[code] OTScanIt logfile created on: 2008-05-26 13:58:32 OTScanIt by OldTimer - Version 1.0.15.0 Folder = C:\Documents and Settings\Margaret\Desktop\OTScanIt Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd 254.48 Mb Total Physical Memory | 61.82 Mb Available Physical Memory | 24.29% Memory free 625.51 Mb Paging File | 199.03 Mb Available in Paging File | 31.82% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.84 Gb Total Space | 40.09 Gb Free Space | 71.79% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DJ5NRD21 Current User Name: Margaret Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 2005-11-28 12:11:36 | Attr = ] mcmscsvc.exe -> %SystemDrive%\PROGRA~1\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 2007-08-04 07:08:06 | Attr = ] mcnasvc.exe -> %CommonProgramFiles%\mcafee\mna\mcnasvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 2007-07-22 20:15:18 | Attr = ] mcproxy.exe -> %SystemDrive%\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 2007-08-15 12:36:04 | Attr = ] mcshield.exe -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 2007-07-24 12:02:14 | Attr = ] mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 2007-07-18 15:54:42 | Attr = ] sansasvr.exe -> %ProgramFiles%\SanDisk\Sansa Updater\SansaSvr.exe -> [Ver = | Size = 36864 bytes | Modified Date = 2006-08-22 17:18:10 | Attr = ] mcagent.exe -> %SystemDrive%\PROGRA~1\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 2007-08-04 02:33:14 | Attr = ] hkcmd.exe -> %SystemRoot%\system32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 2005-10-19 08:59:12 | Attr = ] directcd.exe -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe -> Roxio [Ver = 5.2.0.91 | Size = 679936 bytes | Modified Date = 2002-04-10 18:44:04 | Attr = ] hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 2005-01-12 14:54:58 | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 2004-12-27 20:34:31 | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2005-02-16 23:11:42 | Attr = ] ybrwicon.exe -> %SystemDrive%\PROGRA~1\Yahoo!\browser\ybrwicon.exe -> Yahoo! Inc. [Ver = 2006, 7, 21, 1 | Size = 129536 bytes | Modified Date = 2006-07-21 17:19:46 | Attr = ] motivesb.exe -> %SystemDrive%\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe -> Motive, Inc. [Ver = 5.6.7.asst_classic.smartbridge.20031210_035000 | Size = 380928 bytes | Modified Date = 2006-08-21 19:10:00 | Attr = ] yop.exe -> %SystemDrive%\PROGRA~1\Yahoo!\YOP\yop.exe -> Yahoo! Inc. [Ver = 2006, 7, 20, 1 | Size = 407032 bytes | Modified Date = 2006-07-21 11:43:10 | Attr = ] siteadv.exe -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 2007-02-08 22:39:34 | Attr = ] apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 2007-03-09 11:09:58 | Attr = ] ycommon.exe -> %SystemDrive%\PROGRA~1\Yahoo!\browser\ycommon.exe -> Yahoo!, Inc. [Ver = 2006, 3, 2, 1 | Size = 200704 bytes | Modified Date = 2006-03-03 15:18:10 | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 2008-04-25 21:20:43 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2008-02-22 04:25:21 | Attr = ] aim.exe -> %SystemDrive%\PROGRA~1\AIM95\aim.exe -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 2005-06-02 01:34:34 | Attr = ] dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 2007-03-15 11:09:36 | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2007-02-27 11:39:26 | Attr = ] dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 45056 bytes | Modified Date = 2002-02-15 12:31:42 | Attr = ] hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 2003-09-16 06:19:24 | Attr = ] easyshare.exe -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 2007-09-19 04:33:46 | Attr = ] mpbtn.exe -> %ProgramFiles%\SBC Self Support Tool\bin\mpbtn.exe -> [Ver = | Size = 192512 bytes | Modified Date = 2003-10-10 09:06:10 | Attr = ] ymetray.exe -> %ProgramFiles%\Yahoo!\Yahoo! Music Engine\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.058 (Build 058) | Size = 54512 bytes | Modified Date = 2008-02-05 14:29:20 | Attr = ] trueassistant.exe -> %ProgramFiles%\TrueAssistant\TrueAssistant.exe -> Esaya, Inc. [Ver = 2, 1, 3, 3 | Size = 372224 bytes | Modified Date = 2005-01-21 10:03:00 | Attr = ] ymsgr_tray.exe -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103664 bytes | Modified Date = 2007-08-30 18:43:18 | Attr = ] hpzipm12.exe -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 2007-08-09 03:27:52 | Attr = ] mcsysmon.exe -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 2007-07-25 01:41:52 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.0 | Size = 373760 bytes | Modified Date = 2008-05-25 17:59:38 | Attr = ] [Win32 Services - Non-Microsoft Only] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 2005-11-28 12:11:36 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 2008-04-13 20:12:17 | Attr = ] (DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 2007-03-07 15:47:46 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-04 01:41:10 | Attr = ] (mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,0,238,0 | Size = 749904 bytes | Modified Date = 2007-08-04 07:08:06 | Attr = ] (McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\mcafee\mna\mcnasvc.exe -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 2007-07-22 20:15:18 | Attr = ] (McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 2007-07-25 03:16:16 | Attr = ] (McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 2007-08-15 12:36:04 | Attr = ] (McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> -> File not found (McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe -> McAfee, Inc. [Ver = 12,0,188,0 | Size = 695624 bytes | Modified Date = 2007-07-25 01:41:52 | Attr = ] (MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MPFSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 2007-07-18 15:54:42 | Attr = ] (MSDTC) Distributed Transaction Coordinator [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\msdtc -> [Folder | Modified Date = 2003-02-10 15:34:00 | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 2007-08-09 03:27:52 | Attr = ] (SansaService) Sansa Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SanDisk\Sansa Updater\SansaSvr.exe -> [Ver = | Size = 36864 bytes | Modified Date = 2006-08-22 17:18:10 | Attr = ] (YPCService) YPCService [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\YPCSER~1.EXE -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 2003-05-19 17:07:38 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AdaptecDirectCD -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe ["C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"] -> Roxio [Ver = 5.2.0.91 | Size = 679936 bytes | Modified Date = 2002-04-10 18:44:04 | Attr = ] Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.2.0.77764 | Size = 63712 bytes | Modified Date = 2007-03-09 11:09:58 | Attr = ] Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 2007-05-11 03:06:32 | Attr = ] dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 2007-11-15 10:24:00 | Attr = ] HotKeysCmds -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4342 | Size = 126976 bytes | Modified Date = 2005-10-19 08:59:12 | Attr = ] HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe ["C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"] -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 2005-01-12 14:54:58 | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2005-02-16 23:11:42 | Attr = ] hpfsched -> %SystemRoot%\hpfsched.exe [C:\WINDOWS\hpfsched.exe] -> [Ver = | Size = 35328 bytes | Modified Date = 1998-07-22 03:50:28 | Attr = ] IgfxTray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4342 | Size = 155648 bytes | Modified Date = 2005-10-19 08:59:14 | Attr = ] mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 2007-08-04 02:33:14 | Attr = ] Motive SmartBridge -> %SystemDrive%\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe [C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe] -> Motive, Inc. [Ver = 5.6.7.asst_classic.smartbridge.20031210_035000 | Size = 380928 bytes | Modified Date = 2006-08-21 19:10:00 | Attr = ] QAGENT -> %ProgramFiles%\QUICKENW\QAGENT.EXE [C:\Program Files\QUICKENW\QAGENT.EXE] -> File not found QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 6.4 | Size = 77824 bytes | Modified Date = 2004-12-27 20:34:31 | Attr = ] SiteAdvisor -> %ProgramFiles%\SiteAdvisor\6066\SiteAdv.exe [C:\Program Files\SiteAdvisor\6066\SiteAdv.exe] -> McAfee, Inc. [Ver = 2.3.0 | Size = 36904 bytes | Modified Date = 2007-02-08 22:39:34 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 2008-02-22 04:25:21 | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 2008-04-25 21:20:43 | Attr = ] UserFaultCheck -> [%systemroot%\system32\dumprep 0 -u] -> File not found YBrowser -> %SystemDrive%\PROGRA~1\Yahoo!