[code] OTScanIt logfile created on: 5/3/2008 9:37:12 AM OTScanIt by OldTimer - Version 1.0.11.12 Folder = C:\Documents and Settings\jim\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 75.69% Memory free 3.85 Gb Paging File | 3.50 Gb Available in Paging File | 90.89% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 214.40 Gb Free Space | 92.06% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JIM-CF6033573A3 Current User Name: jim Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 430080 bytes | Modified Date = 11/21/2006 8:18:36 PM | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 430080 bytes | Modified Date = 11/21/2006 8:18:36 PM | Attr = ] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 3 | Size = 574808 bytes | Modified Date = 9/25/2007 9:00:46 AM | Attr = ] avgamsvr.exe -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/22/2007 12:40:55 PM | Attr = ] avgupsvc.exe -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 7/31/2007 4:01:16 PM | Attr = ] avgemc.exe -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/20/2007 12:45:55 PM | Attr = ] ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 6:01:00 PM | Attr = ] ezbackup.exe -> %ProgramFiles%\EzBackup\EZ-Backup Manager\EzBackup.exe -> [Ver = | Size = 1123840 bytes | Modified Date = 5/8/2006 7:10:38 PM | Attr = ] rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.0.5.9 | Size = 16143872 bytes | Modified Date = 4/17/2006 12:34:42 AM | Attr = R ] asrc.exe -> %ProgramFiles%\ASUS\ASUS DH Remote\AsRc.exe -> [Ver = | Size = 3167744 bytes | Modified Date = 7/19/2006 10:52:42 AM | Attr = ] avgcc.exe -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/16/2008 4:26:41 PM | Attr = ] sprtcmd.exe -> %ProgramFiles%\twc\medicsp2\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 198184 bytes | Modified Date = 3/7/2007 11:53:58 AM | Attr = ] ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 6:23:34 PM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 3:06:28 PM | Attr = ] mtdacqu.exe -> %ProgramFiles%\Creative\MediaSource5\MtdAcqu.exe -> Creative Technology Ltd [Ver = 5.0.8.0 | Size = 278528 bytes | Modified Date = 3/8/2006 9:56:00 AM | Attr = ] sprtsvc.exe -> %ProgramFiles%\twc\medicsp2\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 202280 bytes | Modified Date = 3/7/2007 11:54:06 AM | Attr = ] tablet.exe -> %SystemRoot%\system32\Tablet.exe -> Wacom Technology, Corp. [Ver = 4.78-6 | Size = 634880 bytes | Modified Date = 12/4/2003 5:00:34 PM | Attr = ] asdhremote.exe -> %ProgramFiles%\ASUS\ASUS DH Remote\AsDHRemote.exe -> T-wins [Ver = 0, 0, 13, 0 | Size = 208896 bytes | Modified Date = 7/19/2006 10:32:20 AM | Attr = ] viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 2:38:08 PM | Attr = ] tabuserw.exe -> %SystemRoot%\system32\WTablet\TabUserW.exe -> Wacom Technology, Corp. [Ver = 4.78-6 | Size = 77824 bytes | Modified Date = 12/4/2003 4:48:40 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.11.12 | Size = 371712 bytes | Modified Date = 5/1/2008 4:35:22 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 3 | Size = 574808 bytes | Modified Date = 9/25/2007 9:00:46 AM | Attr = ] (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> File not found (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 430080 bytes | Modified Date = 11/21/2006 8:18:36 PM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 11/22/2006 11:52:00 AM | Attr = ] (Avg7Alrt) AVG7 Alert Manager Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgamsvr.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/22/2007 12:40:55 PM | Attr = ] (Avg7UpdSvc) AVG7 Update Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgupsvc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.420 | Size = 49664 bytes | Modified Date = 7/31/2007 4:01:16 PM | Attr = ] (AVGEMS) AVG E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\Grisoft\AVG7\avgemc.exe -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/20/2007 12:45:55 PM | Attr = ] (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> File not found (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/12/1999 6:01:00 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (EZ-Backup Manager) EZ-Backup Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\EzBackup\EZ-Backup Manager\EzBackup.exe -> [Ver = | Size = 1123840 bytes | Modified Date = 5/8/2006 7:10:38 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 7/31/2007 3:41:55 PM | Attr = ] (Seagate Sync Service) Seagate Sync Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Seagate\Sync\SeaSyncServices.exe -> File not found (sprtsvc_medicsp2) SupportSoft Sprocket Service (medicsp2) [Win32_Own | Auto | Running] -> %ProgramFiles%\twc\medicsp2\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 202280 bytes | Modified Date = 3/7/2007 11:54:06 AM | Attr = ] (TabletService) TabletService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Tablet.exe -> Wacom Technology, Corp. [Ver = 4.78-6 | Size = 634880 bytes | Modified Date = 12/4/2003 5:00:34 PM | Attr = ] (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 2:38:08 PM | Attr = ] [Driver Services - Non-Microsoft Only] (AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.5.