%\System32\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 472552 bytes | Created Date = 4/19/2008 8:44:54 AM | Attr = ] vswmi.dll -> %SystemRoot%\System32\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 46568 bytes | Created Date = 4/19/2008 8:45:18 AM | Attr = ] vsxml.dll -> %SystemRoot%\System32\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 99816 bytes | Created Date = 4/19/2008 8:45:17 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 12598 bytes | Created Date = 4/20/2008 8:59:04 AM | Attr = ] zlcomm.dll -> %SystemRoot%\System32\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 83432 bytes | Created Date = 4/19/2008 8:45:21 AM | Attr = ] zlcommdb.dll -> %SystemRoot%\System32\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 71144 bytes | Created Date = 4/19/2008 8:45:21 AM | Attr = ] ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Created Date = 4/19/2008 8:45:17 AM | Attr = ] zpeng24.dll -> %SystemRoot%\System32\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Created Date = 4/19/2008 8:45:17 AM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 4/21/2008 2:05:06 PM | Attr = ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 4/21/2008 2:16:33 PM | Attr = ] eSellerateControl350.dll -> %SystemRoot%\eSellerateControl350.dll -> eSellerate Inc. [Ver = 3.5.0.0 | Size = 81920 bytes | Created Date = 4/20/2008 2:35:25 AM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 4/21/2008 2:04:34 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 4/21/2008 2:04:34 PM | Attr = ] Irremote.ini -> %SystemRoot%\Irremote.ini -> [Ver = | Size = 0 bytes | Created Date = 2/10/2008 3:14:15 PM | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 5/1/2008 10:38:50 AM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Created Date = 3/19/2008 8:55:32 AM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 4/21/2008 2:04:34 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 3/5/2008 3:42:18 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 3/5/2008 3:42:18 PM | Attr = H ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 4/21/2008 2:04:34 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 4/21/2008 2:04:34 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 4/21/2008 2:04:34 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 4/21/2008 2:04:34 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 4/21/2008 3:11:03 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 4/21/2008 2:04:34 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 4/21/2008 2:04:34 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Avg8 -> %AllUsersProfile%\Application Data\Avg8 -> [Folder | Created Date = 5/2/2008 9:32:40 PM | Attr = ] 24 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> F-Secure -> %AllUsersProfile%\Application Data\F-Secure -> [Folder | Created Date = 4/17/2008 11:22:12 AM | Attr = ] fssg -> %AllUsersProfile%\Application Data\fssg -> [Folder | Created Date = 4/17/2008 11:14:45 AM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 2/8/2008 12:28:27 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 4/25/2008 8:48:43 AM | Attr = ] Sophos -> %AllUsersProfile%\Application Data\Sophos -> [Folder | Created Date = 4/20/2008 6:42:50 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 4/18/2008 10:16:46 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 4/25/2008 9:15:19 AM | Attr = ] Trend Micro -> %AllUsersProfile%\Application Data\Trend Micro -> [Folder | Created Date = 4/16/2008 11:02:57 PM | Attr = ] Ahead -> %AppData%\Ahead -> [Folder | Created Date = 3/17/2008 11:39:18 AM | Attr = ] AVGTOOLBAR -> %AppData%\AVGTOOLBAR -> [Folder | Created Date = 4/21/2008 10:12:53 PM | Attr = ] F-Secure -> %AppData%\F-Secure -> [Folder | Created Date = 4/17/2008 11:28:34 AM | Attr = ] GetRight -> %AppData%\GetRight -> [Folder | Created Date = 3/8/2008 9:58:59 AM | Attr = ] GetRight.cok -> %AppData%\GetRight.cok -> [Ver = | Size = 93 bytes | Created Date = 3/21/2008 9:25:59 AM | Attr = ] GetRight.hst -> %AppData%\GetRight.hst -> [Ver = | Size = 361 bytes | Created Date = 3/21/2008 9:25:48 AM | Attr = ] GetRight.lst -> %AppData%\GetRight.lst -> [Ver = | Size = 1177 bytes | Created Date = 3/8/2008 7:52:30 PM | Attr = ] GetRightToGo -> %AppData%\GetRightToGo -> [Folder | Created Date = 3/8/2008 9:58:10 AM | Attr = ] GRFolder.ini -> %AppData%\GRFolder.ini -> [Ver = | Size = 486 bytes | Created Date = 3/8/2008 10:00:31 AM | Attr = ] GRGames.ini -> %AppData%\GRGames.ini -> [Ver = | Size = 28 bytes | Created Date = 3/8/2008 7:52:30 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 4/25/2008 8:48:55 AM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 4/25/2008 9:15:08 AM | Attr = ] True Sword -> %AppData%\True Sword -> [Folder | Created Date = 4/20/2008 2:35:43 AM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Created Date = 2/28/2008 5:30:03 PM | Attr = ] WinPatrol -> %AppData%\WinPatrol -> [Folder | Created Date = 4/20/2008 12:36:01 AM | Attr = ] Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [Folder | Created Date = 3/17/2008 11:36:43 AM | Attr = ] Sophos -> %UserProfile%\Local Settings\Application Data\Sophos -> [Folder | Created Date = 4/20/2008 7:11:35 PM | Attr = ] Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk -> [Ver = | Size = 1800 bytes | Created Date = 4/20/2008 1:56:08 AM | Attr = ] Ad-Watch 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Watch 2007.lnk -> [Ver = | Size = 1800 bytes | Created Date = 4/20/2008 1:56:08 