\browser\ybrwicon.exe [C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe] -> Yahoo! Inc. [Ver = 2006, 7, 21, 1 | Size = 129536 bytes | Modified Date = 2006-07-21 17:19:46 | Attr = ] YOP -> %SystemDrive%\PROGRA~1\Yahoo!\YOP\yop.exe [C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart] -> Yahoo! Inc. [Ver = 2006, 7, 20, 1 | Size = 407032 bytes | Modified Date = 2006-07-21 11:43:10 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> %SystemDrive%\PROGRA~1\AIM95\aim.exe [C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 2005-06-02 01:34:34 | Attr = ] DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 2007-03-15 11:09:36 | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2007-02-27 11:39:26 | Attr = ] Yahoo! Pager -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 18:43:18 | Attr = ] < Run [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> %SystemDrive%\PROGRA~1\AIM95\aim.exe [C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 2005-06-02 01:34:34 | Attr = ] DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 2007-03-15 11:09:36 | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2007-02-27 11:39:26 | Attr = ] Yahoo! Pager -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 18:43:18 | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk -> %ProgramFiles%\SBC Self Support Tool\bin\matcli.exe -> Motive Communications, Inc. [Ver = 5.6.1.asst_classic.asst_matcli.20031010_085000 | Size = 217088 bytes | Modified Date = 2003-10-10 09:06:10 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> BVRP Software [Ver = 1, 0, 0, 1 | Size = 45056 bytes | Modified Date = 2002-02-15 12:31:42 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 5.35.0.035 | Size = 237568 bytes | Modified Date = 2003-09-16 06:19:24 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Kodak EasyShare software.lnk -> %ProgramFiles%\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 2007-09-19 04:33:46 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> %ProgramFiles%\Yahoo!\Yahoo! Music Engine\ymetray.exe -> Yahoo! Inc. [Ver = 2.2.2.058 (Build 058) | Size = 54512 bytes | Modified Date = 2008-02-05 14:29:20 | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Margaret Startup Folder > -> C:\Documents and Settings\Margaret\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\TrueAssistant.lnk -> %ProgramFiles%\TrueAssistant\TrueAssistant.exe -> Esaya, Inc. [Ver = 2, 1, 3, 3 | Size = 372224 bytes | Modified Date = 2005-01-21 10:03:00 | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 2006-12-20 12:55:48 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> Explorer.exe -> File not found *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> logonui.exe -> File not found *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> -> File not found Control_RunDLL "sysdm.cpl" -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2007-02-27 11:39:26 | Attr = ] igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.4342 | Size = 348160 bytes | Modified Date = 2005-10-19 08:59:14 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoControlPanel -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableTaskMgr -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoRemovePage -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddPage -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoWindowsSetupPage -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromCDorFloppy -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromInternet -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromNetwork -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoServices -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoSupportInfo -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddRemovePrograms -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddRemovePrograms -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoRemovePage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoWindowsSetupPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromCDorFloppy -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromInternet -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromNetwork -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoServices -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoSupportInfo -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddRemovePrograms -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoRemovePage -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddPage -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoWindowsSetupPage -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromCDorFloppy -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromInternet -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoAddFromNetwork -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoServices -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\\NoSupportInfo -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> System32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSAMSUNG_CD-ROM_SC-148C__________________B105____\5&1202a50f&0&0.0.0 [IDE\CdRomSAMSUNG_CD-ROM_SC-148C__________________B105____\5&1202a50f&0&0.0.0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomHL-DT-ST_CD-RW_GCE-8400B________________B104____\5&1202a50f&0&0.1.0 [IDE\CdRomHL-DT-ST_CD-RW_GCE-8400B________________B104____\5&1202a50f&0&0.1.0] -> File not found < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 2002-09-03 10:59:58 | Attr = ] < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://att.my.yahoo.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[gogl] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 2006-09-29 13:53:18 | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> 127.0.0.1;http://localhost;*.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dellnet.com -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> HKEY_USERS\.DEFAULT\: ProxyOverride -> 127.0.0.1;http://localhost;*.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dellnet.com -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-18\: ProxyOverride -> 127.0.0.1;http://localhost;*.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: Main\\Start Page -> http://att.my.yahoo.com/ -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[gogl] -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 2006-09-29 13:53:18 | Attr = ] HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\: ProxyOverride -> 127.0.0.1;http://localhost;*.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3368 domain(s) found. -> .[msn] -> My Computer -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> turbotax.com .[https] -> Trusted sites -> 27 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3368 domain(s) found. -> .[msn] -> My Computer -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> turbotax.com .