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> Meetinghouse Data Communications [Ver = 3.4.5.0 | Size = 21035 bytes | Modified Date = 8/2/2007 4:52:24 PM | Attr = ] (AsIO) AsIO [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AsIO.sys -> [Ver = | Size = 5685 bytes | Modified Date = 12/21/2005 7:22:20 PM | Attr = R ] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6652 | Size = 2829824 bytes | Modified Date = 11/21/2006 8:25:08 PM | Attr = ] (ATIAVAIW) ATI T200 Unified AVStream service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\atinavt2.sys -> ATI Technologies Inc. [Ver = 6.14.10.1075 | Size = 168832 bytes | Modified Date = 9/5/2006 6:26:56 PM | Attr = ] (Avg7Core) AVG7 Kernel [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7core.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.498 | Size = 821856 bytes | Modified Date = 10/22/2007 12:40:53 PM | Attr = ] (Avg7RsW) AVG7 Wrap Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsw.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,340 | Size = 4224 bytes | Modified Date = 7/31/2007 4:01:19 PM | Attr = ] (Avg7RsXP) AVG7 Resident Driver XP [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avg7rsxp.sys -> GRISOFT, s.r.o. [Ver = 7.5.0.442 | Size = 27776 bytes | Modified Date = 7/31/2007 4:01:19 PM | Attr = ] (AvgClean) AVG7 Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgclean.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10760 bytes | Modified Date = 12/20/2007 12:45:56 PM | Attr = ] (AvgTdi) AVG Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdi.sys -> GRISOFT, s.r.o. [Ver = 7,0,0,346 | Size = 4960 bytes | Modified Date = 7/31/2007 4:01:20 PM | Attr = ] (catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 6:07:18 PM | Attr = ] (HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\USR_BSC2.sys -> Conexant Systems, Inc. [Ver = 7.32.00 built by: WinDDK | Size = 231168 bytes | Modified Date = 8/8/2005 12:52:16 PM | Attr = R ] (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\USR_MDMV.sys -> Conexant Systems, Inc. [Ver = 7.32.00 built by: WinDDK | Size = 1035008 bytes | Modified Date = 8/8/2005 12:52:58 PM | Attr = R ] (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RtkHDAud.Sys -> Realtek Semiconductor Corp. [Ver = 5.10.00.5247 built by: WinDDK | Size = 4262912 bytes | Modified Date = 4/17/2006 1:31:26 AM | Attr = R ] (JGOGO) JMicron Hot-Plug Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\JGOGO.sys -> JMicron [Ver = 5.0.3790.1 | Size = 6912 bytes | Modified Date = 2/7/2006 4:52:58 AM | Attr = R ] (JRAID) JRAID [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\jraid.sys -> JMicron Technology Corp. [Ver = 1.13.02.00 built by: WinDDK | Size = 41216 bytes | Modified Date = 7/1/2006 2:47:08 AM | Attr = R ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.2.006 | Size = 13059 bytes | Modified Date = 3/17/2004 9:04:14 AM | Attr = R ] (MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ASACPI.sys -> [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Modified Date = 8/13/2004 3:56:20 AM | Attr = R ] (npkcrypt) npkcrypt [Kernel | Auto | Running] -> %SystemDrive%\Nexon\MapleStory\npkcrypt.sys -> INCA Internet Co., Ltd. [Ver = 2006. 11. 20. 1 | Size = 23217 bytes | Modified Date = 7/25/2007 6:14:44 PM | Attr = ] (PenClass) Pen Class [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\penclass.sys -> Wacom Technology Corporation [Ver = 4.00 | Size = 8138 bytes | Modified Date = 4/9/2001 12:45:00 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] (RTLWUSB) Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RTL8187.sys -> Realtek Semiconductor Corporation [Ver = 5.1230.0530.2006 built by: WinDDK | Size = 176128 bytes | Modified Date = 6/16/2006 12:30:16 AM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 2:53:48 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 6:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 1:39:26 PM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr = ] (SjyPkt) SjyPkt [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SjyPkt.