AM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 706 bytes | Created Date = 4/25/2008 8:48:45 AM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 790 bytes | Created Date = 4/25/2008 9:15:09 AM | Attr = ] 8-cell.gif -> %UserProfile%\Desktop\8-cell.gif -> [Ver = | Size = 640422 bytes | Created Date = 4/1/2008 9:26:39 AM | Attr = ] Alex -> %UserProfile%\Desktop\Alex -> [Folder | Created Date = 3/3/2008 1:03:57 AM | Attr = ] AVG 8.0 -> %UserProfile%\Desktop\AVG 8.0 -> [Folder | Created Date = 4/21/2008 10:09:26 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1771601 bytes | Created Date = 4/21/2008 2:03:09 PM | Attr = ] Fifa 2008 -> %UserProfile%\Desktop\Fifa 2008 -> [Folder | Created Date = 4/22/2008 6:50:24 PM | Attr = ] HijackThis v2 -> %UserProfile%\Desktop\HijackThis v2 -> [Folder | Created Date = 4/21/2008 12:43:53 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1744 bytes | Created Date = 4/21/2008 12:44:28 PM | Attr = ] ItsyBitsy Copaci -> %UserProfile%\Desktop\ItsyBitsy Copaci -> [Folder | Created Date = 4/5/2008 11:28:43 PM | Attr = ] Malware new -> %UserProfile%\Desktop\Malware new -> [Folder | Created Date = 5/2/2008 8:20:51 AM | Attr = ] Malware tools -> %UserProfile%\Desktop\Malware tools -> [Folder | Created Date = 4/21/2008 1:46:37 PM | Attr = ] Nero clean tool -> %UserProfile%\Desktop\Nero clean tool -> [Folder | Created Date = 3/2/2008 2:20:12 PM | Attr = ] New Folder -> %UserProfile%\Desktop\New Folder -> [Folder | Created Date = 4/22/2008 6:50:23 PM | Attr = ] Nice ass.gif -> %UserProfile%\Desktop\Nice ass.gif -> [Ver = | Size = 1084497 bytes | Created Date = 3/19/2008 9:26:58 AM | Attr = ] Process monitor 1.3 Microsoft -> %UserProfile%\Desktop\Process monitor 1.3 Microsoft -> [Folder | Created Date = 4/20/2008 3:35:31 PM | Attr = ] Sex -> %UserProfile%\Desktop\Sex -> [Folder | Created Date = 2/20/2008 9:52:49 AM | Attr = ] Sophos Anti rootkit -> %UserProfile%\Desktop\Sophos Anti rootkit -> [Folder | Created Date = 4/20/2008 6:07:09 PM | Attr = ] Sophos antivirus trial -> %UserProfile%\Desktop\Sophos antivirus trial -> [Folder | Created Date = 4/20/2008 6:06:06 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 973 bytes | Created Date = 4/18/2008 10:16:54 PM | Attr = ] True Sword.lnk -> %UserProfile%\Desktop\True Sword.lnk -> [Ver = | Size = 1608 bytes | Created Date = 4/20/2008 2:35:29 AM | Attr = ] unzip.gif -> %UserProfile%\Desktop\unzip.gif -> [Ver = | Size = 164693 bytes | Created Date = 3/19/2008 9:23:12 AM | Attr = ] Utorrent 1.8 beta -> %UserProfile%\Desktop\Utorrent 1.8 beta -> [Folder | Created Date = 2/28/2008 10:36:03 AM | Attr = ] WinPatrol -> %UserProfile%\Desktop\WinPatrol -> [Folder | Created Date = 4/20/2008 12:35:23 AM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 4/25/2008 8:47:56 AM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 4/20/2008 1:55:38 AM | Attr = ] AVG -> %ProgramFiles%\AVG -> [Folder | Created Date = 4/21/2008 10:12:46 PM | Attr = ] BillP Studios -> %ProgramFiles%\BillP Studios -> [Folder | Created Date = 4/20/2008 12:35:44 AM | Attr = ] F-Secure Internet Security -> %ProgramFiles%\F-Secure Internet Security -> [Folder | Created Date = 4/17/2008 11:21:40 AM | Attr = ] GetRight -> %ProgramFiles%\GetRight -> [Folder | Created Date = 3/8/2008 9:58:48 AM | Attr = ] iPod -> %ProgramFiles%\iPod -> [Folder | Created Date = 3/5/2008 3:41:38 PM | Attr = ] iTunes -> %ProgramFiles%\iTunes -> [Folder | Created Date = 3/5/2008 3:41:27 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 4/25/2008 8:48:40 AM | Attr = ] Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight -> [Folder | Created Date = 4/20/2008 3:35:21 PM | Attr = ] Nero -> %ProgramFiles%\Nero -> [Folder | Created Date = 3/17/2008 11:13:11 AM | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 4/21/2008 4:17:36 PM | Attr = ] Safari -> %ProgramFiles%\Safari -> [Folder | Created Date = 4/5/2008 2:25:46 PM | Attr = ] Sophos -> %ProgramFiles%\Sophos -> [Folder | Created Date = 4/20/2008 6:07:18 PM | Attr = ] Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [Folder | Created Date = 4/18/2008 10:16:46 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 4/25/2008 9:15:08 AM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 4/21/2008 12:44:27 PM | Attr = ] True Sword 4 -> %ProgramFiles%\True Sword 4 -> [Folder | Created Date = 4/20/2008 2:35:23 AM | Attr = ] uTorrent -> %ProgramFiles%\uTorrent -> [Folder | Created Date = 2/28/2008 5:32:22 PM | Attr = ] Zone Labs -> %ProgramFiles%\Zone Labs -> [Folder | Created Date = 4/19/2008 8:45:17 AM | Attr = ] [Files/Folders - Modified Within 90 days] Autoruns -> %SystemDrive%\Autoruns -> [Folder | Modified Date = 4/21/2008 11:03:49 AM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 4/21/2008 11:04:09 AM | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 4/21/2008 3:17:47 PM | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 3/21/2008 9:23:40 AM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073270784 bytes | Modified Date = 5/2/2008 9:34:08 PM | Attr = HS] Log-uri -> %SystemDrive%\Log-uri -> [Folder | Modified Date = 4/21/2008 3:48:08 PM | Attr = ] ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 250048 bytes | Modified Date = 5/1/2008 10:30:42 AM | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/2/2008 9:28:39 PM | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 4/21/2008 3:08:32 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 4/21/2008 3:19:14 PM | Attr = HS] savxpsa -> %SystemDrive%\savxpsa -> [Folder | Modified Date = 4/20/2008 6:35:44 PM | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 4/21/2008 2:33:03 AM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 4/21/2008 2:11:58 PM | Attr = HS] Temporar -> %SystemDrive%\Temporar -> [Folder | Modified Date = 4/25/2008 9:06:32 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/2/2008 9:32:33 PM | Attr = ] chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Modified Date = 4/14/2008 5:39:06 AM | Attr = ] dxmasf.dll -> %SystemRoot%\System32\dllcache\dxmasf.dll -> [Ver = | Size = 498742 bytes | Modified Date = 4/14/2008 5:41:54 AM | Attr = ] hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 4/14/2008 5:39:40 AM | Attr = ] msdxm.ocx -> %SystemRoot%\System32\dllcache\msdxm.ocx -> [Ver = | Size = 844314 bytes | Modified Date = 4/14/2008 5:40:10 AM | Attr = ] msdxmlc.dll -> %SystemRoot%\System32\dllcache\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Modified Date = 4/14/2008 5:40:10 AM | Attr = ] pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Modified Date = 4/14/2008 5:40:36 AM | Attr = ] adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Modified Date = 4/14/2008 5:41:50 AM | Attr = ] adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Modified Date = 4/14/2008 5:41:50 AM | Attr = ] adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Modified Date = 4/14/2008 5:41:50 AM | Attr = ] adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Modified Date = 4/14/2008 5:41:50 AM | Attr = ] adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Modified Date = 4/14/2008 5:41:50 AM | Attr = ] adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Modified Date = 4/14/2008 5:41:50 AM | Attr = ] adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Modified Date = 4/14/2008 5:41:50 AM | Attr = ] amdagp.sys -> %SystemRoot%\System32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Modified Date = 4/14/2008 12:06:40 AM | Attr = ] atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Modified Date = 4/14/2008 5:41:52 AM | Attr = ] atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Modified Date = 4/14/2008 5:41:52 AM | Attr = ] atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Modified Date = 4/14/2008 5:41:52 AM | Attr = ] atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Modified Date = 4/14/2008 5:41:52 AM | Attr = ] atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Modified Date = 4/14/2008 5:41:52 AM | Attr = ] ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Modified Date = 4/14/2008 5:41:52 AM | Attr = ] dmboot.sys -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/14/2008 12:14:50 AM | Attr = ] dmio.sys -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/14/2008 12:14:48 AM | Attr = ] Dvd43.sys -> %SystemRoot%\System32\drivers\Dvd43.sys -> Fengtao Software Inc. [Ver = 2, 6, 0, 28 | Size = 35296 bytes | Modified Date = 4/19/2008 9:12:55 AM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 4/21/2008 2:18:31 PM | Attr = ] HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [Ver = | Size = 686 bytes | Modified Date = 4/21/2008 2:18:31 PM | Attr = ] hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Modified Date = 4/13/2008 10:06:06 PM | Attr = ] siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] sisagp.sys -> %SystemRoot%\System32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Modified Date = 4/14/2008 12:06:40 AM | Attr = ] tmpreflt.sys -> %SystemRoot%\System32\drivers\tmpreflt.sys -> Trend Micro Inc. [Ver = 8.550.0.1001 | Size = 35856 bytes | Modified Date = 3/7/2008 6:34:28 AM | Attr = ] tmxpflt.sys -> %SystemRoot%\System32\drivers\tmxpflt.sys -> Trend Micro Inc. [Ver = 8.550.0.1001 | Size = 202768 bytes | Modified Date = 3/7/2008 6:34:28 AM | Attr = ] vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Modified Date = 4/14/2008 5:42:10 AM | Attr = ] vsapint.sys -> %SystemRoot%\System32\drivers\vsapint.sys -> Trend Micro Inc. [Ver = 8.550-1001 | Size = 1126072 bytes | Modified Date = 3/7/2008 6:34:28 AM | Attr = ] amstream.dll -> %SystemRoot%\System32\amstream.dll -> [Ver = | Size = 70656 bytes | Modified Date = 4/14/2008 5:41:50 AM | Attr = ] ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Modified Date = 4/14/2008 5:41:50 AM | Attr = ] ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Modified Date = 4/14/2008 5:41:50 AM | Attr = ] ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Modified Date = 4/14/2008 5:42:44 AM | Attr = ] ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Modified Date = 4/14/2008 5:42:44 AM | Attr = ] ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Modified Date = 4/14/2008 5:41:52 AM | Attr = ] atmfd.dll -> %SystemRoot%\System32\atmfd.dll -> Adobe Systems Incorporated [Ver = 5.1 Build 226 | Size = 285696 bytes | Modified Date = 4/14/2008 5:39:02 AM | Attr = ] atmlib.dll -> %SystemRoot%\System32\atmlib.dll -> Adobe Systems [Ver = 5.1 Build 226 | Size = 30208 bytes | Modified Date = 4/14/2008 5:41:52 AM | Attr = ] backuped -> %SystemRoot%\System32\backuped -> [Folder | Modified Date = 4/20/2008 2:35:23 AM | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Modified Date = 5/1/2008 10:38:48 AM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 5/1/2008 10:43:55 AM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 5/2/2008 8:22:12 AM | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 5/1/2008 10:33:20 AM | Attr = ] compatui.dll -> %SystemRoot%\System32\compatui.dll -> [Ver = 1, 0, 0, 1 | Size = 252928 bytes | Modified Date = 4/14/2008 5:41:52 AM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 3/16/2008 2:44:57 PM | Attr = ] dcache.bin -> %SystemRoot%\System32\dcache.bin -> [Ver = | Size = 1804 bytes | Modified Date = 4/14/2008 5:55:28 AM | Attr = ] defrag.exe -> %SystemRoot%\System32\defrag.