[https] -> Trusted sites -> 27 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 26 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 2006-10-22 23:08:42 | Attr = ] {089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 910624 bytes | Modified Date = 2007-08-13 14:05:04 | Attr = ] {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.1.57 | Size = 308856 bytes | Modified Date = 2008-04-25 21:32:12 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2008-02-22 04:25:19 | Attr = ] {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.14.0.0.366.x86 | Size = 58688 bytes | Modified Date = 2007-10-24 06:51:28 | Attr = ] {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\browser\YSidebarIEBHO.dll [SidebarAutoLaunch Class] -> Yahoo! Inc. [Ver = 2004, 8, 3, 1 | Size = 124032 bytes | Modified Date = 2005-02-03 17:07:08 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.dll [McAfee SiteAdvisor] -> [Ver = | Size = 910624 bytes | Modified Date = 2007-08-13 14:05:04 | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 2006-09-29 13:53:18 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 2006-09-29 13:53:18 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn3\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 9, 29, 1 | Size = 440384 bytes | Modified Date = 2006-09-29 13:53:18 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %SystemDrive%\PROGRA~1\AIM95\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 2005-06-02 01:34:34 | Attr = ] {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec -> %windir%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> File not found CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\AIM95\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 2005-06-02 01:34:34 | Attr = ] CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> %windir%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Search -> res://%ProgramFiles%\AIM Toolbar\AIMBar.dll/aimsearch.htm -> File not found &AOL Toolbar search -> -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\AIM95\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 2005-06-02 01:34:34 | Attr = ] CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> %windir%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\AIM95\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 2005-06-02 01:34:34 | Attr = ] CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> %windir%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{7F9DB11C-E358-4ca6-A83D-ACC663939424} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\AIM95\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 2005-06-02 01:34:34 | Attr = ] CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> %windir%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\] > -> HKEY_USERS\S-1-5-21-3069831013-1830182787-2811713311-1006\Software\Microsoft\Internet Explorer\MenuExt\ -> &AIM Search -> res://%ProgramFiles%\AIM Toolbar\AIMBar.dll/aimsearch.htm -> File not found &AOL Toolbar search -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {925A4079-2CFA-44AE-B743-72246912CCAA} -> (Broadcom 440x 10/100 Integrated Controller) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 94208 bytes | Modified Date = 2005-11-28 12:11:28 | Attr = ] < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.6.2 | Size = 81920 bytes | Modified Date = 2005-01-12 14:54:56 | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6172\SiteAdv.dll[Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 910624 bytes | Modified Date = 2007-08-13 14:05:04 | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {3107C2A8-9F0B-4404-A58B-21BD85268FBC}[HKEY_LOCAL_MACHINE] -> http://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB[PogoWebLauncher Control] -> {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab[McAfee.com Operating System Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182203961828[MUWebControl Class] -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/shared/wwlaunch.cab[Reg Error: Key does not exist or could not be opened.] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3}[HKEY_LOCAL_MACHINE] -> http://71.254.156.21/activex/AxisCamControl.cab[CamImage Class] -> {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,16/mcgdmgr.cab[DwnldGroupMgr Class] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {EF791A6B-FC12-4C68-99EF-FB9E207A39E6}[HKEY_LOCAL_MACHINE] -> http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4338/mcfscan.cab[McFreeScan Class] -> Addiction by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.2.14/applet/addiction/addiction-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Bingo Luau by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/8.1.9.1/applet/freebingo/freebingo-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Blackjack by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.7.44/applet/blackjack/blackjack-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Blackjack Carnival by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.5.27/applet/vbjack2/vbjack2-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Bowling by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.9.1/applet/bowling/bowling-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Canasta by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.5.27/applet/canasta/canasta-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Dice City Roller by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.1.7/applet/ytz/ytz-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Dominoes v2 by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/8.1.9.1/applet/domino2/domino2-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Euchre by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/8.1.9.1/applet/euchre/euchre-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Fortune Bingo by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.1.7/applet/superbingo/superbingo-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Golf Solitaire by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.1.7/applet/golfsolitaire/golfsolitaire-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> High Stakes Pool by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.2.13/applet/pool2/pool-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Lottso by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.9.1/applet/lottso/lottso-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Mahjong Safari by Pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.3.15/applet/safari/safari-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Makeover Madness by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.7.44/applet/shoes/shoes-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> Pinochle by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.7.44/applet/pinochle/pinochle-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Pop Fu by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.9.1/applet/popfu/popfu-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Poppit by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.9.11/applet/poppit2/poppit2-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Quick Quack by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.7.44/applet/hotstreak/hotstreak-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Spades 2 by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.2.13/applet/spades2/spades2-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Squelchies by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/8.1.9.1/applet/squelchies/squelchies-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Super Dominoes by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.6.3/applet/superdomino/superdomino-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Sweet Tooth 2 by Pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.6.21/applet/sweettooth2/sweettooth2-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Thousand Island Solitaire by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.7.44/applet/millbrae/millbrae-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Tri-Peaks by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.1.7/applet/peaks/peaks-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Turbo 21 v2 by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/v/8.1.9.7/applet/turbo22/turbo22-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Wonderland Memories by pogo[HKEY_LOCAL_MACHINE] -> http://game1.pogo.com/applet-6.7.2.24/memories/memories-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> Word Search Daily by pogo[HKEY_LOCAL_MACHINE] -> http://game3.pogo.com/v/9.0.1.7/applet/wordsearch/wordsearch-en_US.