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 13532 bytes | Modified Date = 3/31/2006 5:39:54 AM | Attr = ] (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_USR.sys -> Conexant Systems, Inc. [Ver = 7.32.00 built by: WinDDK | Size = 729728 bytes | Modified Date = 8/8/2005 12:52:12 PM | Attr = R ] (yukonwxp) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\yk51x86.sys -> Marvell [Ver = 8.24.3.3 built by: WinDDK | Size = 230400 bytes | Modified Date = 3/30/2005 9:24:00 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Ai Quicker Help -> %ProgramFiles%\ASUS\ASUS DH Remote\AsRc.exe ["C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"] -> [Ver = | Size = 3167744 bytes | Modified Date = 7/19/2006 10:52:42 AM | Attr = ] AVG7_CC -> %ProgramFiles%\Grisoft\AVG7\avgcc.exe [C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP] -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/16/2008 4:26:41 PM | Attr = ] EzBackup Manager -> %ProgramFiles%\EzBackup\EZ-Backup Manager\EzBackupManager.exe [C:\Program Files\EzBackup\EZ-Backup Manager\ezbackupmanager.exe] -> [Ver = | Size = 1901568 bytes | Modified Date = 5/8/2006 7:10:48 PM | Attr = ] JMB36X Configure -> %SystemRoot%\system32\JMRaidTool.exe [C:\WINDOWS\system32\JMRaidTool.exe boot] -> JMicron Technology Corp. [Ver = 1.13.00 | Size = 352256 bytes | Modified Date = 6/28/2006 7:07:50 PM | Attr = R ] Launch Ai Booster -> %ProgramFiles%\ASUS\Ai Booster\OverClk.exe ["C:\Program Files\ASUS\Ai Booster\OverClk.exe"] -> [Ver = 0.2.3.4 | Size = 3711488 bytes | Modified Date = 7/6/2006 6:19:48 PM | Attr = ] medicsp2 -> %ProgramFiles%\twc\medicsp2\bin\sprtcmd.exe [C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2] -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 198184 bytes | Modified Date = 3/7/2007 11:53:58 AM | Attr = ] NWEReboot -> [] -> File not found RTHDCPL -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.0.5.9 | Size = 16143872 bytes | Modified Date = 4/17/2006 12:34:42 AM | Attr = R ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> [] -> File not found Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe [C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R] -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 6:23:34 PM | Attr = ] CTSyncU.exe -> %ProgramFiles%\Creative\Sync Manager Unicode\CTSyncU.exe ["C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"] -> [Ver = 6.1.12.0 | Size = 700416 bytes | Modified Date = 9/28/2006 9:09:14 PM | Attr = ] MtdAcqu -> %ProgramFiles%\Creative\MediaSource5\MtdAcqu.exe ["C:\Program Files\Creative\MediaSource5\MtdAcqu.exe" /s] -> Creative Technology Ltd [Ver = 5.0.8.0 | Size = 278528 bytes | Modified Date = 3/8/2006 9:56:00 AM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 9, 0, 1008 | Size = 1318912 bytes | Modified Date = 6/21/2007 3:06:28 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 3:06:48 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 5:44:06 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk -> -> File not found %AllUsersProfile%\Start Menu\Programs\Startup\TabUserW.exe.lnk -> %SystemRoot%\system32\WTablet\TabUserW.exe -> Wacom Technology, Corp. [Ver = 4.78-6 | Size = 77824 bytes | Modified Date = 12/4/2003 4:48:40 PM | Attr = ] < jim Startup Folder > -> C:\Documents and Settings\jim\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 2:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 2:41:36 PM | Attr = ] AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4152 | Size = 90112 bytes | Modified Date = 11/21/2006 8:19:40 PM | Attr = ] WgaLogon -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPIONEER_DVD-RW__DVR-111D________________1.23____\46_044483450393730375735204c202020202020 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 2/28/2007 11:00:15 AM | Attr = ] < HOSTS File > (222651 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4163 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4162 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> Adobe Systems Incorporated [Ver = 7.0.0.2004121400 | Size = 63136 bytes | Modified Date = 12/14/2004 2:56:50 AM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 5:46:14 PM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/31/2007 3:41:55 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/31/2007 3:41:55 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 7/31/2007 3:41:55 PM | Attr = R ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 5:46:14 PM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 8 | Size = 1122128 bytes | Modified Date = 8/31/2007 5:46:14 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {0E7BA67E-609D-44CB-98CD-AF10BAFAA0E2} -> (Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter) -> {3DB821C8-B323-425F-BC87-B7F64A64B4DA} -> (Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) -> {6F0A5836-8420-4A0A-A99E-F0F1460A7E1A} -> () -> {89A0C902-11F3-4752-9934-B2D4A99A631B} -> (1394 Net Adapter) -> {C06A8FF7-F620-4D90-BA06-524F454336C7} -> (Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {01113300-3E00-11D2-8470-0060089874ED}[HKEY_LOCAL_MACHINE] -> http://activation.rr.com/install/downloads/tgctlcm.cab[Support.com Configuration Class] -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=67633[Office Genuine Advantage Validation Tool] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}[HKEY_LOCAL_MACHINE] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\.Owner -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gp.ocx\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sprthelper.