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 25088 bytes | Modified Date = 4/14/2008 5:42:18 AM | Attr = ] devenum.dll -> %SystemRoot%\System32\devenum.dll -> [Ver = | Size = 59904 bytes | Modified Date = 4/14/2008 5:41:52 AM | Attr = ] dfrgfat.exe -> %SystemRoot%\System32\dfrgfat.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 82944 bytes | Modified Date = 4/14/2008 5:42:18 AM | Attr = ] dfrgntfs.exe -> %SystemRoot%\System32\dfrgntfs.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 105472 bytes | Modified Date = 4/14/2008 5:42:18 AM | Attr = ] dfrgsnap.dll -> %SystemRoot%\System32\dfrgsnap.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 39424 bytes | Modified Date = 4/14/2008 5:41:52 AM | Attr = ] dfrgui.dll -> %SystemRoot%\System32\dfrgui.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 124416 bytes | Modified Date = 4/14/2008 5:41:52 AM | Attr = ] dgnet.dll -> %SystemRoot%\System32\dgnet.dll -> Microsoft [Ver = 1, 0, 0, 1 | Size = 111104 bytes | Modified Date = 4/14/2008 5:41:52 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 5/1/2008 10:39:24 AM | Attr = RHS] dmadmin.exe -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/14/2008 5:42:18 AM | Attr = ] dmdlgs.dll -> %SystemRoot%\System32\dmdlgs.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 285184 bytes | Modified Date = 4/14/2008 5:41:54 AM | Attr = ] dmdskmgr.dll -> %SystemRoot%\System32\dmdskmgr.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 200704 bytes | Modified Date = 4/14/2008 5:41:54 AM | Attr = ] dmremote.exe -> %SystemRoot%\System32\dmremote.exe -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 15872 bytes | Modified Date = 4/14/2008 5:42:18 AM | Attr = ] dmserver.dll -> %SystemRoot%\System32\dmserver.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 23552 bytes | Modified Date = 4/14/2008 5:41:54 AM | Attr = ] dmutil.dll -> %SystemRoot%\System32\dmutil.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 52224 bytes | Modified Date = 4/14/2008 5:41:54 AM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 5/2/2008 9:32:33 PM | Attr = ] dxmasf.dll -> %SystemRoot%\System32\dxmasf.dll -> [Ver = | Size = 498742 bytes | Modified Date = 4/14/2008 5:41:54 AM | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 5/1/2008 10:38:49 AM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 5/1/2008 10:38:57 AM | Attr = ] encdec.dll -> %SystemRoot%\System32\encdec.dll -> [Ver = | Size = 186880 bytes | Modified Date = 4/14/2008 5:41:54 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 213672 bytes | Modified Date = 5/1/2008 11:38:39 AM | Attr = ] hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Modified Date = 4/14/2008 5:41:56 AM | Attr = ] hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.5512 | Size = 347136 bytes | Modified Date = 4/14/2008 5:41:56 AM | Attr = ] iccvid.dll -> %SystemRoot%\System32\iccvid.dll -> Radius Inc. [Ver = 1.10.0.11 | Size = 80384 bytes | Modified Date = 4/14/2008 5:41:56 AM | Attr = ] imon1.dat -> %SystemRoot%\System32\imon1.dat -> [Ver = | Size = 43 bytes | Modified Date = 4/16/2008 10:07:51 PM | Attr = ] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 5/1/2008 10:39:14 AM | Attr = ] ir41_32.ax -> %SystemRoot%\System32\ir41_32.ax -> Intel Corporation [Ver = 4.51.16.03 | Size = 848384 bytes | Modified Date = 4/14/2008 5:42:44 AM | Attr = ] ir41_qc.dll -> %SystemRoot%\System32\ir41_qc.dll -> Intel Corporation. [Ver = 4.30.62.02 | Size = 120320 bytes | Modified Date = 4/14/2008 5:41:56 AM | Attr = ] ir41_qcx.dll -> %SystemRoot%\System32\ir41_qcx.dll -> Intel Corporation. [Ver = 4.30.64.01 | Size = 338432 bytes | Modified Date = 4/14/2008 5:41:56 AM | Attr = ] ir50_qc.dll -> %SystemRoot%\System32\ir50_qc.dll -> Intel Corporation. [Ver = R.5.10.63.2.48 | Size = 200192 bytes | Modified Date = 4/14/2008 5:41:56 AM | Attr = ] ir50_qcx.dll -> %SystemRoot%\System32\ir50_qcx.dll -> Intel Corporation. [Ver = R.5.10.64.2.48 | Size = 183808 bytes | Modified Date = 4/14/2008 5:41:56 AM | Attr = ] isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Modified Date = 4/14/2008 5:41:56 AM | Attr = ] jgdw400.dll -> %SystemRoot%\System32\jgdw400.dll -> America Online [Ver = 106 | Size = 163840 bytes | Modified Date = 4/14/2008 5:41:56 AM | Attr = ] jgpl400.dll -> %SystemRoot%\System32\jgpl400.dll -> Johnson-Grace Company [Ver = 054 | Size = 27648 bytes | Modified Date = 4/14/2008 5:41:56 AM | Attr = ] l3codeca.acm -> %SystemRoot%\System32\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Modified Date = 4/14/2008 5:39:58 AM | Attr = ] libeay32_0.9.6l.dll -> %SystemRoot%\System32\libeay32_0.9.6l.dll -> [Ver = | Size = 796048 bytes | Modified Date = 3/13/2008 11:10:48 PM | Attr = ] locale.nls -> %SystemRoot%\System32\locale.nls -> [Ver = | Size = 265948 bytes | Modified Date = 2/29/2008 2:40:00 PM | Attr = ] mciqtz32.dll -> %SystemRoot%\System32\mciqtz32.dll -> [Ver = | Size = 35328 bytes | Modified Date = 4/14/2008 5:41:58 AM | Attr = ] mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Modified Date = 4/14/2008 5:41:58 AM | Attr = ] mpeg2data.ax -> %SystemRoot%\System32\mpeg2data.ax -> [Ver = | Size = 118272 bytes | Modified Date = 4/14/2008 5:42:44 