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AxisCamControl.ocx\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CamCli.dll\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\\.Owner -> {917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ijl11.dll\\{917623D1-D8E5-11D2-BE8B-00104B06BDE3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PogoWebLauncher.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PogoWebLauncher.ocx\\.Owner -> {3107C2A8-9F0B-4404-A58B-21BD85268FBC} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PogoWebLauncher.ocx\\{3107C2A8-9F0B-4404-A58B-21BD85268FBC} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\.Owner -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> Wheel Of Fortune -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\Wheel Of Fortune -> Wheel Of Fortune -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> Wheel Of Fortune -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\Wheel Of Fortune -> Wheel Of Fortune -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> Wheel Of Fortune -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\Wheel Of Fortune -> Wheel Of Fortune -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 2008-04-13 20:12:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 2008-04-13 20:11:56 | Attr = ] msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 2008-04-13 20:12:00 | Attr = ] schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 2008-04-13 20:12:05 | Attr = ] wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 2008-04-13 20:12:08 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 512 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 2008-04-13 20:12:05 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 2008-04-13 20:12:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 13 1B 28 6C 58 B3 A8 A1 0A 90 EB 22 AE 7E 0B 82 63 32 34 35 38 62 31 30 00 00 00 00 01 00 00 00 B4 01 00 00 B8 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 EF 95 69 23 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 0B 05 E8 A2 3F 89 61 FB C4 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 7D 86 E3 E8 8C FD [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 30 50 E9 51 F4 B6 3A A7 DE 5D B0 C9 48 15 02 0D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 96 B0 8A B5 C7 BE C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11826 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 2008-04-13 20:11:55 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLDial.exe -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\America Online 9.0\waol.exe -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM95\aim.exe -> C:\Program Files\AIM95\aim.exe [C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 2005-06-02 01:34:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM95\aim.exe -> C:\Program Files\AIM95\aim.exe [C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 2005-06-02 01:34:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\Program Files\Yahoo!\Messenger\yserver.exe -> c:\Program Files\Yahoo!\Messenger\yserver.exe [c:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 2007-08-30 18:43:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> Eastman Kodak Company [Ver = 6, 40, 53, 95 | Size = 282624 bytes | Modified Date = 2007-09-19 04:33:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,2,9 | Size = 229376 bytes | Modified Date = 2005-11-28 12:11:36 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe -> C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe [C:\Program Files\Yahoo!\Yahoo! Music Engine\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox] -> Yahoo! Inc. [Ver = 2.2.2.058 (Build 058) | Size = 6190320 bytes | Modified Date = 2008-02-05 14:29:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\browser\ybrowser.exe -> C:\Program Files\Yahoo!\browser\ybrowser.exe [C:\Program Files\Yahoo!\browser\ybrowser.exe:*:Enabled:Yahoo! Browser] -> Yahoo!, Inc. [Ver = 2006, 8, 11, 1 | Size = 668184 bytes | Modified Date = 2006-08-11 20:53:02 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 2007-08-30 18:43:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\YOP\yop.exe -> C:\Program Files\Yahoo!\YOP\yop.exe [C:\Program Files\Yahoo!\YOP\yop.exe:*:Enabled:Dashboard Module] -> Yahoo! Inc. [Ver = 2006, 7, 20, 1 | Size = 407032 bytes | Modified Date = 2006-07-21 11:43:10 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> McAfee, Inc. [Ver = 2,0,136,0 | Size = 2376992 bytes | Modified Date = 2007-07-22 20:15:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe -> C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe [C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax] -> Intuit, Inc. [Ver = wPer.2007.09.09.85 | Size = 10343712 bytes | Modified Date = 2008-03-05 23:29:49 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe -> C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe [C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager] -> Intuit, Inc. [Ver = wPer.2007.09.00.58 | Size = 3597600 bytes | Modified Date = 2007-10-22 19:56:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe -> C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe [C:\Program Files\TurboTax\Premier 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax] -> Intuit, Inc. [Ver = wPer.2006.07.07.03 | Size = 9950760 bytes | Modified Date = 2007-03-08 01:25:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe -> C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe [C:\Program Files\TurboTax\Premier 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager] -> Intuit, Inc. [Ver = wPer.2006.07.01.03 | Size = 3679784 bytes | Modified Date = 2008-04-29 20:53:35 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 472368 bytes | Modified Date = 2008-05-18 09:52:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 2008-04-13 20:12:11 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> 0 -> [Files/Folders - Created Within 90 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2008-05-26 09:30:41 | Attr = ] 3 C:\*.tmp files -> C:\*.tmp -> QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2008-05-26 09:30:56 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 2008-05-25 12:57:34 | Attr = HS] TurboTax2006Premier -> %SystemDrive%\TurboTax2006Premier -> [Folder | Created Date = 2008-04-29 20:12:21 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2008-05-26 13:55:22 | Attr = ] hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 2008-05-25 19:31:03 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Created Date = 2008-05-19 21:18:20 | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 27048 bytes | Created Date = 2008-05-19 21:18:20 | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Created Date = 2008-05-25 20:11:15 | Attr = ] 11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 2008-05-18 20:59:58 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 69632 bytes | Created Date = 2008-05-18 21:00:00 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 135168 bytes | Created Date = 2008-05-18 20:59:59 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 139264 bytes | Created Date = 2008-05-18 20:59:59 | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 197 bytes | Created Date = 2008-05-16 06:37:07 | Attr = ] pid.inf -> %SystemRoot%\System32\pid.inf -> [Ver = | Size = 1261 bytes | Created Date = 2008-05-25 19:31:09 | Attr = ] Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 2008-05-19 17:47:00 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\Process.exe:Zone.Identifier scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 2008-05-25 20:11:19 | Attr = ] SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 2008-05-19 17:47:02 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\SrchSTS.exe:Zone.Identifier erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2008-05-26 09:31:32 | Attr = ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 2008-05-26 09:30:54 | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 2008-05-26 09:30:54 | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 2008-05-25 20:11:16 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 2008-05-26 09:30:54 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 2008-05-25 20:30:51 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 