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sprthelper.exe\\.Owner -> {01113300-3E00-11D2-8470-0060089874ED} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sprthelper.exe\\{01113300-3E00-11D2-8470-0060089874ED} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlcm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlcm.dll\\.Owner -> {01113300-3E00-11D2-8470-0060089874ED} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/tgctlcm.dll\\{01113300-3E00-11D2-8470-0060089874ED} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> -> [Registry - Additional Scans - All] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 10:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 7:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 9:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1368 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> CE 4F 11 C6 33 1C DF CF CC 7E 8A FF B2 76 B6 41 32 36 39 36 33 63 38 36 00 FD 07 00 0D 4D 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 76 2F 5E 03 D6 ED 96 DC B4 A5 8D 26 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 57 1E 4A 02 37 50 BC 17 E2 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 93 38 4D FE 99 1C [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 36 06 C6 D2 3C D8 66 55 03 E2 29 80 4B 78 39 4F [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> D4 19 C1 E0 87 5B C7 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11263 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 9:24:37 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 510976 bytes | Modified Date = 4/16/2008 4:26:41 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/22/2007 12:40:55 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/16/2008 4:26:41 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgemc.exe -> C:\Program Files\Grisoft\AVG7\avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/20/2007 12:45:55 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Nexon\MapleStory\MapleStory.exe -> C:\Nexon\MapleStory\MapleStory.exe [C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory] -> Wizet [Ver = 1, 0, 0, 1 | Size = 1925154 bytes | Modified Date = 4/4/2008 7:11:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 12:17:27 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Nexon\MapleStory\Patcher.exe -> C:\Nexon\MapleStory\Patcher.exe [C:\Nexon\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????] -> [Ver = 1, 0, 0, 1 | Size = 1384448 bytes | Modified Date = 11/15/2007 4:27:17 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 8:20:54 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 2/1/2008 9:33:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> -> File not found .chm [@ = chm.file] -> %SystemRoot%\hh.exe -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 10752 bytes | Modified Date = 5/26/2005 4:22:01 PM | Attr = ] .cmd [@ = cmdfile] -> -> File not found .com [@ = comfile] -> -> File not found .cpl [@ = cplfile] -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 8:34:01 PM | Attr = ] .exe [@ = exefile] -> -> File not found .hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 8192 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] .hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> Microsoft Corporation [Ver = 7.00.5730.13 (longhorn(wmbla).070711-1130) | Size = 45568 bytes | Modified Date = 8/13/2007 7:32:30 PM | Attr = ] .html [@ = FirefoxHTML] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.14: 2008040413 | Size = 7660656 bytes | Modified Date = 4/6/2008 11:58:47 PM | Attr = ] .inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] .ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] .url [@ = InternetShortcut] -> %SystemRoot%\system32\ieframe.dll -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 6066176 bytes | Modified Date = 12/6/2007 7:21:46 PM | Attr = ] .js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] .jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] .pif [@ = piffile] -> -> File not found .reg [@ = regfile] -> %SystemRoot%\regedit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 146432 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] .scr [@ = scrfile] -> -> File not found .txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] .vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] .vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] .wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] .wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> Microsoft Corporation [Ver = 5.6.0.8820 | Size = 114688 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> C:\WINDOWS\system32\qmgr.dll [%systemroot%\system32\qmgr.dll] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11265 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 9:24:37 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avginet.exe -> C:\Program Files\Grisoft\AVG7\avginet.exe [C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 510976 bytes | Modified Date = 4/16/2008 4:26:41 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.496 | Size = 418816 bytes | Modified Date = 10/22/2007 12:40:55 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgcc.exe -> C:\Program Files\Grisoft\AVG7\avgcc.exe [C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.522 | Size = 579584 bytes | Modified Date = 4/16/2008 4:26:41 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgemc.exe -> C:\Program Files\Grisoft\AVG7\avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> GRISOFT, s.r.o. [Ver = 7.5.0.510 | Size = 406528 bytes | Modified Date = 12/20/2007 12:45:55 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Nexon\MapleStory\MapleStory.exe -> C:\Nexon\MapleStory\MapleStory.exe [C:\Nexon\MapleStory\MapleStory.exe:*:Enabled:MapleStory] -> Wizet [Ver = 1, 0, 0, 1 | Size = 1925154 bytes | Modified Date = 4/4/2008 7:11:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 12:17:27 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Nexon\MapleStory\Patcher.exe -> C:\Nexon\MapleStory\Patcher.exe [C:\Nexon\MapleStory\Patcher.exe:*:Enabled:Patcher MFC ?? ????] -> [Ver = 1, 0, 0, 1 | Size = 1384448 bytes | Modified Date = 11/15/2007 4:27:17 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 5:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 8:20:54 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 2/1/2008 9:33:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> *ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE -> -> File not found ADP -> -> File not found BAS -> -> File not found BAT -> -> File not found CHM -> -> File not found CMD -> %SystemRoot%\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] COM -> -> File not found CPL -> -> File not found CRT -> -> File not found EXE -> -> File not found HLP -> -> File not found HTA -> -> File not found INF -> -> File not found INS -> -> File not found ISP -> -> File not found LNK -> -> File not found MDB -> -> File not found MDE -> -> File not found MSC -> -> File not found MSI -> %SystemRoot%\system32\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/18/2007 9:12:23 AM | Attr = ] MSP -> -> File not found MST -> -> File not found OCX -> -> File not found PCD -> -> File not found PIF -> -> File not found REG -> %SystemRoot%\system32\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 8/4/2004 5:00:00 AM | Attr = ] SCR -> -> File not found SHS -> -> File not found URL -> %SystemRoot%\system32\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 105984 bytes | Modified Date = 12/6/2007 7:21:48 PM | Attr = ] VB -> -> File not found WSC -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> 5E AB 30 4F 95 7A 49 89 6A 00 6C 1C 31 15 40 15 [binary data] -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ̋ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> 67 B0 D4 8B 34 3A 3F D3 BC E9 DC 64 67 04 F3 94 [binary data] -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ȅ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 32 78 02 DC FE F8 C8 93 DC 8A B0 06 DD 84 7D 1D [binary data] -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> Ζ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> BD 9A 2A DB 42 EB D8 56 0E 25 0E 4D F8 16 2F 67 [binary data] -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> å -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 38 6B 08 5F 84 EC F6 69 D3 6B 95 6A 22 C0 1E 80 [binary data] -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> Ų -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> [Files/Folders - Created Within 30 days] 444834fd119f26321daaf28198 -> %SystemDrive%\444834fd119f26321daaf28198 -> [Folder | Created Date = 4/27/2008 9:48:55 AM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 4/22/2008 3:37:30 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 4/29/2008 8:15:20 PM | Attr = HS] penclass.sys -> %SystemRoot%\System32\drivers\penclass.sys -> Wacom Technology