AM | Attr = ] mpg2splt.ax -> %SystemRoot%\System32\mpg2splt.ax -> [Ver = | Size = 148992 bytes | Modified Date = 4/14/2008 5:42:44 AM | Attr = ] msdmo.dll -> %SystemRoot%\System32\msdmo.dll -> [Ver = | Size = 14336 bytes | Modified Date = 4/14/2008 5:42:00 AM | Attr = ] msdxm.ocx -> %SystemRoot%\System32\msdxm.ocx -> [Ver = | Size = 844314 bytes | Modified Date = 4/14/2008 5:40:10 AM | Attr = ] msdxmlc.dll -> %SystemRoot%\System32\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Modified Date = 4/14/2008 5:40:10 AM | Attr = ] mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Modified Date = 4/14/2008 5:42:02 AM | Attr = ] netsoft.exe -> %SystemRoot%\System32\netsoft.exe -> [Ver = | Size = 446706 bytes | Modified Date = 4/21/2008 12:18:45 AM | Attr = ] npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 5/1/2008 10:33:30 AM | Attr = ] odbcconf.rsp -> %SystemRoot%\System32\odbcconf.rsp -> [Ver = | Size = 4310 bytes | Modified Date = 4/13/2008 10:56:10 PM | Attr = ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 5/1/2008 10:32:57 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 91690 bytes | Modified Date = 5/1/2008 11:42:28 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 489172 bytes | Modified Date = 5/1/2008 11:42:28 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 592484 bytes | Modified Date = 5/1/2008 11:42:28 AM | Attr = ] proctexe.ocx -> %SystemRoot%\System32\proctexe.ocx -> Intel Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 81920 bytes | Modified Date = 4/14/2008 5:40:36 AM | Attr = ] qcap.dll -> %SystemRoot%\System32\qcap.dll -> [Ver = | Size = 192512 bytes | Modified Date = 4/14/2008 5:42:04 AM | Attr = ] qdv.dll -> %SystemRoot%\System32\qdv.dll -> [Ver = | Size = 279040 bytes | Modified Date = 4/14/2008 5:42:04 AM | Attr = ] qdvd.dll -> %SystemRoot%\System32\qdvd.dll -> [Ver = | Size = 386048 bytes | Modified Date = 4/14/2008 5:42:04 AM | Attr = ] qedit.dll -> %SystemRoot%\System32\qedit.dll -> [Ver = | Size = 562176 bytes | Modified Date = 4/14/2008 5:42:04 AM | Attr = ] qedwipes.dll -> %SystemRoot%\System32\qedwipes.dll -> [Ver = | Size = 733696 bytes | Modified Date = 4/13/2008 10:51:34 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\quartz.dll -> [Ver = | Size = 1288192 bytes | Modified Date = 4/14/2008 5:42:04 AM | Attr = ] regwizc.dll -> %SystemRoot%\System32\regwizc.dll -> Microsoft [Ver = 3, 0, 0, 0 | Size = 397824 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 5/1/2008 10:29:30 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 5/1/2008 10:33:30 AM | Attr = ] s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] sbe.dll -> %SystemRoot%\System32\sbe.dll -> [Ver = | Size = 270848 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Modified Date = 5/1/2008 10:38:54 AM | Attr = ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 5/1/2008 11:38:37 AM | Attr = ] slbiop.dll -> %SystemRoot%\System32\slbiop.dll -> Schlumberger Technology Corporation [Ver = 5.1.2600.2095 (xpsp_sp2_rc1.040310-2010) | Size = 98304 bytes | Modified Date = 4/14/2008 5:42:08 AM | Attr = ] slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Modified Date = 4/14/2008 5:42:08 AM | Attr = ] slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Modified Date = 4/14/2008 5:42:08 AM | Attr = ] slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Modified Date = 4/14/2008 5:42:36 AM | Attr = ] sl_anet.acm -> %SystemRoot%\System32\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Modified Date = 4/14/2008 5:40:52 AM | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 5/1/2008 10:38:57 AM | Attr = ] vbicodec.ax -> %SystemRoot%\System32\vbicodec.ax -> [Ver = | Size = 53248 bytes | Modified Date = 4/14/2008 5:42:44 AM | Attr = ] vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [Ver = | Size = 335 bytes | Modified Date = 5/2/2008 9:34:49 PM | Attr = ] vsdata.dll -> %SystemRoot%\System32\vsdata.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 83432 bytes | Modified Date = 3/13/2008 11:10:52 PM | Attr = ] vsdatant.sys -> %SystemRoot%\System32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 394952 bytes | Modified Date = 3/13/2008 11:11:18 PM | Attr = ] vsinit.dll -> %SystemRoot%\System32\vsinit.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 161256 bytes | Modified Date = 3/13/2008 11:10:52 PM | Attr = ] vsmonapi.dll -> %SystemRoot%\System32\vsmonapi.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 103912 bytes | Modified Date = 3/13/2008 11:10:52 PM | Attr = ] vspubapi.dll -> %SystemRoot%\System32\vspubapi.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 275944 bytes | Modified Date = 3/13/2008 11:10:54 PM | Attr = ] vsregexp.dll -> %SystemRoot%\System32\vsregexp.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 71144 bytes | Modified Date = 3/13/2008 11:10:54 PM | Attr = ] vsutil.dll -> %SystemRoot%\System32\vsutil.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 472552 bytes | Modified Date = 3/13/2008 11:10:54 PM | Attr = ] vswmi.dll -> %SystemRoot%\System32\vswmi.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 46568 bytes | Modified Date = 3/13/2008 11:10:56 PM | Attr = ] vsxml.dll -> %SystemRoot%\System32\vsxml.