[code] OTScanIt logfile created on: 5/24/2008 6:32:29 PM OTScanIt by OldTimer - Version 1.0.14.3 Folder = C:\Documents and Settings\Margaret\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 254.48 Mb Total Physical Memory | 56.93 Mb Available Physical Memory | 22.37% Memory free 635.35 Mb Paging File | 134.12 Mb Available in Paging File | 21.11% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.84 Gb Total Space | 38.54 Gb Free Space | 69.02% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DJ5NRD21 Current User Name: Margaret Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 11/28/2005 12:11:36 PM | Attr = ] mcmscsvc.exe -> %SystemDrive%\PROGRA~1\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 7:08:06 AM | Attr = ] mcnasvc.exe -> %CommonProgramFiles%\mcafee\mna\mcnasvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 8:15:18 PM | Attr = ] mcproxy.exe -> %SystemDrive%\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 10/19/2005 8:59:12 AM | Attr = ] directcd.exe -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe -> Roxio [Ver = 5.2.0.91 | Size = 679936 bytes | Modified Date = 4/10/2002 6:44:04 PM | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 1/12/2005 2:54:58 PM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 12/27/2004 8:34:31 PM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ] ybrwicon.exe -> %SystemDrive%\PROGRA~1\Yahoo!\browser\ybrwicon.exe -> Yahoo! Inc. [Ver = 2006, 7, 21, 1 | Size = 129536 bytes | Modified Date = 7/21/2006 5:19:46 PM | Attr = ] motivesb.exe -> %SystemDrive%\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe -> Motive, Inc. [Ver = 5.6.7.asst_classic.smartbridge.20031210_035000 | Size = 380928 bytes | Modified Date = 8/21/2006 7:10:00 PM | Attr = ] yop.exe -> %SystemDrive%\PROGRA~1\Yahoo!\YOP\yop.exe -> Yahoo! Inc. [Ver = 2006, 7, 20, 1 | Size = 407032 bytes | Modified Date = 7/21/2006 11:43:10 AM | Attr = ] mcshield.exe -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr = ] siteadv.exe -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 2/8/2007 10:39:34 PM | Attr = ] apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 3/9/2007 11:09:58 AM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 4/25/2008 9:20:43 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2/22/2008 4:25:21 AM | Attr = ] sysragfchqs.exe -> %SystemRoot%\sysragfchqs.exe -> [Ver = | Size = 73280 bytes | Modified Date = 5/23/2008 10:08:14 AM | Attr = ] syscdupretn.exe -> %SystemRoot%\syscdupretn.exe -> [Ver = | Size = 80448 bytes | Modified Date = 5/23/2008 10:08:10 AM | Attr = ] sysgycnafek.exe -> %SystemRoot%\sysgycnafek.exe -> [Ver = | Size = 83520 bytes | Modified Date = 5/23/2008 10:08:13 AM | Attr = ] sysnwqdfbta.exe -> %SystemRoot%\sysnwqdfbta.exe -> [Ver = | Size = 82496 bytes | Modified Date = 5/23/2008 10:08:13 AM | Attr = ] sysuxvmschr.exe -> %SystemRoot%\sysuxvmschr.exe -> [Ver = | Size = 85568 bytes | Modified Date = 5/23/2008 10:08:15 AM | Attr = ] ycommon.exe -> %SystemDrive%\PROGRA~1\Yahoo!\browser\ycommon.exe -> Yahoo!, Inc. [Ver = 2006, 3, 2, 1 | Size = 200704 bytes | Modified Date = 3/3/2006 3:18:10 PM | Attr = ] aim.exe -> %SystemDrive%\PROGRA~1\AIM95\aim.exe -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 6/2/2005 1:34:34 AM | Attr = ] mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ] dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 11:09:36 AM | Attr = ] antispyware.exe -> %ProgramFiles%\AntiSpywareApp\Antispyware.exe -> AntiSpyware LLC [Ver = 1.5.3057.721 | Size = 19887352 bytes | Modified Date = 5/16/2008 1:46:14 PM | Attr = ] hpzipm12.exe -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 3:27:52 AM | Attr = ] dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 45056 bytes | Modified Date = 2/15/2002 12:31:42 PM | Attr = ] sansasvr.exe -> %ProgramFiles%\SanDisk\Sansa Updater\SansaSvr.exe -> [Ver = | Size = 36864 bytes | Modified Date = 8/22/2006 5:18:10 PM | Attr = ] hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 9/16/2003 6:19:24 AM | Attr = ] easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 9/19/2007 4:33:46 AM | Attr = ] mpbtn.exe -> %ProgramFiles%\SBC Self Support Tool\bin\mpbtn.exe -> [Ver = | Size = 192512 bytes | Modified Date = 10/10/2003 9:06:10 AM | Attr = ] ymsgr_tray.exe -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103664 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ] mcagent.exe -> %SystemDrive%\PROGRA~1\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 8/4/2007 2:33:14 AM | Attr = ] mcsysmon.exe -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 1:41:52 AM | Attr = ] ymetray.exe -> %ProgramFiles%\Yahoo!\Yahoo! Music Engine\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.058 (Build 058) | Size = 54512 bytes | Modified Date = 2/5/2008 2:29:20 PM | Attr = ] trueassistant.exe -> %ProgramFiles%\TrueAssistant\TrueAssistant.exe -> Esaya, Inc. [Ver = 2, 1, 3, 3 | Size = 372224 bytes | Modified Date = 1/21/2005 10:03:00 AM | Attr = ] hpdarc.exe -> %ProgramFiles%\HP\hpcoretech\comp\hpdarc.exe -> Hewlett-Packard Company [Ver = 2.1.6.2 | Size = 167936 bytes | Modified Date = 1/12/2005 2:54:56 PM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] otscanit.exe -> OTScanIt.exe -> OldTimer Tools [Ver = 1.0.14.3 | Size = 374272 bytes | Modified Date = 5/23/2008 11:55:32 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 11/28/2005 12:11:36 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ] (DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 3:47:46 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ] (mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 8/4/2007 7:08:06 AM | Attr = ] (McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\mcafee\mna\mcnasvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 7/22/2007 8:15:18 PM | Attr = ] (McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 7/25/2007 3:16:16 AM | Attr = ] (McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ] (McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found (McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 7/25/2007 1:41:52 AM | Attr = ] (MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\msdtc -> [Folder | Modified Date = 2/10/2003 3:34:00 PM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/9/2007 3:27:52 AM | Attr = ] (SansaService) Sansa Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SanDisk\Sansa Updater\SansaSvr.exe -> [Ver = | Size = 36864 bytes | Modified Date = 8/22/2006 5:18:10 PM | Attr = ] (YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\YPCSER~1.EXE -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 5:07:38 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> [] -> File not found {1989CEB5-CC50-4314-9FD6-597E6F7CC50F} -> sysgycnafek.exe ["C:\WINDOWS\sysgycnafek.exe"] -> File not found {6739EFCB-69CF-41db-ADD7-79047E1BB2C0} -> syscdupretn.exe ["C:\WINDOWS\syscdupretn.exe"] -> File not found {7D5C078D-6337-46a1-852E-D1A97B8EBB8C} -> sysragfchqs.exe ["C:\WINDOWS\sysragfchqs.exe"] -> File not found {B774C456-2718-417d-AC6E-E0049682876F} -> sysnwqdfbta.exe ["C:\WINDOWS\sysnwqdfbta.exe"] -> File not found {F93D8433-BFDA-4e2c-ABB9-EBA2716CD140} -> sysuxvmschr.exe ["C:\WINDOWS\sysuxvmschr.exe"] -> File not found AdaptecDirectCD -> DirectCD.exe ["C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"] -> File not found Adobe Photo Downloader -> apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> File not found Adobe Reader Speed Launcher -> Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> File not found dscactivate -> dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> File not found HotKeysCmds -> hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> File not found HP Component Manager -> hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> File not found HP Software Update -> HPWuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> File not found hpfsched -> hpfsched.exe [C:\WINDOWS\hpfsched.exe] -> File not found IgfxTray -> igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> File not found mcagent_exe -> mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> File not found Motive SmartBridge -> MotiveSB.exe [C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe] -> File not found QAGENT -> QAGENT.EXE [C:\Program Files\QUICKENW\QAGENT.EXE] -> File not found QuickTime Task -> qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> File not found SiteAdvisor -> SiteAdv.exe [C:\Program Files\SiteAdvisor\6066\SiteAdv.exe] -> File not found SunJavaUpdateSched -> jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> File not found TkBellExe -> realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> File not found UserFaultCheck -> [%systemroot%\system32\dumprep 0 -u] -> File not found Windows Defender -> MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> File not found YBrowser -> ybrwicon.exe [C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe] -> File not found YOP -> yop.exe [C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart] -> File not found < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> aim.exe [C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl] -> File not found Antispyware -> Antispyware.exe [C:\Program Files\AntiSpywareApp\Antispyware.exe -boot] -> File not found DellSupport -> DSAgnt.exe ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> File not found QdrModule16 -> QdrModule16.exe ["C:\Program Files\QdrModule\QdrModule16.exe"] -> File not found SUPERAntiSpyware -> SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> File not found Yahoo! Pager -> YAHOOM~1.EXE ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> File not found < Run [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> aim.exe [C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl] -> File not found Antispyware -> Antispyware.exe [C:\Program Files\AntiSpywareApp\Antispyware.exe -boot] -> File not found DellSupport -> DSAgnt.exe ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> File not found QdrModule16 -> QdrModule16.exe ["C:\Program Files\QdrModule\QdrModule16.exe"] -> File not found SUPERAntiSpyware -> SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> File not found Yahoo! Pager -> YAHOOM~1.EXE ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk -> matcli.exe -> File not found %AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> DLG.exe -> File not found %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> hpqtra08.exe -> File not found %AllUsersProfile%\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> EasyShare.exe -> File not found %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> OSA9.EXE -> File not found %AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> ymetray.exe -> File not found < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Margaret Startup Folder > -> C:\Documents and Settings\Margaret\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\TrueAssistant.lnk -> TrueAssistant.exe -> File not found < IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> Your Image File Name Here without a path -> [Debugger] -> File not found < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> explorer.exe -> File not found *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> userinit.exe -> File not found *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> logonui.exe -> File not found *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> -> File not found Control_RunDLL "sysdm.cpl" -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 10/19/2005 8:59:14 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoControlPanel -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddRemovePrograms -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoRemovePage -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddPage -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoWindowsSetupPage -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromCDorFloppy -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromInternet -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromNetwork -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoServices -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoSupportInfo -> 0 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddRemovePrograms -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoRemovePage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoWindowsSetupPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromCDorFloppy -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromInternet -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromNetwork -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoServices -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoSupportInfo -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoControlPanel -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWindowsUpdate -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 1 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddRemovePrograms -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoRemovePage -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddPage -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoWindowsSetupPage -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromCDorFloppy -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromInternet -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromNetwork -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoServices -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoSupportInfo -> 0 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> cdrom.sys [System32\DRIVERS\cdrom.sys] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> 5&1202a50f&0&0.0.0 [IDE\CdRomSAMSUNG_CD-ROM_SC-148C__________________B105____\5&1202a50f&0&0.0.0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> 5&1202a50f&0&0.1.0 [IDE\CdRomHL-DT-ST_CD-RW_GCE-8400B________________B104____\5&1202a50f&0&0.1.0] -> File not found < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> AUTOEXEC.BAT [ NTFS ] -> File not found < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[gogl] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 1:53:18 PM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1;http://localhost;*.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dellnet.com -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://att.yahoo.com -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> HKEY_USERS\.DEFAULT\: ProxyOverride -> 127.0.0.1;http://localhost;*.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dellnet.com -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://att.yahoo.com -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-18\: ProxyOverride -> 127.0.0.1;http://localhost;*.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[gogl] -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 1:53:18 PM | Attr = ] HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: ProxyOverride -> 127.0.0.1;http://localhost;*.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 91 domain(s) found. -> .[msn] -> My Computer -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> turbotax.com .[https] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 91 domain(s) found. -> .[msn] -> My Computer -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> turbotax.com .