2008-05-26 09:48:33 | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 2008-05-26 09:30:54 | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2008-05-26 09:30:54 | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008-05-26 09:30:54 | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2008-05-26 09:30:54 | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2008-05-26 09:30:54 | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 2008-05-26 09:30:54 | Attr = ] Antispyware Scheduled Scan.job -> %SystemRoot%\tasks\Antispyware Scheduled Scan.job -> [Ver = | Size = 514 bytes | Created Date = 2008-05-25 20:57:53 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 2008-05-19 21:18:20 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 2008-05-20 17:59:29 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 2008-05-19 21:18:44 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 2008-05-20 17:58:00 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Created Date = 2008-05-18 23:38:19 | Attr = ] QDATA1_20080305.IDX -> %UserProfile%\My Documents\QDATA1_20080305.IDX -> [Ver = | Size = 491698 bytes | Created Date = 2008-03-05 19:19:34 | Attr = ] QDATA1_20080305.QDF -> %UserProfile%\My Documents\QDATA1_20080305.QDF -> [Ver = | Size = 4354344 bytes | Created Date = 2008-03-05 19:19:23 | Attr = ] QDATA1_20080305.QEL -> %UserProfile%\My Documents\QDATA1_20080305.QEL -> [Ver = | Size = 240640 bytes | Created Date = 2008-03-05 19:19:32 | Attr = ] QDATA1_20080305.QPH -> %UserProfile%\My Documents\QDATA1_20080305.QPH -> [Ver = | Size = 106595 bytes | Created Date = 2008-03-05 19:19:33 | Attr = ] Resume - 3-26-07.doc -> %UserProfile%\My Documents\Resume - 3-26-07.doc -> [Ver = | Size = 31744 bytes | Created Date = 2008-03-26 17:23:49 | Attr = ] Resume - 3-26-08.doc -> %UserProfile%\My Documents\Resume - 3-26-08.doc -> [Ver = | Size = 31744 bytes | Created Date = 2008-04-10 18:26:00 | Attr = ] AntiSpyware.lnk -> %AllUsersProfile%\Desktop\AntiSpyware.lnk -> [Ver = | Size = 2249 bytes | Created Date = 2008-05-25 20:57:14 | Attr = ] AT&T Yahoo! Music Jukebox.lnk -> %AllUsersProfile%\Desktop\AT&T Yahoo! Music Jukebox.lnk -> [Ver = | Size = 2112 bytes | Created Date = 2008-03-09 14:21:05 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 2008-05-19 21:18:22 | Attr = ] RealPlayer.lnk -> %AllUsersProfile%\Desktop\RealPlayer.lnk -> [Ver = | Size = 897 bytes | Created Date = 2008-04-25 21:33:14 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 2008-05-20 17:58:10 | Attr = ] TurboTax Premier Investments 2006.lnk -> %AllUsersProfile%\Desktop\TurboTax Premier Investments 2006.lnk -> [Ver = | Size = 1775 bytes | Created Date = 2008-04-29 20:40:45 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1955424 bytes | Created Date = 2008-05-26 09:29:49 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 2008-05-21 06:50:20 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.2 | Size = 291328 bytes | Created Date = 2008-05-26 13:52:21 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 2008-05-26 13:57:17 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 544393 bytes | Created Date = 2008-05-26 13:56:53 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Created Date = 2008-05-25 18:10:33 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 2008-05-20 17:56:59 | Attr = ] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Created Date = 2008-04-25 21:34:01 | Attr = ] ItsDeductible2006 -> %ProgramFiles%\ItsDeductible2006 -> [Folder | Created Date = 2008-04-29 20:43:30 | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 2008-05-19 21:18:19 | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 2008-05-20 20:55:23 | Attr = ] SpywareBlaster -> %ProgramFiles%\SpywareBlaster -> [Folder | Created Date = 2008-05-25 18:10:29 | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 2008-05-20 17:58:01 | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 2008-05-21 06:50:18 | Attr = ] uTorrent -> %ProgramFiles%\uTorrent -> [Folder | Created Date = 2008-05-18 09:52:19 | Attr = ] [Files/Folders - Modified Within 90 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2008-05-26 09:51:41 | Attr = ] 3 C:\*.tmp files -> C:\*.tmp -> Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2008-05-26 13:12:47 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 266915840 bytes | Modified Date = 2008-05-26 10:09:33 | Attr = HS] logfile -> %SystemDrive%\logfile -> [Ver = | Size = 50071 bytes | Modified Date = 2008-05-26 10:17:53 | Attr = ] NTLDR -> %SystemDrive%\NTLDR -> [Ver = | Size = 250048 bytes | Modified Date = 2008-05-25 20:02:24 | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-05-26 09:47:05 | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2008-05-26 09:33:24 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 2008-05-25 12:57:34 | Attr = HS] TurboTax2006Premier -> %SystemDrive%\TurboTax2006Premier -> [Folder | Modified Date = 2008-04-29 20:23:33 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-05-26 10:12:08 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2008-05-26 13:55:22 | Attr = ] chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll -> [Ver = | Size = 173568 bytes | Modified Date = 2008-04-13 20:09:05 | Attr = ] dxmasf.dll -> %SystemRoot%\System32\dllcache\dxmasf.dll -> [Ver = | Size = 498742 bytes | Modified Date = 2008-04-13 20:11:52 | Attr = ] hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2008-04-13 20:09:39 | Attr = ] msdxmlc.dll -> %SystemRoot%\System32\dllcache\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Modified Date = 2008-04-13 20:10:08 | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Modified Date = 2008-03-25 00:50:40 | Attr = ] pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll -> [Ver = | Size = 175104 bytes | Modified Date = 2008-04-13 20:10:34 | Attr = ] adv01nt5.dll -> %SystemRoot%\System32\drivers\adv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 4255 bytes | Modified Date = 2008-04-13 20:11:48 | Attr = ] adv02nt5.dll -> %SystemRoot%\System32\drivers\adv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3967 bytes | Modified Date = 2008-04-13 20:11:48 | Attr = ] adv05nt5.dll -> %SystemRoot%\System32\drivers\adv05nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3615 bytes | Modified Date = 2008-04-13 20:11:48 | Attr = ] adv07nt5.dll -> %SystemRoot%\System32\drivers\adv07nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3647 bytes | Modified Date = 2008-04-13 20:11:48 | Attr = ] adv08nt5.dll -> %SystemRoot%\System32\drivers\adv08nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3135 bytes | Modified Date = 2008-04-13 20:11:48 | Attr = ] adv09nt5.dll -> %SystemRoot%\System32\drivers\adv09nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3711 bytes | Modified Date = 2008-04-13 20:11:48 | Attr = ] adv11nt5.dll -> %SystemRoot%\System32\drivers\adv11nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3775 bytes | Modified Date = 2008-04-13 20:11:48 | Attr = ] amdagp.sys -> %SystemRoot%\System32\drivers\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp.080413-2111) | Size = 43008 bytes | Modified Date = 2008-04-13 14:36:39 | Attr = ] atv01nt5.dll -> %SystemRoot%\System32\drivers\atv01nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 21183 bytes | Modified Date = 2008-04-13 20:11:50 | Attr = ] atv02nt5.dll -> %SystemRoot%\System32\drivers\atv02nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11359 bytes | Modified Date = 2008-04-13 20:11:50 | Attr = ] atv04nt5.dll -> %SystemRoot%\System32\drivers\atv04nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 25471 bytes | Modified Date = 2008-04-13 20:11:50 | Attr = ] atv06nt5.dll -> %SystemRoot%\System32\drivers\atv06nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 14143 bytes | Modified Date = 2008-04-13 20:11:50 | Attr = ] atv10nt5.dll -> %SystemRoot%\System32\drivers\atv10nt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 17279 bytes | Modified Date = 2008-04-13 20:11:50 | Attr = ] ch7xxnt5.dll -> %SystemRoot%\System32\drivers\ch7xxnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 15423 bytes | Modified Date = 2008-04-13 