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 99816 bytes | Modified Date = 3/13/2008 11:10:56 PM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 5/1/2008 11:38:36 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 12598 bytes | Modified Date = 5/2/2008 9:34:50 PM | Attr = ] wstpager.ax -> %SystemRoot%\System32\wstpager.ax -> [Ver = | Size = 164352 bytes | Modified Date = 4/14/2008 5:42:44 AM | Attr = ] wstrenderer.ax -> %SystemRoot%\System32\wstrenderer.ax -> [Ver = | Size = 239616 bytes | Modified Date = 4/14/2008 5:42:44 AM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 2/13/2008 8:42:20 AM | Attr = ] zlcomm.dll -> %SystemRoot%\System32\zlcomm.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 83432 bytes | Modified Date = 3/13/2008 11:10:56 PM | Attr = ] zlcommdb.dll -> %SystemRoot%\System32\zlcommdb.dll -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 71144 bytes | Modified Date = 3/13/2008 11:10:56 PM | Attr = ] zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 5/2/2008 8:14:31 AM | Attr = H ] ZoneLabs -> %SystemRoot%\System32\ZoneLabs -> [Folder | Modified Date = 5/1/2008 9:53:24 AM | Attr = ] zpeng24.dll -> %SystemRoot%\System32\zpeng24.dll -> Python Software Foundation [Ver = 2.4.2 | Size = 1086952 bytes | Modified Date = 3/13/2008 11:11:02 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/9/2008 3:16:59 PM | Attr = H ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 5/1/2008 10:29:16 AM | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 5/1/2008 11:38:37 AM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2/13/2008 9:08:15 AM | Attr = R S] BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 4/19/2008 9:30:00 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/2/2008 9:34:10 PM | Attr = S] CDPLAYER.UNI -> %SystemRoot%\CDPLAYER.UNI -> [Ver = | Size = 744 bytes | Modified Date = 3/8/2008 10:33:53 AM | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 5/1/2008 10:16:56 AM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/21/2008 4:17:24 PM | Attr = S] DVDRegionFree.INI -> %SystemRoot%\DVDRegionFree.INI -> [Ver = | Size = 68 bytes | Modified Date = 4/19/2008 9:13:00 AM | Attr = ] EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 5/1/2008 10:24:57 AM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 4/21/2008 3:18:18 PM | Attr = ] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 4/21/2008 2:16:34 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 5/1/2008 11:38:36 AM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/1/2008 10:39:13 AM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 4/9/2008 3:15:52 PM | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 5/1/2008 10:39:13 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 4/9/2008 3:17:05 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/1/2008 10:43:55 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/1/2008 4:49:05 PM | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 5/2/2008 4:26:05 PM | Attr = ] Irremote.ini -> %SystemRoot%\Irremote.ini -> [Ver = | Size = 0 bytes | Modified Date = 2/10/2008 3:14:15 PM | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Modified Date = 5/1/2008 10:38:50 AM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 2/13/2008 9:08:38 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 3/2/2008 2:27:39 PM | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 5/1/2008 10:33:28 AM | Attr = ] mui -> %SystemRoot%\mui -> [Folder | Modified Date = 5/1/2008 10:33:30 AM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 4/25/2008 8:46:16 PM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 5/1/2008 10:39:13 AM | Attr = ] peernet -> %SystemRoot%\peernet -> [Folder | Modified Date = 5/1/2008 10:38:48 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/2/2008 9:45:04 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 3/5/2008 3:42:18 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 4/20/2008 9:57:13 PM | Attr = H ] security -> %SystemRoot%\security -> [Folder | Modified Date = 5/1/2008 10:43:50 AM | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 5/1/2008 10:39:26 AM | Attr = ] slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Modified Date = 4/14/2008 5:42:36 AM | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 5/1/2008 10:33:26 AM | Attr = ] SuperBlank.INI -> %SystemRoot%\SuperBlank.INI -> [Ver = | Size = 242 bytes | Modified Date = 3/1/2008 10:24:57 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 5/1/2008 10:32:54 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 4/21/2008 3:10:09 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 5/2/2008 9:34:07 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 4/20/2008 6:38:38 PM | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 5/2/2008 9:44:54 PM | Attr = ] twain_32.dll -> %SystemRoot%\twain_32.dll -> Twain Working Group [Ver = 1,7,1,1 | Size = 50688 bytes | Modified Date = 4/14/2008 5:42:08 AM | Attr = ] WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 850 bytes | Modified Date = 4/21/2008 11:04:09 AM | Attr = ] wincmd.ini -> %SystemRoot%\wincmd.ini -> [Ver = | Size = 2371 bytes | Modified Date = 4/6/2008 9:45:06 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 5/1/2008 10:39:42 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/2/2008 9:34:37 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 3/20/2007 1:29:50 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 4/9/2008 10:06:51 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5502 bytes | Modified Date = 4/9/2008 10:06:48 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 3/20/2007 1:22:20 AM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11100 bytes | Modified Date = 3/20/2007 1:22:41 AM | Attr = ] C:\Documents and Settings\Sorin\Local