Corporation [Ver = 4.00 | Size = 8138 bytes | Created Date = 4/9/2008 4:27:02 PM | Attr = ] NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Created Date = 4/7/2008 6:39:33 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> pencls32.dll -> %SystemRoot%\System32\pencls32.dll -> Wacom Technology [Ver = 1,00,01,001 | Size = 36864 bytes | Created Date = 4/9/2008 4:25:49 PM | Attr = ] TabCP-En.znc -> %SystemRoot%\System32\TabCP-En.znc -> [Ver = | Size = 2356539 bytes | Created Date = 4/9/2008 4:27:02 PM | Attr = ] TabHook.dll -> %SystemRoot%\System32\TabHook.dll -> Wacom Technology, Corp. [Ver = 4.78-6 | Size = 44544 bytes | Created Date = 4/9/2008 4:27:02 PM | Attr = ] tablet.dat -> %SystemRoot%\System32\tablet.dat -> [Ver = | Size = 251 bytes | Created Date = 4/9/2008 4:27:02 PM | Attr = ] Tablet.exe -> %SystemRoot%\System32\Tablet.exe -> Wacom Technology, Corp. [Ver = 4.78-6 | Size = 634880 bytes | Created Date = 4/9/2008 4:27:02 PM | Attr = ] TabUnst.dll -> %SystemRoot%\System32\TabUnst.dll -> [Ver = | Size = 65536 bytes | Created Date = 4/9/2008 4:27:02 PM | Attr = ] Wacom.cpl -> %SystemRoot%\System32\Wacom.cpl -> Wacom Technology, Corp. [Ver = 4.78-6 | Size = 942080 bytes | Created Date = 4/9/2008 4:27:02 PM | Attr = ] wintab.dll -> %SystemRoot%\System32\wintab.dll -> [Ver = | Size = 15744 bytes | Created Date = 4/9/2008 4:27:02 PM | Attr = ] Wintab32.dll -> %SystemRoot%\System32\Wintab32.dll -> Wacom Technology, Corp. [Ver = 4.78-6 | Size = 102400 bytes | Created Date = 4/9/2008 4:27:02 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 4/27/2008 11:03:13 AM | Attr = ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1.0.0.10 | Size = 73728 bytes | Created Date = 4/27/2008 11:01:17 AM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 4/27/2008 11:01:17 AM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 4/27/2008 11:01:17 AM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 4/27/2008 11:01:17 AM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 4/27/2008 11:01:17 AM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 4/27/2008 11:01:17 AM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 4/27/2008 11:01:17 AM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 4/27/2008 11:01:17 AM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 4/27/2008 11:01:17 AM | Attr = ] [Files/Folders - Modified Within 30 days] 444834fd119f26321daaf28198 -> %SystemDrive%\444834fd119f26321daaf28198 -> [Folder | Modified Date = 4/27/2008 9:49:14 AM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 4/20/2008 10:01:03 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 4/22/2008 3:13:15 PM | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 4/27/2008 11:29:37 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 4/29/2008 8:15:20 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 4/29/2008 8:16:02 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 5/2/2008 3:46:45 PM | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 4/27/2008 11:08:57 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 5/2/2008 10:20:56 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 228000 bytes | Modified Date = 4/9/2008 3:21:15 PM | Attr = ] NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Modified Date = 4/7/2008 6:39:33 PM | Attr = ] SteelVine.db -> %SystemRoot%\System32\SteelVine.db -> [Ver = | Size = 65536 bytes | Modified Date = 5/3/2008 9:21:33 AM | Attr = ] tablet.dat -> %SystemRoot%\System32\tablet.dat -> [Ver = | Size = 251 bytes | Modified Date = 5/3/2008 9:21:51 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 4/28/2008 3:54:55 PM | Attr = ] WTablet -> %SystemRoot%\System32\WTablet -> [Folder | Modified Date = 4/9/2008 4:27:02 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 4/8/2008 9:07:04 PM | Attr = H ] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 5/3/2008 9:19:36 AM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 4/15/2008 4:49:35 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 4/27/2008 11:08:57 AM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 4/27/2008 11:03:13 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 4/9/2008 4:33:10 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 4/27/2008 10:19:14 AM | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/3/2008 9:34:04 AM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 4/6/2008 11:14:06 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 4/27/2008 11:20:48 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 5/3/2008 9:21:51 AM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/3/2008 9:28:21 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/3/2008 9:20:13 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 3/27/2007 