[https] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 910624 bytes | Modified Date = 8/13/2007 2:05:04 PM | Attr = ] {150fa160-130d-451f-b863-b655061432ba} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {2d38a51a-23c9-48a1-a33c-48675aa2b494} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {2e9caff6-30c7-4208-8807-e79d4ec6f806} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.1.57 | Size = 308856 bytes | Modified Date = 4/25/2008 9:32:12 PM | Attr = ] {6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {79369d5c-2903-4b7a-ade2-d5e0dee14d24} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {799a370d-5993-4887-9df7-0a4756a77d00} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.366.x86 | Size = 58688 bytes | Modified Date = 10/24/2007 6:51:28 AM | Attr = ] {a55581dc-2cdb-4089-8878-71a080b22342} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {b847676d-72ac-4393-bfff-43a1eb979352} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {bc97b254-b2b9-4d40-971d-78e0978f5f26} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {e2ddf680-9905-4dee-8c64-0a5de7fe133c} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {e7afff2a-1b57-49c7-bf6b-e5123394c970} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2/3/2005 5:07:08 PM | Attr = ] {ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.dll [McAfee SiteAdvisor] -> [Ver = | Size = 910624 bytes | Modified Date = 8/13/2007 2:05:04 PM | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 1:53:18 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 1:53:18 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 9/29/2006 1:53:18 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [AT&T Yahoo! Services] -> File not found {7F9DB11C-E358-4ca6-A83D-ACC663939424}:BandCLSID -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 454656 bytes | Modified Date = 11/28/2005 12:11:26 PM | Attr = ] {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> aim.exe [AIM] -> File not found {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec -> xpnetdiag.exe [@xpsp3res.dll,-20001] -> File not found {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> msmsgs.exe [Messenger] -> File not found CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> [AT&T Yahoo! Services] -> File not found CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 454656 bytes | Modified Date = 11/28/2005 12:11:26 PM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> aim.exe [AIM] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> xpnetdiag.exe [@xpsp3res.dll,-20001] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> msmsgs.exe [Messenger] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Search -> AIMBar.dll/aimsearch.htm -> File not found &AOL Toolbar search -> -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> aim.exe [AIM] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> msmsgs.exe [Messenger] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> aim.exe [AIM] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> msmsgs.exe [Messenger] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> [AT&T Yahoo! Services] -> File not found CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 454656 bytes | Modified Date = 11/28/2005 12:11:26 PM | Attr = ] CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> aim.exe [AIM] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> xpnetdiag.exe [@xpsp3res.dll,-20001] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> msmsgs.exe [Messenger] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Search -> AIMBar.dll/aimsearch.htm -> File not found &AOL Toolbar search -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> YPC 3.2.0 -> Yahoo! Parental Controls -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {925A4079-2CFA-44AE-B743-72246912CCAA} -> (Broadcom 440x 10/100 Integrated Controller) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 94208 bytes | Modified Date = 11/28/2005 12:11:28 PM | Attr = ] < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.6.2 | Size = 81920 bytes | Modified Date = 1/12/2005 2:54:56 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.dll[Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 910624 bytes | Modified Date = 8/13/2007 2:05:04 PM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {3107C2A8-9F0B-4404-A58B-21BD85268FBC}[HKEY_LOCAL_MACHINE] -> http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB[PogoWebLauncher Control] -> {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab[McAfee.com Operating System Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182203961828[MUWebControl Class] -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/shared/wwlaunch.cab[Reg Error: Key does not exist or could not be opened.] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3}[HKEY_LOCAL_MACHINE] -> http://71.254.156.21/activex/AxisCamControl.cab[CamImage Class] -> {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab[DwnldGroupMgr Class] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4338/mcfscan.cab[McFreeScan Class] -> Addiction by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.2.14/applet/addiction/addiction-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Bingo Luau by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/8.1.9.1/applet/freebingo/freebingo-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Blackjack by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.7.44/applet/blackjack/blackjack-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Blackjack Carnival by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.5.27/applet/vbjack2/vbjack2-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Bowling by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.9.1/applet/bowling/bowling-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Canasta by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.5.27/applet/canasta/canasta-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Dice City Roller by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.1.7/applet/ytz/ytz-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Dominoes v2 by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/8.1.9.1/applet/domino2/domino2-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Euchre by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/8.1.9.1/applet/euchre/euchre-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Fortune Bingo by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.1.7/applet/superbingo/superbingo-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Golf Solitaire by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.1.7/applet/golfsolitaire/golfsolitaire-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> High Stakes Pool by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.2.13/applet/pool2/pool-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Lottso by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.9.1/applet/lottso/lottso-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Mahjong Safari by Pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.3.15/applet/safari/safari-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Makeover Madness by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.7.44/applet/shoes/shoes-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> Pinochle by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.7.44/applet/pinochle/pinochle-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Pop Fu by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.9.1/applet/popfu/popfu-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Poppit by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.9.11/applet/poppit2/poppit2-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Quick Quack by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.7.44/applet/hotstreak/hotstreak-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Spades 