Settings\Temp\ -> C:\Documents and Settings\Sorin\Local Settings\Temp -> [Folder | Modified Date = 5/2/2008 9:44:39 PM | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\Sorin\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 143360 bytes | Modified Date = 2/17/2006 3:55:46 PM | Attr = ] 14 C:\Documents and Settings\Sorin\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Sorin\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Sorin\Local Settings\Temp\DRDld\ -> C:\Documents and Settings\Sorin\Local Settings\Temp\DRDld -> [Folder | Modified Date = 4/25/2008 8:47:48 AM | Attr = ] mbam-setup.exe -> C:\Documents and Settings\Sorin\Local Settings\Temp\DRDld\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1596094 bytes | Modified Date = 4/25/2008 8:47:56 AM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\TEMP -> [Folder | Modified Date = 5/2/2008 9:44:54 PM | Attr = ] Perflib_Perfdata_13c.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_13c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/1/2008 9:30:30 AM | Attr = ] Perflib_Perfdata_1e0.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_1e0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/25/2008 9:10:33 AM | Attr = ] Perflib_Perfdata_200.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_200.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/2/2008 8:17:15 AM | Attr = ] Perflib_Perfdata_6d8.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_6d8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/1/2008 4:54:30 PM | Attr = ] Perflib_Perfdata_6e4.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_6e4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/2/2008 8:01:43 AM | Attr = ] Perflib_Perfdata_6f4.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_6f4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/1/2008 4:42:16 PM | Attr = ] Perflib_Perfdata_700.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_700.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/1/2008 12:50:34 PM | Attr = ] Perflib_Perfdata_714.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_714.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/1/2008 11:41:42 AM | Attr = ] Perflib_Perfdata_738.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_738.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/1/2008 10:08:24 AM | Attr = ] Perflib_Perfdata_780.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_780.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/1/2008 12:26:24 PM | Attr = ] Perflib_Perfdata_784.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_784.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/25/2008 6:39:09 PM | Attr = ] Perflib_Perfdata_7b8.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_7b8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/1/2008 9:54:08 AM | Attr = ] Perflib_Perfdata_a8.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_a8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 5/2/2008 9:34:46 PM | Attr = ] 21 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] Avg8 -> %AllUsersProfile%\Application Data\Avg8 -> [Folder | Modified Date = 5/2/2008 9:32:40 PM | Attr = ] 24 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> F-Secure -> %AllUsersProfile%\Application Data\F-Secure -> [Folder | Modified Date = 4/17/2008 11:54:03 AM | Attr = ] fssg -> %AllUsersProfile%\Application Data\fssg -> [Folder | Modified Date = 4/17/2008 11:20:30 AM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 2/8/2008 12:29:21 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 4/25/2008 8:48:43 AM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 4/20/2008 1:34:38 AM | Attr = S] Nero -> %AllUsersProfile%\Application Data\Nero -> [Folder | Modified Date = 3/16/2008 10:34:04 AM | Attr = ] Sophos -> %AllUsersProfile%\Application Data\Sophos -> [Folder | Modified Date = 4/20/2008 6:42:50 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 4/18/2008 11:12:16 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 4/25/2008 9:15:19 AM | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Modified Date = 4/20/2008 6:41:08 PM | Attr = ] Trend Micro -> %AllUsersProfile%\Application Data\Trend Micro -> [Folder | Modified Date = 4/16/2008 11:02:57 PM | Attr = ] Ahead -> %AppData%\Ahead -> [Folder | Modified Date = 3/17/2008 11:39:18 AM | Attr = ] AVGTOOLBAR -> %AppData%\AVGTOOLBAR -> [Folder | Modified Date = 4/21/2008 10:15:43 PM | Attr = ] Azureus -> %AppData%\Azureus -> [Folder | Modified Date = 4/15/2008 9:16:18 AM | Attr = ] F-Secure -> %AppData%\F-Secure -> [Folder | Modified Date = 4/17/2008 11:28:34 AM | Attr = ] GetRight -> %AppData%\GetRight -> [Folder | Modified Date = 3/8/2008 7:46:51 PM | Attr = ] GetRight.cok -> %AppData%\GetRight.cok -> [Ver = | Size = 93 bytes | Modified Date = 3/21/2008 9:25:59 AM | Attr = ] GetRight.hst -> %AppData%\GetRight.hst -> [Ver = | Size = 361 bytes | Modified Date = 3/21/2008 9:25:59 AM | Attr = ] GetRight.lst -> %AppData%\GetRight.lst -> [Ver = | Size = 1177 bytes | Modified Date = 3/21/2008 9:25:50 AM | Attr = ] GetRightToGo -> %AppData%\GetRightToGo -> [Folder | Modified Date = 3/8/2008 9:59:06 AM | Attr = ] GRFolder.ini -> %AppData%\GRFolder.ini -> [Ver = | Size = 486 bytes | Modified Date = 3/8/2008 10:00:31 AM | Attr = ] GRGames.ini -> %AppData%\GRGames.ini -> [Ver = | Size = 28 bytes | Modified Date = 3/8/2008 7:52:30 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 4/25/2008 8:48:55 AM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 