2:38:17 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 5/2/2008 12:17:07 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 7192 bytes | Modified Date = 5/2/2008 12:12:10 PM | Attr = ] C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP6ZK1MF\ -> C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP6ZK1MF -> [Folder | Modified Date = 5/2/2008 5:34:57 PM | Attr = S] ComboFix[1].exe -> C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP6ZK1MF\ComboFix[1].exe -> [Ver = | Size = 0 bytes | Modified Date = 4/21/2008 8:11:41 PM | Attr = ] ComboFix[2].exe -> C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP6ZK1MF\ComboFix[2].exe -> [Ver = | Size = 0 bytes | Modified Date = 4/21/2008 8:20:13 PM | Attr = ] ComboFix[3].exe -> C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP6ZK1MF\ComboFix[3].exe -> [Ver = | Size = 0 bytes | Modified Date = 4/21/2008 8:28:28 PM | Attr = ] ComboFix[4].exe -> C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP6ZK1MF\ComboFix[4].exe -> [Ver = | Size = 0 bytes | Modified Date = 4/21/2008 8:43:44 PM | Attr = ] C:\Documents and Settings\jim\Local Settings\Temp\{36CDA33B-909B-4719-97D1-C4B99309BDC7}\ -> C:\Documents and Settings\jim\Local Settings\Temp\{36CDA33B-909B-4719-97D1-C4B99309BDC7} -> [Folder | Modified Date = 2/28/2007 4:12:08 PM | Attr = ] atiusbdx.dll -> C:\Documents and Settings\jim\Local Settings\Temp\{36CDA33B-909B-4719-97D1-C4B99309BDC7}\atiusbdx.dll -> [Ver = | Size = 118784 bytes | Modified Date = 2/28/2007 4:12:04 PM | Attr = ] C:\Documents and Settings\jim\Local Settings\Temp\Cookies\ -> C:\Documents and Settings\jim\Local Settings\Temp\Cookies -> [Folder | Modified Date = 5/3/2008 9:19:39 AM | Attr = HS] index.dat -> C:\Documents and Settings\jim\Local Settings\Temp\Cookies\index.dat -> [Ver = | Size = 114688 bytes | Modified Date = 5/3/2008 9:20:45 AM | Attr = ] C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\ -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\ -> [Folder | Modified Date = 5/2/2008 2:45:08 PM | Attr = HS] index.dat -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\index.dat -> [Ver = | Size = 1376256 bytes | Modified Date = 5/3/2008 9:20:45 AM | Attr = ] C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008042120080428\ -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008042120080428 -> [Folder | Modified Date = 4/28/2008 5:36:17 PM | Attr = HS] index.dat -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008042120080428\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 4/28/2008 5:36:14 PM | Attr = HS] C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008042820080429\ -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008042820080429 -> [Folder | Modified Date = 4/28/2008 5:36:18 PM | Attr = HS] index.dat -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008042820080429\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 4/28/2008 3:54:55 PM | Attr = HS] C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008042920080430\ -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008042920080430 -> [Folder | Modified Date = 4/29/2008 4:34:26 PM | Attr = HS] index.dat -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008042920080430\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 4/29/2008 6:51:10 PM | Attr = HS] C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008043020080501\ -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008043020080501 -> [Folder | Modified Date = 4/30/2008 4:24:41 PM | Attr = HS] index.dat -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008043020080501\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 4/30/2008 9:12:00 PM | Attr = HS] C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008050120080502\ -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008050120080502 -> [Folder | Modified Date = 5/1/2008 4:24:40 PM | Attr = HS] index.dat -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008050120080502\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 5/1/2008 9:12:11 PM | Attr = HS] C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008050220080503\ -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008050220080503 -> [Folder | Modified Date = 5/2/2008 2:45:08 PM | Attr = HS] index.dat -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008050220080503\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 5/2/2008 9:22:05 PM | Attr = HS] C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008050320080504\ -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008050320080504 -> [Folder | Modified Date = 5/3/2008 12:31:19 AM | Attr = HS] index.dat -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\MSHist012008050320080504\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 