20:11:50 | Attr = ] dmboot.sys -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 2008-04-13 14:44:48 | Attr = ] dmio.sys -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 2008-04-13 14:44:46 | Attr = ] ETC -> %SystemRoot%\System32\drivers\ETC -> [Folder | Modified Date = 2008-05-25 12:38:47 | Attr = ] hosts -> %SystemRoot%\System32\drivers\ETC\hosts -> [Ver = | Size = 27 bytes | Modified Date = 2008-05-25 12:38:47 | Attr = ] hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Modified Date = 2008-04-13 12:36:05 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Modified Date = 2008-05-05 20:46:32 | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 27048 bytes | Modified Date = 2008-05-05 20:46:36 | Attr = ] siint5.dll -> %SystemRoot%\System32\drivers\siint5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 3901 bytes | Modified Date = 2008-04-13 20:12:05 | Attr = ] sisagp.sys -> %SystemRoot%\System32\drivers\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp.080413-2111) | Size = 40960 bytes | Modified Date = 2008-04-13 14:36:39 | Attr = ] vchnt5.dll -> %SystemRoot%\System32\drivers\vchnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11325 bytes | Modified Date = 2008-04-13 20:12:08 | Attr = ] amstream.dll -> %SystemRoot%\System32\amstream.dll -> [Ver = | Size = 70656 bytes | Modified Date = 2008-04-13 20:11:49 | Attr = ] ati2cqag.dll -> %SystemRoot%\System32\ati2cqag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0233 | Size = 229376 bytes | Modified Date = 2008-04-13 20:11:49 | Attr = ] ati2dvaa.dll -> %SystemRoot%\System32\ati2dvaa.dll -> ATI Technologies Inc. [Ver = 6.13.10.5019 | Size = 377984 bytes | Modified Date = 2008-04-13 20:11:49 | Attr = ] ati2dvag.dll -> %SystemRoot%\System32\ati2dvag.dll -> ATI Technologies Inc. [Ver = 6.14.10.6462 | Size = 201728 bytes | Modified Date = 2008-04-13 20:11:49 | Attr = ] ati3d1ag.dll -> %SystemRoot%\System32\ati3d1ag.dll -> ATI Technologies Inc. [Ver = 6.14.10.4071 | Size = 870784 bytes | Modified Date = 2008-04-13 20:11:49 | Attr = ] ati3duag.dll -> %SystemRoot%\System32\ati3duag.dll -> ATI Technologies Inc. [Ver = 6.14.10.0231 | Size = 1888992 bytes | Modified Date = 2008-04-13 20:11:50 | Attr = ] ativdaxx.ax -> %SystemRoot%\System32\ativdaxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 9728 bytes | Modified Date = 2008-04-13 20:12:42 | Attr = ] ativmvxx.ax -> %SystemRoot%\System32\ativmvxx.ax -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 23040 bytes | Modified Date = 2008-04-13 20:12:42 | Attr = ] ativtmxx.dll -> %SystemRoot%\System32\ativtmxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.6238 | Size = 32768 bytes | Modified Date = 2008-04-13 20:11:50 | Attr = ] ativvaxx.dll -> %SystemRoot%\System32\ativvaxx.dll -> ATI Technologies Inc. [Ver = 6.14.01.0009 | Size = 516768 bytes | Modified Date = 2008-04-13 20:11:50 | Attr = ] atmfd.dll -> %SystemRoot%\System32\atmfd.dll -> Adobe Systems Incorporated [Ver = 5.1 Build 226 | Size = 285696 bytes | Modified Date = 2008-04-13 20:09:01 | Attr = ] atmlib.dll -> %SystemRoot%\System32\atmlib.dll -> Adobe Systems [Ver = 5.1 Build 226 | Size = 30208 bytes | Modified Date = 2008-04-13 20:11:50 | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Modified Date = 2008-05-25 20:11:14 | Attr = ] 11 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2008-05-25 20:20:36 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-05-25 20:31:52 | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 2008-05-25 20:06:11 | Attr = ] compatui.dll -> %SystemRoot%\System32\compatui.dll -> [Ver = 1, 0, 0, 1 | Size = 252928 bytes | Modified Date = 2008-04-13 20:11:51 | Attr = ] CONFIG -> %SystemRoot%\System32\CONFIG -> [Folder | Modified Date = 2008-05-25 17:57:29 | Attr = ] Config.MPF -> %SystemRoot%\System32\Config.MPF -> [Ver = | Size = 26536 bytes | Modified Date = 2008-05-26 12:25:52 | Attr = ] dcache.bin -> %SystemRoot%\System32\dcache.bin -> [Ver = | Size = 1804 bytes | Modified Date = 2008-04-13 20:25:26 | Attr = ] defrag.exe -> %SystemRoot%\System32\defrag.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 25088 bytes | Modified Date = 2008-04-13 20:12:16 | Attr = ] devenum.dll -> %SystemRoot%\System32\devenum.dll -> [Ver = | Size = 59904 bytes | Modified Date = 2008-04-13 20:11:51 | Attr = ] dfrgfat.exe -> %SystemRoot%\System32\dfrgfat.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 82944 bytes | Modified Date = 2008-04-13 20:12:16 | Attr = ] dfrgntfs.exe -> %SystemRoot%\System32\dfrgntfs.exe -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 105472 bytes | Modified Date = 2008-04-13 20:12:16 | Attr = ] dfrgsnap.dll -> %SystemRoot%\System32\dfrgsnap.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 39424 bytes | Modified Date = 2008-04-13 20:11:51 | Attr = ] dfrgui.dll -> %SystemRoot%\System32\dfrgui.dll -> Microsoft Corp. and Executive Software International, Inc. [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 124416 bytes | Modified Date = 2008-04-13 20:11:51 | Attr = ] dgnet.dll -> %SystemRoot%\System32\dgnet.dll -> Microsoft [Ver = 1, 0, 0, 1 | Size = 111104 bytes | Modified Date = 2008-04-13 20:11:51 | Attr = ] DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 2008-05-25 20:11:52 | Attr = RHS] dmadmin.exe -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 2008-04-13 20:12:17 | Attr = ] dmdlgs.dll -> %SystemRoot%\System32\dmdlgs.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 285184 bytes | Modified Date = 2008-04-13 20:11:52 | Attr = ] dmdskmgr.dll -> %SystemRoot%\System32\dmdskmgr.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 200704 bytes | Modified Date = 2008-04-13 20:11:52 | Attr = ] dmremote.exe -> %SystemRoot%\System32\dmremote.exe -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 15872 bytes | Modified Date = 2008-04-13 20:12:17 | Attr = ] dmserver.dll -> %SystemRoot%\System32\dmserver.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 23552 bytes | Modified Date = 2008-04-13 20:11:52 | Attr = ] dmutil.dll -> %SystemRoot%\System32\dmutil.dll -> Microsoft Corp. [Ver = 2600.5512.503.0 | Size = 52224 bytes | Modified Date = 2008-04-13 20:11:52 | Attr = ] DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 2008-05-26 09:33:10 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 2008-05-19 05:58:25 | Attr = ] dxmasf.dll -> %SystemRoot%\System32\dxmasf.dll -> [Ver = | Size = 498742 bytes | Modified Date = 2008-04-13 20:11:52 | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 2008-05-25 20:11:15 | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 2008-05-25 20:11:22 | Attr = ] encdec.dll -> %SystemRoot%\System32\encdec.dll -> [Ver = | Size = 186880 bytes | Modified Date = 2008-04-13 20:11:53 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 313384 bytes | Modified Date = 2008-05-25 20:30:20 | Attr = ] hsfcisp2.dll -> %SystemRoot%\System32\hsfcisp2.dll -> Conexant Systems, Inc. [Ver = 7.12.09 | Size = 32285 bytes | Modified Date = 2008-04-13 20:11:54 | Attr = ] hypertrm.dll -> %SystemRoot%\System32\hypertrm.dll -> Hilgraeve, Inc. [Ver = 5.1.2600.5512 | Size = 347136 bytes | Modified Date = 2008-04-13 20:11:54 | Attr = ] i81xdnt5.dll -> %SystemRoot%\System32\i81xdnt5.dll -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 702845 bytes | Modified Date = 2008-04-13 20:11:54 | Attr = ] iac25_32.ax -> %SystemRoot%\System32\iac25_32.ax -> Intel Corporation [Ver = 2.05.53 | Size = 199680 bytes | Modified Date = 2008-04-13 20:12:42 | Attr = ] iccvid.dll -> %SystemRoot%\System32\iccvid.dll -> Radius Inc. [Ver = 1.10.0.11 | Size = 80384 bytes | Modified Date = 2008-04-13 20:11:54 | Attr = ] ir41_32.ax -> %SystemRoot%\System32\ir41_32.ax -> Intel Corporation [Ver = 4.51.16.03 | Size = 848384 bytes | Modified Date = 2008-04-13 20:12:42 | Attr = ] ir41_qc.dll -> %SystemRoot%\System32\ir41_qc.dll -> Intel Corporation. [Ver = 4.30.62.02 | Size = 120320 bytes | Modified Date = 2008-04-13 20:11:55 | Attr = ] ir41_qcx.dll -> %SystemRoot%\System32\ir41_qcx.dll -> Intel Corporation. [Ver = 4.30.64.01 | Size = 338432 bytes | Modified Date = 2008-04-13 20:11:55 | Attr = ] ir50_32.dll -> %SystemRoot%\System32\ir50_32.dll -> Intel Corporation [Ver = R.5.10.15.2.55 | Size = 755200 bytes | Modified Date = 2008-04-13 20:11:55 | Attr = ] ir50_qc.dll -> %SystemRoot%\System32\ir50_qc.dll -> Intel Corporation. [Ver = R.5.10.63.2.48 | Size = 200192 bytes | Modified Date = 2008-04-13 20:11:55 | Attr = ] ir50_qcx.dll -> %SystemRoot%\System32\ir50_qcx.dll -> Intel Corporation. [Ver = R.5.10.64.2.48 | Size = 183808 bytes | Modified Date = 2008-04-13 20:11:55 | Attr = ] isrdbg32.dll -> %SystemRoot%\System32\isrdbg32.dll -> Intel Corporation [Ver = 0.0 | Size = 32768 bytes | Modified Date = 2008-04-13 20:11:55 | Attr = ] ivfsrc.ax -> %SystemRoot%\System32\ivfsrc.ax -> Intel Corporation [Ver = R.5.10.15.2.51 | Size = 154624 bytes | Modified Date = 2008-04-13 20:12:42 | Attr = ] jgdw400.dll -> %SystemRoot%\System32\jgdw400.dll -> America Online [Ver = 106 | Size = 163840 bytes | Modified Date = 2008-04-13 20:11:55 | Attr = ] jgpl400.dll -> %SystemRoot%\System32\jgpl400.dll -> Johnson-Grace Company [Ver = 054 | Size = 27648 bytes | Modified Date = 2008-04-13 20:11:55 | Attr = ] l3codeca.acm -> %SystemRoot%\System32\l3codeca.acm -> Fraunhofer Institut Integrierte Schaltungen IIS [Ver = 1, 9, 0, 0305 | Size = 290816 bytes | Modified Date = 2008-04-13 20:09:57 | Attr = ] locale.nls -> %SystemRoot%\System32\locale.nls -> [Ver = | Size = 265948 bytes | Modified Date = 2008-02-29 05:09:58 | Attr = ] mciqtz32.dll -> %SystemRoot%\System32\mciqtz32.dll -> [Ver = | Size = 35328 bytes | Modified Date = 2008-04-13 20:11:56 | Attr = ] mdmxsdk.dll -> %SystemRoot%\System32\mdmxsdk.dll -> Conexant [Ver = 1.0.2.006 | Size = 86016 bytes | Modified Date = 2008-04-13 20:11:56 | Attr = ] mpeg2data.ax -> %SystemRoot%\System32\mpeg2data.ax -> [Ver = | Size = 118272 bytes | Modified Date = 2008-04-13 20:12:42 | Attr = ] mpg2splt.ax -> %SystemRoot%\System32\mpg2splt.ax -> [Ver = | Size = 148992 bytes | Modified Date = 2008-04-13 20:12:42 | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 197 bytes | Modified Date = 2008-05-16 06:37:07 | Attr = ] msdmo.dll -> %SystemRoot%\System32\msdmo.dll -> [Ver = | Size = 14336 bytes | Modified Date = 2008-04-13 20:11:59 | Attr = ] msdxm.ocx -> %SystemRoot%\System32\msdxm.ocx -> [Ver = | Size = 844314 bytes | Modified Date = 2008-04-13 20:10:08 | Attr = ] msdxmlc.dll -> %SystemRoot%\System32\msdxmlc.dll -> [Ver = | Size = 4126 bytes | Modified Date = 2008-04-13 20:10:08 | Attr = ] msjetoledb40.dll -> %SystemRoot%\System32\msjetoledb40.dll -> [Ver = | Size = 355112 bytes | Modified Date = 2008-03-25 00:50:40 | Attr = ] mtxparhd.dll -> %SystemRoot%\System32\mtxparhd.dll -> Matrox Graphics Inc. [Ver = 6.13.01.1296 | Size = 1737856 bytes | Modified Date = 2008-04-13 20:12:01 | Attr = ] NPP -> %SystemRoot%\System32\NPP -> [Folder | Modified Date = 2008-05-25 20:06:23 | Attr = ] nv4_disp.dll -> %SystemRoot%\System32\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 4274816 bytes | Modified Date = 2008-04-13 20:12:02 | Attr = ] odbcconf.rsp -> %SystemRoot%\System32\odbcconf.rsp -> [Ver = | Size = 4310 bytes | Modified Date = 2008-04-13 13:26:09 | Attr = ] OOBE -> %SystemRoot%\System32\OOBE -> [Folder | Modified Date = 2008-05-25 20:05:30 | Attr = ] PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT -> [Ver = | Size = 61500 bytes | Modified Date = 2008-05-25 20:37:06 | Attr = ] PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT -> [Ver = | Size = 400372 bytes | Modified Date = 2008-05-25 20:37:07 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 469000 bytes | Modified Date = 2008-05-25 20:37:04 | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 2008-04-25 21:24:12 | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 2008-04-25 21:26:30 | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 2008-04-25 21:26:30 | Attr = ] Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Modified Date = 2008-05-19 17:44:44 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\Process.exe:Zone.Identifier proctexe.ocx -> %SystemRoot%\System32\proctexe.ocx -> Intel Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 81920 bytes | Modified Date = 2008-04-13 20:10:35 | Attr = ] qcap.dll -> %SystemRoot%\System32\qcap.dll -> [Ver = | Size = 192512 bytes | Modified Date = 2008-04-13 20:12:03 | Attr = ] qdv.dll -> %SystemRoot%\System32\qdv.dll -> [Ver = | Size = 279040 bytes | Modified Date = 2008-04-13 20:12:03 | Attr = ] qdvd.dll -> %SystemRoot%\System32\qdvd.dll -> [Ver = | Size = 386048 bytes | Modified Date = 2008-04-13 20:12:03 | Attr = ] qedit.dll -> %SystemRoot%\System32\qedit.dll -> [Ver = | Size = 562176 bytes | Modified Date = 2008-04-13 20:12:03 | Attr = ] qedwipes.dll -> %SystemRoot%\System32\qedwipes.dll -> [Ver = | Size = 733696 bytes | Modified Date = 2008-04-13 13:21:32 | Attr = ] quartz.dll -> %SystemRoot%\System32\quartz.dll -> [Ver = | Size = 1288192 bytes | Modified Date = 2008-04-13 20:12:03 | Attr = ] regwizc.dll -> %SystemRoot%\System32\regwizc.dll -> Microsoft [Ver = 3, 0, 0, 0 | Size = 397824 bytes | Modified Date = 2008-04-13 20:12:04 | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 2008-05-25 19:59:03 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2008-05-25 20:06:23 | Attr = ] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.53 | Size = 185944 bytes | Modified Date = 2008-04-25 21:29:07 | Attr = ] s3gnb.dll -> %SystemRoot%\System32\s3gnb.dll -> S3 Graphics, Inc. [Ver = 6.14.10.0012-13.94.12 | Size = 397056 bytes | Modified Date = 2008-04-13 20:12:04 | Attr = ] sbe.dll -> %SystemRoot%\System32\sbe.dll -> [Ver = | Size = 270848 bytes | Modified Date = 2008-04-13 20:12:04 | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Modified Date = 2008-05-25 20:11:20 | Attr = ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 2008-05-25 20:30:14 | Attr = ] slbiop.dll -> %SystemRoot%\System32\slbiop.dll -> Schlumberger Technology Corporation [Ver = 5.1.2600.2095 (xpsp_sp2_rc1.040310-2010) | Size = 98304 bytes | Modified Date = 2008-04-13 20:12:06 | Attr = ] slcoinst.dll -> %SystemRoot%\System32\slcoinst.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 73832 bytes | Modified Date = 2008-04-13 20:12:06 | Attr = ] slextspk.dll -> %SystemRoot%\System32\slextspk.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 286792 bytes | Modified Date = 2008-04-13 20:12:06 | Attr = ] slgen.dll -> %SystemRoot%\System32\slgen.dll -> Smart Link [Ver = 3.80.01MC15 | Size = 188508 bytes | Modified Date = 2008-04-13 20:12:06 | Attr = ] slrundll.exe -> %SystemRoot%\System32\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Modified Date = 2008-04-13 20:12:35 | Attr = ] slserv.exe -> %SystemRoot%\System32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 2008-04-13 20:12:35 | Attr = ] sl_anet.acm -> %SystemRoot%\System32\sl_anet.acm -> Sipro Lab Telecom Inc. [Ver = 3.02 | Size = 86016 bytes | Modified Date = 2008-04-13 20:10:50 | Attr = ] SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Modified Date = 2008-05-19 17:45:02 | Attr = ] @Alternate Data Stream - 26 bytes -> %SystemRoot%\System32\SrchSTS.exe:Zone.Identifier USMT -> %SystemRoot%\System32\USMT -> [Folder | Modified Date = 2008-05-25 20:11:22 | Attr = ] WBEM -> %SystemRoot%\System32\WBEM -> [Folder | Modified Date = 2008-05-25 20:30:13 | Attr = ] WPA.DBL -> %SystemRoot%\System32\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 2008-05-25 20:34:52 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2008-05-13 17:18:15 | Attr = H ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 2008-05-25 19:58:37 | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2008-05-25 20:30:13 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2008-04-11 07:21:28 | Attr = R S] BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 2008-05-26 10:09:34 | Attr = S] cdplayer.ini -> %SystemRoot%\cdplayer.ini -> [Ver = | Size = 11113 bytes | Modified Date = 2008-05-07 22:00:42 | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2008-05-25 19:00:34 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 2008-03-09 14:14:55 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-05-20 20:54:42 | Attr = S] EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 2008-05-25 