2 by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.2.13/applet/spades2/spades2-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Squelchies by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/8.1.9.1/applet/squelchies/squelchies-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Super Dominoes by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.6.3/applet/superdomino/superdomino-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Sweet Tooth 2 by Pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.6.21/applet/sweettooth2/sweettooth2-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Thousand Island Solitaire by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.7.44/applet/millbrae/millbrae-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Tri-Peaks by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.1.7/applet/peaks/peaks-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Turbo 21 v2 by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.9.7/applet/turbo22/turbo22-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Wonderland Memories by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/applet-6.7.2.24/memories/memories-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Word Search Daily by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.1.7/applet/wordsearch/wordsearch-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PogoWebLauncher.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PogoWebLauncher.ocx\\.Owner -> {3107C2A8-9F0B-4404-A58B-21BD85268FBC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PogoWebLauncher.ocx\\{3107C2A8-9F0B-4404-A58B-21BD85268FBC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\.Owner -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> Wheel Of Fortune -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\Wheel Of Fortune -> Wheel Of Fortune -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> Wheel Of Fortune -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\Wheel Of Fortune -> Wheel Of Fortune -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> Wheel Of Fortune -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\Wheel Of Fortune -> Wheel Of Fortune -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr = ] schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 508 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 13 1B 28 6C 58 B3 A8 A1 0A 90 EB 22 AE 7E 0B 82 63 32 34 35 38 62 31 30 00 00 00 00 01 00 00 00 B4 01 00 00 B8 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 EF 95 69 23 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 0B 05 E8 A2 3F 89 61 FB C4 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 7D 86 E3 E8 8C FD [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 30 50 E9 51 F4 B6 3A A7 DE 5D B0 C9 48 15 02 0D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com [http://www.passport.com] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 3C 46 AA 96 DA BA C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 6F E3 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 470940 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM95\aim.exe -> C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe -> C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM95\aim.exe -> C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\Program Files\Yahoo!\Messenger\YPager.exe -> c:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\Program Files\Yahoo!\Messenger\yserver.exe -> c:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe -> C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe -> C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -> C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\browser\ybrowser.exe -> C:\Program Files\Yahoo!\browser\ybrowser.exe:*:Enabled:Yahoo! Browser -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\YOP\yop.exe -> C:\Program Files\Yahoo!\YOP\yop.exe:*:Enabled:Dashboard Module -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe -> C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe -> C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe -> C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe -> C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{925A4079-2CFA-44AE-B743-72246912CCAA} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{5624EF25-38E0-493C-BC04-4AD0D6EBF07B} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> 0 -> [Files/Folders - Created Within 90 days] TurboTax2006Premier -> %SystemDrive%\TurboTax2006Premier -> [Folder | Created Date = 4/29/2008 8:12:21 PM | Attr = ] 3 C:\*.tmp files -> C:\*.tmp -> antispyware.sys -> %SystemRoot%\System32\drivers\antispyware.sys -> [Ver = | Size = 22528 bytes | Created Date = 5/19/2008 6:01:20 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Created Date = 5/19/2008 9:18:20 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 27048 bytes | Created Date = 5/19/2008 9:18:20 PM | Attr = ] 404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Created Date = 5/19/2008 5:47:05 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\404Fix.exe:Zone.Identifier dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 5/19/2008 5:47:02 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\dumphive.exe:Zone.Identifier hljwugsf.bin -> %SystemRoot%\System32\hljwugsf.bin -> [Ver = | Size = 4 bytes | Created Date = 5/18/2008 9:51:35 AM | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Created Date = 5/19/2008 5:47:03 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\IEDFix.exe:Zone.Identifier java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 5/18/2008 8:59:58 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 5/18/2008 9:00:00 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 5/18/2008 8:59:59 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 5/18/2008 8:59:59 PM | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 197 bytes | Created Date = 5/16/2008 6:37:07 AM | Attr = ] Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 5/19/2008 5:47:00 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\Process.exe:Zone.Identifier SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 5/19/2008 5:47:02 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\SrchSTS.exe:Zone.Identifier swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 5/19/2008 5:47:01 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\swreg.exe:Zone.Identifier swsc.exe -> %SystemRoot%\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 5/19/2008 5:47:01 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\swsc.exe:Zone.Identifier swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 5/19/2008 5:47:02 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\swxcacls.exe:Zone.Identifier tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 4458 bytes | Created Date = 5/19/2008 5:48:38 PM | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Created Date = 5/19/2008 5:47:04 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\VACFix.exe:Zone.Identifier VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 5/19/2008 5:47:03 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\VCCLSID.exe:Zone.Identifier WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 5/19/2008 5:47:03 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\WS2Fix.exe:Zone.Identifier accesss.exe -> %SystemRoot%\accesss.exe -> [Ver = | Size = 29696 bytes | Created Date = 5/20/2008 5:57:37 AM | Attr = ] astctl32.ocx -> %SystemRoot%\astctl32.ocx -> [Ver = | Size = 8960 bytes | Created Date = 5/20/2008 5:57:37 AM | Attr = ] avpcc.dll -> %SystemRoot%\avpcc.dll -> [Ver = | Size = 11520 bytes | Created Date = 5/20/2008 5:57:37 AM | Attr = ] clrssn.exe -> %SystemRoot%\clrssn.exe -> [Ver = | Size = 28928 