5/3/2008 12:30:49 AM | Attr = HS] C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 4/27/2008 11:48:52 AM | Attr = HS] index.dat -> C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 1818624 bytes | Modified Date = 5/3/2008 9:20:45 AM | Attr = ] C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\ -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\ -> [Folder | Modified Date = 5/2/2008 2:45:08 PM | Attr = HS] desktop.ini -> C:\Documents and Settings\jim\Local Settings\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 145 bytes | Modified Date = 4/27/2008 11:48:52 AM | Attr = HS] C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 4/27/2008 11:48:52 AM | Attr = HS] desktop.ini -> C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 4/27/2008 11:48:52 AM | Attr = HS] C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP6ZK1MF\ -> C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP6ZK1MF -> [Folder | Modified Date = 5/2/2008 5:34:57 PM | Attr = S] desktop.ini -> C:\Documents and Settings\jim\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP6ZK1MF\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 10/27/2007 8:42:20 PM | Attr = HS] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\SoftwareDistribution\Download\0bc6e13d64d4c5ecf24adf1808f8bc5e24f186c7 1281408 bytes executable C:\WINDOWS\Temp\MSI12046.LOG 398 bytes C:\WINDOWS\Temp\sqlite_3IK1hUH5JMFuhXa 2048 bytes C:\WINDOWS\Temp\sqlite_EHuRaDRKdce0cy4 2048 bytes C:\WINDOWS\Temp\sqlite_f3LU3cHaOyxrtli 0 bytes C:\WINDOWS\Temp\sqlite_ka1SEbKSDNcUo4u 2048 bytes C:\WINDOWS\Temp\sqlite_lFqHd7qhDehxubB 2048 bytes C:\WINDOWS\Temp\sqlite_lGvrz0hVjco7GBs 0 bytes C:\WINDOWS\Temp\sqlite_M9o3cJVAVlzRvj7 0 bytes C:\WINDOWS\Temp\sqlite_n8bRFfjrVeA99jD 2048 bytes C:\WINDOWS\Temp\sqlite_qxFG48fJO4fcMKp 0 bytes C:\WINDOWS\Temp\sqlite_RHWzO9iaN4PtEjN 2048 bytes C:\WINDOWS\Temp\sqlite_uey4jqawdF6pvOJ 0 bytes C:\WINDOWS\Temp\sqlite_vcEJw91QwiuPCVh 2048 bytes C:\WINDOWS\Temp\sqlite_viRYWN60b2z0BfI 0 bytes C:\WINDOWS\Temp\sqlite_wPKaXlcEzU2Co7k 0 bytes C:\WINDOWS\Temp\sqlite_wsDRPMnBWOji0ok 2048 bytes C:\WINDOWS\Temp\sqlite_zAeQQAQA0gz7j8L 0 bytes C:\WINDOWS\Temp\uxeventlog.txt 2 bytes C:\WINDOWS\Temp\dd_depcheck_NETFX20_EXP_35.txt 6458 bytes C:\WINDOWS\Temp\dd_dotnetfx20error.txt 2702 bytes C:\WINDOWS\Temp\dd_dotnetfx20install.txt 10426 bytes C:\WINDOWS\Temp\dd_netfx20UI6B83.txt 13998 bytes C:\WINDOWS\Microsoft.NET\Framework C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe 72704 bytes executable C:\WINDOWS\Microsoft.NET\Framework\netfxsbs12.hkf 41392 bytes C:\WINDOWS\Microsoft.NET\Framework\sbscmp10.dll 7680 bytes executable C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_mscorwks.dll 7680 bytes executable C:\WINDOWS\Microsoft.NET\Framework\sbscmp20_perfcounter.dll 7680 bytes executable C:\WINDOWS\Microsoft.NET\Framework\sbs_diasymreader.dll 5120 bytes executable C:\WINDOWS\Microsoft.NET\Framework\sbs_iehost.dll 5120 bytes executable C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.jscript.dll 5120 bytes executable C:\WINDOWS\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll 5632 bytes executable C:\WINDOWS\Microsoft.NET\Framework\sbs_mscordbi.dll 5120 bytes executable C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorrc.dll 5120 bytes executable C:\WINDOWS\Microsoft.NET\Framework\sbs_mscorsec.dll 5120 bytes executable C:\WINDOWS\Microsoft.NET\Framework\sbs_system.configuration.install.dll 5120 bytes executable C:\WINDOWS\Microsoft.NET\Framework\sbs_system.data.dll 5120 bytes executable C:\WINDOWS\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll 5120 bytes executable C:\WINDOWS\Microsoft.NET\Framework\sbs_VsaVb7rt.dll 5120 bytes executable C:\WINDOWS\Microsoft.NET\Framework\sbs_wminet_utils.dll 5120 bytes executable C:\WINDOWS\Microsoft.NET\Framework\SharedReg12.dll 7680 bytes executable C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705 C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\installutil.exe.config 353 bytes C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.cfg 5201 bytes C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll 86528 bytes executable C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\regsvcs.exe.config 351 bytes C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe.config 140 bytes C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\regsvcs.exe.config 353 bytes C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 51 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\jim\Application Data\Microsoft\Media Player\0002A27F.wpl 155 bytes C:\Documents and Settings\jim\Application Data\Microsoft\Media Player\Skins scan completed successfully hidden files: 15 < End of report > [/code]