5/2/2008 9:32:34 PM | Attr = S] Skype -> %AppData%\Skype -> [Folder | Modified Date = 4/7/2008 9:52:07 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 4/25/2008 9:15:08 AM | Attr = ] Symantec -> %AppData%\Symantec -> [Folder | Modified Date = 4/16/2008 11:16:26 PM | Attr = ] True Sword -> %AppData%\True Sword -> [Folder | Modified Date = 4/20/2008 2:35:43 AM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 3/16/2008 4:12:01 PM | Attr = ] WinPatrol -> %AppData%\WinPatrol -> [Folder | Modified Date = 4/20/2008 12:36:01 AM | Attr = ] Ahead -> %UserProfile%\Local Settings\Application Data\Ahead -> [Folder | Modified Date = 3/17/2008 11:37:59 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 27648 bytes | Modified Date = 4/19/2008 9:12:59 AM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 52744 bytes | Modified Date = 2/14/2008 8:46:46 AM | Attr = ] Sophos -> %UserProfile%\Local Settings\Application Data\Sophos -> [Folder | Modified Date = 4/20/2008 7:11:35 PM | Attr = ] PCLECHAL.INI -> %AllUsersProfile%\Documents\PCLECHAL.INI -> [Ver = | Size = 349 bytes | Modified Date = 4/19/2008 9:13:03 AM | Attr = ] My Microsoft Activation Files -> %UserProfile%\My Documents\My Microsoft Activation Files -> [Folder | Modified Date = 4/20/2008 1:40:02 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 3/8/2008 8:52:06 PM | Attr = R ] My Registry Backup -> %UserProfile%\My Documents\My Registry Backup -> [Folder | Modified Date = 4/20/2008 5:54:10 PM | Attr = ] PDVD_MediaDisc.PlayList -> %UserProfile%\My Documents\PDVD_MediaDisc.PlayList -> [Ver = | Size = 650 bytes | Modified Date = 3/5/2008 6:28:56 AM | Attr = ] Ad-Aware 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Aware 2007.lnk -> [Ver = | Size = 1800 bytes | Modified Date = 4/20/2008 1:56:08 AM | Attr = ] Ad-Watch 2007.lnk -> %AllUsersProfile%\Desktop\Ad-Watch 2007.lnk -> [Ver = | Size = 1800 bytes | Modified Date = 4/20/2008 1:56:08 AM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 706 bytes | Modified Date = 4/25/2008 8:48:45 AM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 790 bytes | Modified Date = 4/25/2008 9:15:09 AM | Attr = ] 8-cell.gif -> %UserProfile%\Desktop\8-cell.gif -> [Ver = | Size = 640422 bytes | Modified Date = 4/1/2008 9:26:43 AM | Attr = ] Alex -> %UserProfile%\Desktop\Alex -> [Folder | Modified Date = 3/3/2008 1:11:02 AM | Attr = ] AVG 8.0 -> %UserProfile%\Desktop\AVG 8.0 -> [Folder | Modified Date = 4/21/2008 10:10:45 PM | Attr = ] Azureus_Stats.xml -> %UserProfile%\Desktop\Azureus_Stats.xml -> [Ver = | Size = 389 bytes | Modified Date = 4/15/2008 9:16:18 AM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1771601 bytes | Modified Date = 4/21/2008 1:10:16 PM | Attr = ] Fifa 2008 -> %UserProfile%\Desktop\Fifa 2008 -> [Folder | Modified Date = 4/22/2008 6:50:32 PM | Attr = ] HijackThis v2 -> %UserProfile%\Desktop\HijackThis v2 -> [Folder | Modified Date = 4/21/2008 12:43:53 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1744 bytes | Modified Date = 4/21/2008 12:44:28 PM | Attr = ] ItsyBitsy Copaci -> %UserProfile%\Desktop\ItsyBitsy Copaci -> [Folder | Modified Date = 4/5/2008 11:29:41 PM | Attr = ] Malware new -> %UserProfile%\Desktop\Malware new -> [Folder | Modified Date = 5/2/2008 9:42:46 PM | Attr = ] Malware tools -> %UserProfile%\Desktop\Malware tools -> [Folder | Modified Date = 4/25/2008 8:36:53 AM | Attr = ] Nero clean tool -> %UserProfile%\Desktop\Nero clean tool -> [Folder | Modified Date = 3/2/2008 2:20:42 PM | Attr = ] New Folder -> %UserProfile%\Desktop\New Folder -> [Folder | Modified Date = 4/22/2008 6:50:23 PM | Attr = ] Nice ass.gif -> %UserProfile%\Desktop\Nice ass.gif -> [Ver = | Size = 1084497 bytes | Modified Date = 3/19/2008 9:27:01 AM | Attr = ] Process monitor 1.3 Microsoft -> %UserProfile%\Desktop\Process monitor 1.3 Microsoft -> [Folder | Modified Date = 4/20/2008 3:36:24 PM | Attr = ] Sex -> %UserProfile%\Desktop\Sex -> [Folder | Modified Date = 3/11/2008 11:18:39 AM | Attr = ] Sophos Anti rootkit -> %UserProfile%\Desktop\Sophos Anti rootkit -> [Folder | Modified Date = 4/20/2008 6:07:11 PM | Attr = ] Sophos antivirus trial -> %UserProfile%\Desktop\Sophos antivirus trial -> [Folder | Modified Date = 4/20/2008 6:57:15 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 973 bytes | Modified Date = 4/18/2008 11:04:04 PM | Attr = ] True Sword.lnk -> %UserProfile%\Desktop\True Sword.lnk -> [Ver = | Size = 1608 bytes | Modified Date = 4/20/2008 2:35:29 AM | Attr = ] unzip.gif -> %UserProfile%\Desktop\unzip.gif -> [Ver = | Size = 164693 bytes | Modified Date = 3/19/2008 9:23:13 AM | Attr = ] Utils -> %UserProfile%\Desktop\Utils -> [Folder | Modified Date = 4/5/2008 3:51:54 PM | Attr = ] Utorrent 1.8 beta -> %UserProfile%\Desktop\Utorrent 1.8 beta -> [Folder | Modified Date = 2/28/2008 10:36:18 AM | Attr = ] WinPatrol -> %UserProfile%\Desktop\WinPatrol -> [Folder | Modified Date = 4/20/2008 12:35:33 AM | Attr = ] Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Modified Date = 3/17/2008 11:13:11 AM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 4/25/2008 8:47:56 AM | Attr = ] Nero -> %CommonProgramFiles%\Nero -> [Folder | Modified Date = 2/10/2008 3:17:30 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 4/20/2008 6:46:13 PM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 5/1/2008 10:33:14 AM | Attr = RHS] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 4/25/2008 9:14:50 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]