bytes | Created Date = 5/20/2008 5:57:38 AM | Attr = ] config.ini -> %SystemRoot%\config.ini -> [Ver = | Size = 1920 bytes | Created Date = 5/23/2008 10:08:10 AM | Attr = ] cpan.dll -> %SystemRoot%\cpan.dll -> [Ver = | Size = 27648 bytes | Created Date = 5/20/2008 5:57:39 AM | Attr = ] ctfmon32.exe -> %SystemRoot%\ctfmon32.exe -> [Ver = | Size = 32000 bytes | Created Date = 5/18/2008 1:12:43 PM | Attr = ] ctrlpan.dll -> %SystemRoot%\ctrlpan.dll -> [Ver = | Size = 22528 bytes | Created Date = 5/20/2008 5:59:25 AM | Attr = ] default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1918 bytes | Created Date = 5/20/2008 5:58:28 AM | Attr = ] directx32.exe -> %SystemRoot%\directx32.exe -> [Ver = | Size = 14080 bytes | Created Date = 5/18/2008 1:12:44 PM | Attr = ] dnsrelay.dll -> %SystemRoot%\dnsrelay.dll -> [Ver = | Size = 12544 bytes | Created Date = 5/18/2008 1:12:44 PM | Attr = ] editpad.exe -> %SystemRoot%\editpad.exe -> [Ver = | Size = 11264 bytes | Created Date = 5/20/2008 5:59:25 AM | Attr = ] explore.exe -> %SystemRoot%\explore.exe -> [Ver = | Size = 22272 bytes | Created Date = 5/20/2008 5:59:26 AM | Attr = ] funniest.exe -> %SystemRoot%\funniest.exe -> [Ver = | Size = 27136 bytes | Created Date = 5/18/2008 1:12:45 PM | Attr = ] funny.exe -> %SystemRoot%\funny.exe -> [Ver = | Size = 9472 bytes | Created Date = 5/18/2008 1:12:45 PM | Attr = ] gfmnaaa.dll -> %SystemRoot%\gfmnaaa.dll -> [Ver = | Size = 10240 bytes | Created Date = 5/18/2008 1:12:45 PM | Attr = ] helpcvs.exe -> %SystemRoot%\helpcvs.exe -> [Ver = | Size = 26368 bytes | Created Date = 5/18/2008 1:12:45 PM | Attr = ] inetinf.exe -> %SystemRoot%\inetinf.exe -> [Ver = | Size = 18944 bytes | Created Date = 5/18/2008 1:12:46 PM | Attr = ] Instlog.lyt -> %SystemRoot%\Instlog.lyt -> [Ver = | Size = 4691 bytes | Created Date = 4/29/2008 8:31:37 PM | Attr = ] internet.exe -> %SystemRoot%\internet.exe -> [Ver = | Size = 31744 bytes | Created Date = 5/20/2008 5:57:41 AM | Attr = ] loader.exe -> %SystemRoot%\loader.exe -> [Ver = | Size = 18944 bytes | Created Date = 5/20/2008 5:57:41 AM | Attr = ] msconfd.dll -> %SystemRoot%\msconfd.dll -> [Ver = | Size = 26880 bytes | Created Date = 5/20/2008 5:59:26 AM | Attr = ] msspi.dll -> %SystemRoot%\msspi.dll -> [Ver = | Size = 13056 bytes | Created Date = 5/18/2008 1:12:47 PM | Attr = ] mssys.exe -> %SystemRoot%\mssys.exe -> [Ver = | Size = 21760 bytes | Created Date = 5/18/2008 11:06:21 PM | Attr = ] msupdate.exe -> %SystemRoot%\msupdate.exe -> [Ver = | Size = 17408 bytes | Created Date = 5/20/2008 5:59:26 AM | Attr = ] mswsc10.dll -> %SystemRoot%\mswsc10.dll -> [Ver = | Size = 19968 bytes | Created Date = 5/18/2008 1:12:48 PM | Attr = ] mswsc20.dll -> %SystemRoot%\mswsc20.dll -> [Ver = | Size = 27392 bytes | Created Date = 5/18/2008 1:12:48 PM | Attr = ] mtwirl32.dll -> %SystemRoot%\mtwirl32.dll -> [Ver = | Size = 26368 bytes | Created Date = 5/20/2008 5:57:42 AM | Attr = ] mywallpaper.bmp -> %SystemRoot%\mywallpaper.bmp -> [Ver = | Size = 3146550 bytes | Created Date = 5/23/2008 10:13:14 AM | Attr = ] notepad32.exe -> %SystemRoot%\notepad32.exe -> [Ver = | Size = 12800 bytes | Created Date = 5/20/2008 5:57:42 AM | Attr = ] qttasks.exe -> %SystemRoot%\qttasks.exe -> [Ver = | Size = 30208 bytes | Created Date = 5/20/2008 5:59:27 AM | Attr = ] quicken.exe -> %SystemRoot%\quicken.exe -> [Ver = | Size = 21504 bytes | Created Date = 5/20/2008 5:59:27 AM | Attr = ] rundll32.vbe -> %SystemRoot%\rundll32.vbe -> [Ver = | Size = 13056 bytes | Created Date = 5/18/2008 1:12:51 PM | Attr = ] searchword.dll -> %SystemRoot%\searchword.dll -> [Ver = | Size = 23040 bytes | Created Date = 5/18/2008 1:12:51 PM | Attr = ] sistem.exe -> %SystemRoot%\sistem.exe -> [Ver = | Size = 24576 bytes | Created Date = 5/20/2008 5:59:27 AM | Attr = ] svcinit.exe -> %SystemRoot%\svcinit.exe -> [Ver = | Size = 11008 bytes | Created Date = 5/18/2008 1:12:52 PM | Attr = ] syscdupretn.exe -> %SystemRoot%\syscdupretn.exe -> [Ver = | Size = 80448 bytes | Created Date = 5/23/2008 10:08:10 AM | Attr = ] sysgycnafek.exe -> %SystemRoot%\sysgycnafek.exe -> [Ver = | Size = 83520 bytes | Created Date = 5/23/2008 10:08:13 AM | Attr = ] sysnwqdfbta.exe -> %SystemRoot%\sysnwqdfbta.exe -> [Ver = | Size = 82496 bytes | Created Date = 5/23/2008 10:08:13 AM | Attr = ] sysragfchqs.exe -> %SystemRoot%\sysragfchqs.exe -> [Ver = | Size = 73280 bytes | Created Date = 5/23/2008 10:08:14 AM | Attr = ] sysuxvmschr.exe -> %SystemRoot%\sysuxvmschr.exe -> [Ver = | Size = 85568 bytes | Created Date = 5/23/2008 10:08:15 AM | Attr = ] time.exe -> %SystemRoot%\time.exe -> [Ver = | Size = 31744 bytes | Created Date = 5/20/2008 5:57:44 AM | Attr = ] users32.exe -> %SystemRoot%\users32.exe -> [Ver = | Size = 8960 bytes | Created Date = 5/19/2008 8:44:20 PM | Attr = ] waol.exe -> %SystemRoot%\waol.exe -> [Ver = | Size = 22784 bytes | Created Date = 5/19/2008 8:44:21 PM | Attr = ] win64.exe -> %SystemRoot%\win64.exe -> [Ver = | Size = 28160 bytes | Created Date = 5/19/2008 8:44:21 PM | Attr = ] winajbm.dll -> %SystemRoot%\winajbm.dll -> [Ver = | Size = 27648 bytes | Created Date = 5/19/2008 8:44:21 PM | Attr = ] window.exe -> %SystemRoot%\window.exe -> [Ver = | Size = 18688 bytes | Created Date = 5/19/2008 8:44:21 PM | Attr = ] winmgnt.exe -> %SystemRoot%\winmgnt.exe -> [Ver = | Size = 11008 bytes | Created Date = 5/19/2008 8:44:21 PM | Attr = ] x.exe -> %SystemRoot%\x.exe -> [Ver = | Size = 25088 bytes | Created Date = 5/19/2008 8:44:22 PM | Attr = ] xplugin.dll -> %SystemRoot%\xplugin.dll -> [Ver = | Size = 10240 bytes | Created Date = 5/20/2008 5:59:28 AM | Attr = ] xxxvideo.hta -> %SystemRoot%\xxxvideo.hta -> [Ver = | Size = 20480 bytes | Created Date = 5/20/2008 5:59:28 AM | Attr = ] y.exe -> %SystemRoot%\y.exe -> [Ver = | Size = 13568 bytes | Created Date = 5/20/2008 5:59:28 AM | Attr = ] zysqargtzkf.exe -> %SystemRoot%\zysqargtzkf.exe -> [Ver = | Size = 1272 bytes | Created Date = 5/23/2008 10:08:10 AM | Attr = ] zysrsetdhmz.exe -> %SystemRoot%\zysrsetdhmz.exe -> [Ver = | Size = 1409 bytes | Created Date = 5/23/2008 10:08:10 AM | Attr = ] zystmxcgfqz.exe -> %SystemRoot%\zystmxcgfqz.exe -> [Ver = | Size = 64 bytes | Created Date = 5/23/2008 10:08:10 AM | Attr = ] Antispyware Scheduled Scan.job -> %SystemRoot%\tasks\Antispyware Scheduled Scan.job -> [Ver = | Size = 514 bytes | Created Date = 5/18/2008 11:56:49 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 5/19/2008 9:18:20 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 5/20/2008 5:59:29 PM | Attr = ] Antispyware -> %AppData%\Antispyware -> [Folder | Created Date = 5/18/2008 11:56:30 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 5/19/2008 9:18:44 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 5/20/2008 5:58:00 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Created Date = 5/18/2008 11:38:19 PM | Attr = ] QDATA1_20080305.IDX -> %UserProfile%\My Documents\QDATA1_20080305.IDX -> [Ver = | Size = 491698 bytes | Created Date = 3/5/2008 7:19:34 PM | Attr = ] QDATA1_20080305.QDF -> %UserProfile%\My Documents\QDATA1_20080305.QDF -> [Ver = | Size = 4354344 bytes | Created Date = 3/5/2008 7:19:23 PM | Attr = ] QDATA1_20080305.QEL -> %UserProfile%\My Documents\QDATA1_20080305.QEL -> [Ver = | Size = 240640 bytes | Created Date = 3/5/2008 7:19:32 PM | Attr = ] QDATA1_20080305.QPH -> %UserProfile%\My Documents\QDATA1_20080305.QPH -> [Ver = | Size = 106595 bytes | Created Date = 3/5/2008 7:19:33 PM | Attr = ] Resume - 3-26-07.doc -> %UserProfile%\My Documents\Resume - 3-26-07.doc -> [Ver = | Size = 31744 bytes | Created Date = 3/26/2008 5:23:49 PM | Attr = ] Resume - 3-26-08.doc -> %UserProfile%\My Documents\Resume - 3-26-08.doc -> [Ver = | Size = 31744 bytes | Created Date = 4/10/2008 6:26:00 PM | Attr = ] AntiSpyware.lnk -> %AllUsersProfile%\Desktop\AntiSpyware.lnk -> [Ver = | Size = 2249 bytes | Created Date = 5/18/2008 11:55:46 PM | Attr = ] AT&T Yahoo! Music Jukebox.lnk -> %AllUsersProfile%\Desktop\AT&T Yahoo! Music Jukebox.lnk -> [Ver = | Size = 2112 bytes | Created Date = 3/9/2008 2:21:05 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 5/19/2008 9:18:22 PM | Attr = ] RealPlayer.lnk -> %AllUsersProfile%\Desktop\RealPlayer.lnk -> [Ver = | Size = 897 bytes | Created Date = 4/25/2008 9:33:14 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 5/20/2008 5:58:10 PM | Attr = ] TurboTax Premier Investments 2006.lnk -> %AllUsersProfile%\Desktop\TurboTax Premier Investments 2006.lnk -> [Ver = | Size = 1775 bytes | Created Date = 4/29/2008 8:40:45 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 5/21/2008 6:50:20 AM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 5/24/2008 6:30:08 PM | Attr = ] spybotsd152.exe -> %UserProfile%\Desktop\spybotsd152.exe -> Safer Networking Limited [Ver = 1.5.2 | Size = 9723880 bytes | Created Date = 5/18/2008 3:11:04 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 5/20/2008 5:56:59 PM | Attr = ] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Created Date = 4/25/2008 9:34:01 PM | Attr = ] AntiSpywareApp -> %ProgramFiles%\AntiSpywareApp -> [Folder | Created Date = 5/18/2008 11:54:24 PM | Attr = ] ItsDeductible2006 -> %ProgramFiles%\ItsDeductible2006 -> [Folder | Created Date = 4/29/2008 8:43:30 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 5/19/2008 9:18:19 PM | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 5/20/2008 8:55:23 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 5/20/2008 5:58:01 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 5/21/2008 6:50:18 AM | Attr = ] uTorrent -> %ProgramFiles%\uTorrent -> [Folder | Created Date = 5/18/2008 9:52:19 AM | Attr = ] [Files/Folders - Modified Within 90 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 5/20/2008 5:58:32 PM | Attr = ] 3 C:\*.tmp files -> C:\*.tmp -> hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 266915840 bytes | Modified Date = 5/24/2008 4:40:05 PM | Attr = HS] logfile -> %SystemDrive%\logfile -> [Ver = | Size = 48703 bytes | Modified Date = 5/24/2008 4:48:53 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/21/2008 6:50:18 AM | Attr = R ] TurboTax2006Premier -> %SystemDrive%\TurboTax2006Premier -> [Folder | Modified Date = 4/29/2008 8:23:33 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/24/2008 4:41:28 PM | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 AM | Attr = ] antispyware.sys -> %SystemRoot%\System32\drivers\antispyware.sys -> [Ver = | Size = 22528 bytes | Modified Date = 5/12/2008 2:10:39 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Modified Date = 5/5/2008 8:46:32 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 27048 bytes | Modified Date = 5/5/2008 8:46:36 PM | Attr = ] 404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Modified Date = 5/19/2008 5:44:43 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\404Fix.exe:Zone.Identifier CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 5/24/2008 4:45:16 PM | Attr = ] 11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CONFIG -> %SystemRoot%\System32\CONFIG -> [Folder | Modified Date = 4/15/2008 10:22:42 PM | Attr = ] Config.MPF -> %SystemRoot%\System32\Config.MPF -> [Ver = | Size = 25560 bytes | Modified Date = 5/24/2008 4:49:28 PM | Attr = ] DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 5/18/2008 9:53:55 AM | Attr = RHS] DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 5/20/2008 9:10:54 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 5/19/2008 5:58:25 AM | Attr = ] dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Modified Date = 5/19/2008 5:44:27 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\dumphive.exe:Zone.Identifier FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 313384 bytes | Modified Date = 4/10/2008 5:59:11 PM | Attr = ] hljwugsf.bin -> %SystemRoot%\System32\hljwugsf.bin -> [Ver = | Size = 4 bytes | Modified Date = 5/18/2008 9:51:35 AM | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Modified Date = 5/19/2008 5:44:43 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\IEDFix.exe:Zone.Identifier MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 197 bytes | Modified Date = 5/16/2008 6:37:07 AM | Attr = ] msjetoledb40.dll -> %SystemRoot%\System32\msjetoledb40.dll -> [Ver = | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 AM | Attr = ] PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT -> [Ver = | Size = 61500 bytes | Modified Date = 4/11/2008 6:50:03 AM | Attr = ] PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT -> [Ver = | Size = 400372 bytes | Modified Date = 4/11/2008 6:50:03 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 448456 bytes | Modified Date = 4/11/2008 6:50:03 AM | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 4/25/2008 9:24:12 PM | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 4/25/2008 9:26:30 PM | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 4/25/2008 9:26:30 PM | Attr = ] Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Modified Date = 5/19/2008 5:44:44 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\Process.exe:Zone.Identifier rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.53 | Size = 185944 bytes | Modified Date = 4/25/2008 9:29:07 PM | Attr = ] SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 5/19/2008 5:45:02 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\SrchSTS.exe:Zone.Identifier swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Modified Date = 5/19/2008 5:45:05 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\swreg.exe:Zone.Identifier swsc.exe -> %SystemRoot%\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Modified Date = 5/19/2008 5:45:05 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\swsc.exe:Zone.Identifier swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Modified Date = 5/19/2008 5:45:06 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\swxcacls.exe:Zone.Identifier tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 4458 bytes | Modified Date = 5/19/2008 6:04:27 PM | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Modified Date = 5/19/2008 5:45:09 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\VACFix.exe:Zone.Identifier VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Modified Date = 5/19/2008 5:45:10 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\VCCLSID.exe:Zone.Identifier WBEM -> %SystemRoot%\System32\WBEM -> [Folder | Modified Date = 4/15/2008 10:22:06 PM | Attr = ] WPA.DBL -> %SystemRoot%\System32\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 4/15/2008 10:25:39 PM | Attr = ] WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Modified Date = 5/19/2008 5:45:11 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\WS2Fix.exe:Zone.Identifier $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/13/2008 5:18:15 PM | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> accesss.exe -> %SystemRoot%\accesss.exe -> [Ver = | Size = 29696 bytes | Modified Date = 5/20/2008 5:57:37 AM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 4/11/2008 7:21:28 AM | Attr = R S] astctl32.ocx -> %SystemRoot%\astctl32.ocx -> [Ver = | Size = 8960 bytes | Modified Date = 5/20/2008 5:57:37 AM | Attr = ] avpcc.dll -> %SystemRoot%\avpcc.dll -> [Ver = | Size = 11520 bytes | Modified Date = 5/20/2008 5:57:37 AM | Attr = ] BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 5/24/2008 4:40:06 PM | Attr = S] cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 11113 bytes | Modified Date = 5/7/2008 10:00:42 PM | Attr = ] clrssn.exe -> %SystemRoot%\clrssn.exe -> [Ver = | Size = 28928 bytes | Modified Date = 5/20/2008 5:57:39 AM | Attr = ] config.ini -> %SystemRoot%\config.ini -> [Ver = | Size = 1920 bytes | Modified Date = 5/23/2008 10:08:17 AM | Attr = ] cpan.dll -> %SystemRoot%\cpan.dll -> [Ver = | Size = 27648 bytes | Modified Date = 5/20/2008 5:57:39 AM | Attr = ] ctfmon32.exe -> %SystemRoot%\ctfmon32.exe -> [Ver = | Size = 32000 bytes | Modified Date = 5/18/2008 1:12:43 PM | Attr = ] ctrlpan.dll -> %SystemRoot%\ctrlpan.dll -> [Ver = | Size = 22528 bytes | Modified Date = 5/20/2008 5:59:25 AM | Attr = ] default.htm -> %SystemRoot%\default.htm -> [Ver = | Size = 1918 bytes | Modified Date = 5/20/2008 5:05:46 PM | Attr = ] directx32.exe -> %SystemRoot%\directx32.exe -> [Ver = | Size = 14080 bytes | Modified Date = 5/18/2008 1:12:44 PM | Attr = ] dnsrelay.dll -> %SystemRoot%\dnsrelay.dll -> [Ver = | Size = 12544 bytes | Modified Date = 5/18/2008 1:12:44 PM | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 3/9/2008 2:14:55 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/20/2008 8:54:42 PM | Attr = S] editpad.exe -> %SystemRoot%\editpad.exe -> [Ver = | Size = 11264 bytes | Modified Date = 5/20/2008 5:59:25 AM | Attr = ] explore.exe -> %SystemRoot%\explore.exe -> [Ver = | Size = 22272 bytes | Modified Date = 5/20/2008 5:59:26 AM | Attr = ] funniest.exe -> %SystemRoot%\funniest.exe -> [Ver = | Size = 27136 bytes | Modified Date = 5/18/2008 1:12:45 PM | Attr = ] funny.exe -> %SystemRoot%\funny.exe -> [Ver = | Size = 9472 bytes | Modified Date = 5/18/2008 1:12:45 PM | Attr = ] gfmnaaa.dll -> %SystemRoot%\gfmnaaa.dll -> [Ver = | Size = 10240 bytes | Modified Date = 5/18/2008 1:12:45 PM | Attr = ] helpcvs.exe -> %SystemRoot%\helpcvs.exe -> [Ver = | Size = 26368 bytes | Modified Date = 5/18/2008 1:12:45 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 4/10/2008 7:22:56 AM | Attr = ] inetinf.exe -> %SystemRoot%\inetinf.exe -> [Ver = | Size = 18944 bytes | Modified Date = 5/18/2008 1:12:46 PM | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 5/20/2008 8:55:23 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/20/2008 5:58:45 PM | Attr = HS] Instlog.lyt -> %SystemRoot%\Instlog.lyt -> [Ver = | Size = 4691 bytes | Modified Date = 4/29/2008 8:56:07 PM | Attr = ] internet.exe -> %SystemRoot%\internet.exe -> [Ver = | Size = 31744 bytes | Modified Date = 5/20/2008 5:57:41 AM | Attr = ] loader.exe -> %SystemRoot%\loader.exe -> [Ver = | Size = 18944 bytes | Modified Date = 5/20/2008 5:57:41 AM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 4/11/2008 7:21:32 AM | Attr = ] msconfd.dll -> %SystemRoot%\msconfd.dll -> [Ver = | Size = 26880 bytes | Modified Date = 5/20/2008 5:59:26 AM | Attr = ] msspi.dll -> %SystemRoot%\msspi.dll -> [Ver = | Size = 13056 bytes | Modified Date = 5/18/2008 1:12:47 PM | Attr = ] mssys.exe -> %SystemRoot%\mssys.exe -> [Ver = | Size = 21760 bytes | Modified Date = 5/18/2008 11:06:21 PM | Attr = ] msupdate.exe -> %SystemRoot%\msupdate.exe -> [Ver = | Size = 17408 bytes | Modified Date = 5/20/2008 5:59:26 AM | Attr = ] mswsc10.dll -> %SystemRoot%\mswsc10.dll -> [Ver = | Size = 19968 bytes | Modified Date = 5/18/2008 1:12:48 PM | Attr = ] mswsc20.dll -> %SystemRoot%\mswsc20.dll -> [Ver = | Size = 27392 bytes | Modified Date = 5/18/2008 1:12:48 PM | Attr = ] mtwirl32.dll -> %SystemRoot%\mtwirl32.dll -> [Ver = | Size = 26368 bytes | Modified Date = 5/20/2008 5:57:42 AM | Attr = ] mywallpaper.bmp -> %SystemRoot%\mywallpaper.bmp -> [Ver = | Size = 3146550 bytes | Modified Date = 5/24/2008 4:46:37 PM | Attr = ] notepad32.exe -> %SystemRoot%\notepad32.exe -> [Ver = | Size = 12800 bytes | Modified Date = 5/20/2008 5:57:42 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/24/2008 6:30:07 PM | Attr = ] qttasks.exe -> %SystemRoot%\qttasks.exe -> [Ver = | Size = 30208 bytes | Modified Date = 5/20/2008 5:59:27 AM | Attr = ] quicken.exe -> %SystemRoot%\quicken.exe -> [Ver = | Size = 21504 bytes | Modified Date = 5/20/2008 5:59:27 AM | Attr = ] QUICKEN.INI -> %SystemRoot%\QUICKEN.INI -> [Ver = | Size = 1287 bytes | Modified Date = 5/12/2008 8:31:09 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 4/15/2008 10:22:05 PM | Attr = ] rundll32.vbe -> %SystemRoot%\rundll32.vbe -> [Ver = | Size = 13056 bytes | Modified Date = 5/18/2008 1:12:51 PM | Attr = ] searchword.dll -> %SystemRoot%\searchword.dll -> [Ver = | Size = 23040 bytes | Modified Date = 5/18/2008 1:12:51 PM | Attr = ] sistem.exe -> %SystemRoot%\sistem.exe -> [Ver = | Size = 24576 bytes | Modified Date = 5/20/2008 5:59:27 AM | Attr = ] svcinit.exe -> %SystemRoot%\svcinit.exe -> [Ver = | Size = 11008 bytes | Modified Date = 5/18/2008 1:12:52 PM | Attr = ] syscdupretn.exe -> %SystemRoot%\syscdupretn.exe -> [Ver = | Size = 80448 bytes | Modified Date = 5/23/2008 10:08:10 AM | Attr = ] sysgycnafek.exe -> %SystemRoot%\sysgycnafek.exe -> [Ver = | Size = 83520 bytes | Modified Date = 5/23/2008 10:08:13 AM | Attr = ] sysnwqdfbta.exe -> %SystemRoot%\sysnwqdfbta.exe -> [Ver = | Size = 82496 bytes | Modified Date = 5/23/2008 10:08:13 AM | Attr = ] sysragfchqs.exe -> %SystemRoot%\sysragfchqs.exe -> [Ver = | Size = 73280 bytes | Modified Date = 5/23/2008 10:08:14 AM | Attr = ] SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 5/20/2008 5:54:19 PM | Attr = ] sysuxvmschr.exe -> %SystemRoot%\sysuxvmschr.exe -> [Ver = | Size = 85568 bytes | Modified Date = 5/23/2008 10:08:15 AM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 5/24/2008 4:43:48 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/24/2008 6:31:30 PM | Attr = ] time.exe -> %SystemRoot%\time.exe -> [Ver = | Size = 31744 bytes | Modified Date = 5/20/2008 5:57:44 AM | Attr = ] users32.exe -> %SystemRoot%\users32.exe -> [Ver = | Size = 8960 bytes | Modified Date = 5/20/2008 5:57:44 AM | Attr = ] waol.exe -> %SystemRoot%\waol.exe -> [Ver = | Size = 22784 bytes | Modified Date = 5/20/2008 5:57:44 AM | Attr = ] win64.exe -> %SystemRoot%\win64.exe -> [Ver = | Size = 28160 bytes | Modified Date = 5/20/2008 5:57:45 AM | Attr = ] winajbm.dll -> %SystemRoot%\winajbm.dll -> [Ver = | Size = 27648 bytes | Modified Date = 5/20/2008 5:57:45 AM | Attr = ] window.exe -> %SystemRoot%\window.exe -> [Ver = | Size = 18688 bytes | Modified Date = 5/20/2008 5:57:46 AM | Attr = ] WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 136 bytes | Modified Date = 5/18/2008 11:06:00 PM | Attr = ] winmgnt.exe -> %SystemRoot%\winmgnt.exe -> [Ver = | Size = 11008 bytes | Modified Date = 5/20/2008 5:57:46 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 4/11/2008 6:48:59 AM | Attr = ] x.exe -> %SystemRoot%\x.exe -> [Ver = | Size = 25088 bytes | Modified Date = 5/20/2008 5:57:46 AM | Attr = ] xplugin.dll -> %SystemRoot%\xplugin.dll -> [Ver = | Size = 10240 bytes | Modified Date = 5/20/2008 5:59:28 AM | Attr = ] xxxvideo.hta -> %SystemRoot%\xxxvideo.hta -> [Ver = | Size = 20480 bytes | Modified Date = 5/20/2008 5:59:28 AM | Attr = ] y.exe -> %SystemRoot%\y.exe -> [Ver = | Size = 13568 bytes | Modified Date = 5/20/2008 5:59:28 AM | Attr = ] zysqargtzkf.exe -> %SystemRoot%\zysqargtzkf.exe -> [Ver = | Size = 1272 bytes | Modified Date = 5/23/2008 10:08:17 AM | Attr = ] zysrsetdhmz.exe -> %SystemRoot%\zysrsetdhmz.exe -> [Ver = | Size = 1409 bytes | Modified Date = 5/23/2008 10:08:17 AM | Attr = ] zystmxcgfqz.exe -> %SystemRoot%\zystmxcgfqz.exe -> [Ver = | Size = 64 bytes | Modified Date = 5/23/2008 10:08:17 AM | Attr = ] Antispyware Scheduled Scan.job -> %SystemRoot%\tasks\Antispyware Scheduled Scan.job -> [Ver = | Size = 514 bytes | Modified Date = 5/24/2008 4:42:12 PM | Attr = ] EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job -> [Ver = | Size = 442 bytes | Modified Date = 5/17/2008 10:45:49 AM | Attr = ] McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 356 bytes | Modified Date = 4/15/2008 1:24:02 AM | Attr = ] McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 358 bytes | Modified Date = 4/1/2008 1:02:34 AM | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 5/24/2008 5:02:11 PM | Attr = H ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/24/2008 4:40:31 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2/14/2003 11:36:58 AM | Attr = ] qmgr0.dat -> qmgr0.dat -> [Ver = | Size = 6336 bytes | Modified Date = 5/24/2008 4:47:21 PM | Attr = ] qmgr1.dat -> qmgr1.dat -> [Ver = | Size = 6336 bytes | Modified Date = 5/24/2008 4:47:15 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data -> [Folder | Modified Date = 6/21/2005 9:58:26 PM | Attr = ] data.dat -> data.dat -> [Ver = | Size = 11890 bytes | Modified Date = 6/21/2005 9:59:07 PM | Attr = ] C:\Documents and Settings\Margaret\Local Settings\Temp\ -> C:\Documents and Settings\Margaret\Local Settings\Temp -> [Folder | Modified Date = 5/24/2008 6:30:27 PM | Attr = ] SSUPDATE.EXE -> SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 143360 bytes | Modified Date = 2/17/2006 3:55:46 PM | Attr = ] temp0.exe -> temp0.exe -> RealNetworks, Inc. [Ver = 1.0.6.71 | Size = 308780 bytes | Modified Date = 5/23/2008 2:01:45 PM | Attr = ] temp1.exe -> temp1.exe -> RealNetworks, Inc. [Ver = 1.0.6.71 | Size = 308780 bytes | Modified Date = 5/23/2008 2:52:58 PM | Attr = ] temp2.exe -> temp2.exe -> RealNetworks, Inc. [Ver = 1.0.6.71 | Size = 308780 bytes | Modified Date = 5/23/2008 7:17:58 PM | Attr = ] 39 C:\Documents and Settings\Margaret\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Margaret\Local Settings\Temp\*.tmp -> C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 5/24/2008 6:31:42 PM | Attr = ] {623BBD59-4F05-4E37-853C-DF79109FEC23}.ini -> {623BBD59-4F05-4E37-853C-DF79109FEC23}.ini -> [Ver = | Size = 41 bytes | Modified Date = 11/21/2007 4:57:57 PM | Attr = ] 28 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 5/19/2008 9:18:20 PM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 5/5/2008 10:40:58 PM | Attr = S] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 5/19/2008 12:06:39 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 5/20/2008 5:59:29 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 5/12/2008 8:39:35 PM | Attr = ] @Alternate Data Stream - 176 bytes -> %AllUsersProfile%\Application Data\TEMP:1A6AFE3D @Alternate Data Stream - 128 bytes -> %AllUsersProfile%\Application Data\TEMP:27AAAD97 @Alternate Data Stream - 108 bytes -> %AllUsersProfile%\Application Data\TEMP:4E1E5A60 @Alternate Data Stream - 168 bytes -> %AllUsersProfile%\Application Data\TEMP:4EFDF5FB @Alternate Data Stream - 111 bytes -> %AllUsersProfile%\Application Data\TEMP:5EC637CB @Alternate Data Stream - 111 bytes -> %AllUsersProfile%\Application Data\TEMP:861A898F @Alternate Data Stream - 124 bytes -> %AllUsersProfile%\Application Data\TEMP:A73EAFFB @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:CAAA7DD7 @Alternate Data Stream - 155 bytes -> %AllUsersProfile%\Application Data\TEMP:D09AEE3D Antispyware -> %AppData%\Antispyware -> [Folder | Modified Date = 5/23/2008 9:44:30 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 5/19/2008 9:18:44 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 5/18/2008 9:52:16 AM | Attr = S] Neopets Toolbar -> %AppData%\Neopets Toolbar -> [Folder | Modified Date = 5/18/2008 11:29:17 PM | Attr = ] Pogo Games -> %AppData%\Pogo Games -> [Folder | Modified Date = 5/5/2008 10:43:42 PM | Attr = ] SiteAdvisor -> %AppData%\SiteAdvisor -> [Folder | Modified Date = 5/24/2008 6:16:28 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 5/20/2008 5:58:00 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 5/20/2008 5:10:39 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 5/24/2008 4:41:47 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 4/25/2008 9:26:26 PM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 5/18/2008 4:56:18 PM | Attr = ] ESBK.mb -> %AllUsersProfile%\Documents\ESBK.mb -> [Ver = | Size = 1668096 bytes | Modified Date = 4/2/2008 6:34:59 PM | Attr = R ] ESBK.mbb -> %AllUsersProfile%\Documents\ESBK.mbb -> [Ver = | Size = 3389440 bytes | Modified Date = 4/2/2008 6:34:59 PM | Attr = R ] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Modified Date = 5/19/2008 4:22:46 PM | Attr = R ] Yahoo -> %AllUsersProfile%\Documents\Yahoo -> [Folder | Modified Date = 5/7/2008 10:08:11 PM | Attr = ] john-deck.doc -> %UserProfile%\My Documents\john-deck.doc -> [Ver = | Size = 22528 bytes | Modified Date = 3/9/2008 10:19:01 PM | Attr = ] Knitting -> %UserProfile%\My Documents\Knitting -> [Folder | Modified Date = 4/2/2008 7:06:00 PM | Attr = ] 7 C:\Documents and Settings\Margaret\My Documents\*.tmp files -> C:\Documents and Settings\Margaret\My Documents\*.tmp -> My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 5/8/2008 10:17:04 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 5/18/2008 8:33:26 AM | Attr = R ] QDATA1_20080305.IDX -> %UserProfile%\My Documents\QDATA1_20080305.IDX -> [Ver = | Size = 491698 bytes | Modified Date = 3/5/2008 7:18:58 PM | Attr = ] QDATA1_20080305.QDF -> %UserProfile%\My Documents\QDATA1_20080305.QDF -> [Ver = | Size = 4354344 bytes | Modified Date = 3/5/2008 7:19:00 PM | Attr = ] QDATA1_20080305.QEL -> %UserProfile%\My Documents\QDATA1_20080305.QEL -> [Ver = | Size = 240640 bytes | Modified Date = 3/5/2008 7:18:54 PM | Attr = ] QDATA1_20080305.QPH -> %UserProfile%\My Documents\QDATA1_20080305.QPH -> [Ver = | Size = 106595 bytes | Modified Date = 3/5/2008 7:17:12 PM | Attr = ] Resume - 3-26-07.doc -> %UserProfile%\My Documents\Resume - 3-26-07.doc -> [Ver = | Size = 31744 bytes | Modified Date = 3/26/2008 5:24:27 PM | Attr = ] Resume - 3-26-08.doc -> %UserProfile%\My Documents\Resume - 3-26-08.doc -> [Ver = | Size = 31744 bytes | Modified Date = 4/10/2008 6:26:55 PM | Attr = ] TurboTax -> %UserProfile%\My Documents\TurboTax -> [Folder | Modified Date = 5/9/2008 8:14:29 PM | Attr = ] AntiSpyware.lnk -> %AllUsersProfile%\Desktop\AntiSpyware.lnk -> [Ver = | Size = 2249 bytes | Modified Date = 5/19/2008 6:37:02 PM | Attr = ] AT&T Yahoo! Music Jukebox.lnk -> %AllUsersProfile%\Desktop\AT&T Yahoo! Music Jukebox.lnk -> [Ver = | Size = 2112 bytes | Modified Date = 3/9/2008 2:21:05 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 5/19/2008 9:18:22 PM | Attr = ] RealPlayer.lnk -> %AllUsersProfile%\Desktop\RealPlayer.lnk -> [Ver = | Size = 897 bytes | Modified Date = 4/25/2008 9:33:14 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 5/20/2008 5:58:10 PM | Attr = ] TurboTax Premier Investments 2006.lnk -> %AllUsersProfile%\Desktop\TurboTax Premier Investments 2006.lnk -> [Ver = | Size = 1775 bytes | Modified Date = 4/29/2008 8:40:45 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 5/21/2008 6:50:21 AM | Attr = ] Microsoft Word.lnk -> %UserProfile%\Desktop\Microsoft Word.lnk -> [Ver = | Size = 2473 bytes | Modified Date = 5/10/2008 7:14:07 AM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 5/24/2008 6:30:10 PM | Attr = ] spybotsd152.exe -> %UserProfile%\Desktop\spybotsd152.exe -> Safer Networking Limited [Ver = 1.5.2 | Size = 9723880 bytes | Modified Date = 5/18/2008 3:20:56 PM | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Modified Date = 3/6/2008 7:08:00 PM | Attr = ] ymetray.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> [Ver = | Size = 911 bytes | Modified Date = 3/9/2008 2:21:05 PM | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Modified Date = 4/25/2008 9:30:59 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 5/20/2008 5:56:59 PM | Attr = ] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Modified Date = 4/25/2008 9:34:01 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]