19:49:41 | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2008-05-26 09:31:32 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2008-05-25 20:30:12 | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2008-05-25 20:11:53 | Attr = ] IME -> %SystemRoot%\IME -> [Folder | Modified Date = 2008-05-25 20:11:48 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2008-05-14 06:28:52 | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 2008-05-25 20:21:18 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-05-26 13:12:47 | Attr = HS] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Modified Date = 2008-05-25 20:11:17 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 2008-04-11 07:21:32 | Attr = ] MSAGENT -> %SystemRoot%\MSAGENT -> [Folder | Modified Date = 2008-05-25 20:06:20 | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 2008-05-25 20:11:49 | Attr = ] peernet -> %SystemRoot%\peernet -> [Folder | Modified Date = 2008-05-25 20:11:14 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-05-26 13:57:40 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-05-26 09:48:33 | Attr = ] QUICKEN.INI -> %SystemRoot%\QUICKEN.INI -> [Ver = | Size = 1287 bytes | Modified Date = 2008-05-12 20:31:09 | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 2008-05-25 17:57:00 | Attr = ] SECURITY -> %SystemRoot%\SECURITY -> [Folder | Modified Date = 2008-05-25 20:29:35 | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 2008-05-25 20:11:53 | Attr = ] slrundll.exe -> %SystemRoot%\slrundll.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 32866 bytes | Modified Date = 2008-04-13 20:12:35 | Attr = ] SRCHASST -> %SystemRoot%\SRCHASST -> [Folder | Modified Date = 2008-05-25 20:06:18 | Attr = ] SYSTEM -> %SystemRoot%\SYSTEM -> [Folder | Modified Date = 2008-05-25 20:05:26 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 274 bytes | Modified Date = 2008-05-26 09:48:47 | Attr = ] SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 2008-05-26 09:48:44 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2008-05-26 10:13:32 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2008-05-26 13:54:28 | Attr = ] twain_32.dll -> %SystemRoot%\twain_32.dll -> Twain Working Group [Ver = 1,7,1,1 | Size = 50688 bytes | Modified Date = 2008-04-13 20:12:07 | Attr = ] WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 136 bytes | Modified Date = 2008-05-18 23:06:00 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2008-05-25 20:12:04 | Attr = ] Antispyware Scheduled Scan.job -> %SystemRoot%\tasks\Antispyware Scheduled Scan.job -> [Ver = | Size = 514 bytes | Modified Date = 2008-05-25 20:57:53 | Attr = ] EasyShare Registration Task.job -> %SystemRoot%\tasks\EasyShare Registration Task.job -> [Ver = | Size = 442 bytes | Modified Date = 2008-05-17 10:45:49 | Attr = ] McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 356 bytes | Modified Date = 2008-04-15 01:24:02 | Attr = ] McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 358 bytes | Modified Date = 2008-04-01 01:02:34 | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 2008-05-26 10:13:34 | Attr = H ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-05-26 10:09:50 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2008-05-25 09:34:44 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4617 bytes | Modified Date = 2008-05-25 19:33:36 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 2008-05-25 19:33:36 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data -> [Folder | Modified Date = 2005-06-21 21:58:26 | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\data.dat -> [Ver = | Size = 11890 bytes | Modified Date = 2005-06-21 21:59:07 | Attr = ] C:\Documents and Settings\Margaret\Local Settings\temp\ -> C:\Documents and Settings\Margaret\Local Settings\temp -> [Folder | Modified Date = 2008-05-26 13:50:42 | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\Margaret\Local Settings\temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 143360 bytes | Modified Date = 2006-02-17 15:55:46 | Attr = ] 1 C:\Documents and Settings\Margaret\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Margaret\Local Settings\temp\*.tmp -> C:\Documents and Settings\Margaret\Local Settings\temp\ -> C:\Documents and Settings\Margaret\Local Settings\temp -> [Folder | Modified Date = 2008-05-26 13:50:42 | Attr = ] catchme.dll -> C:\Documents and Settings\Margaret\Local Settings\temp\catchme.dll -> [Ver = | Size = 53248 bytes | Modified Date = 2008-05-26 09:49:10 | Attr = ] 1 C:\Documents and Settings\Margaret\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Margaret\Local Settings\temp\*.tmp -> C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 2008-05-26 13:57:39 | Attr = ] Perflib_Perfdata_ff8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_ff8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-05-26 01:37:43 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 2008-05-19 21:18:20 | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 2008-05-05 22:40:58 | Attr = S] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2008-05-19 00:06:39 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 2008-05-20 17:59:29 | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 2008-05-26 13:44:24 | Attr = ] @Alternate Data Stream - 181 bytes -> %AllUsersProfile%\Application Data\TEMP:4EFDF5FB @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34 Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 2008-05-19 21:18:44 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2008-05-18 09:52:16 | Attr = S] Neopets Toolbar -> %AppData%\Neopets Toolbar -> [Folder | Modified Date = 2008-05-18 23:29:17 | Attr = ] Pogo Games -> %AppData%\Pogo Games -> [Folder | Modified Date = 2008-05-05 22:43:42 | Attr = ] SiteAdvisor -> %AppData%\SiteAdvisor -> [Folder | Modified Date = 2008-05-25 18:44:41 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 2008-05-20 17:58:00 | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 2008-05-20 17:10:39 | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 2008-05-25 20:37:40 | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 2008-04-25 21:26:26 | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2008-05-25 13:46:41 | Attr = ] ESBK.mb -> %AllUsersProfile%\Documents\ESBK.mb -> [Ver = | Size = 1668096 bytes | Modified Date = 2008-04-02 18:34:59 | Attr = R ] ESBK.mbb -> %AllUsersProfile%\Documents\ESBK.mbb -> [Ver = | Size = 3389440 bytes | Modified Date = 2008-04-02 18:34:59 | Attr = R ] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Modified Date = 2008-05-19 16:22:46 | Attr = R ] Yahoo -> %AllUsersProfile%\Documents\Yahoo -> [Folder | Modified Date = 2008-05-07 22:08:11 | Attr = ] DESKTOP.INI -> %UserProfile%\My Documents\DESKTOP.INI -> [Ver = | Size = 79 bytes | Modified Date = 2008-05-25 20:36:06 | Attr = HS] john-deck.doc -> %UserProfile%\My Documents\john-deck.doc -> [Ver = | Size = 22528 bytes | Modified Date = 2008-03-09 22:19:01 | Attr = ] Knitting -> %UserProfile%\My Documents\Knitting -> [Folder | Modified Date = 2008-04-02 19:06:00 | Attr = ] 7 C:\Documents and Settings\Margaret\My Documents\*.tmp files -> C:\Documents and Settings\Margaret\My Documents\*.tmp -> My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 2008-05-25 20:36:07 | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 2008-05-25 20:36:07 | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 2008-05-25 18:42:00 | Attr = R ] QDATA1_20080305.IDX -> %UserProfile%\My Documents\QDATA1_20080305.IDX -> [Ver = | Size = 491698 bytes | Modified Date = 2008-03-05 19:18:58 | Attr = ] QDATA1_20080305.QDF -> %UserProfile%\My Documents\QDATA1_20080305.QDF -> [Ver = | Size = 4354344 bytes | Modified Date = 2008-03-05 19:19:00 | Attr = ] QDATA1_20080305.QEL -> %UserProfile%\My Documents\QDATA1_20080305.QEL -> [Ver = | Size = 240640 bytes | Modified Date = 2008-03-05 19:18:54 | Attr = ] QDATA1_20080305.QPH -> %UserProfile%\My Documents\QDATA1_20080305.QPH -> [Ver = | Size = 106595 bytes | Modified Date = 2008-03-05 19:17:12 | Attr = ] Resume - 3-26-07.doc -> %UserProfile%\My Documents\Resume - 3-26-07.doc -> [Ver = | Size = 31744 bytes | Modified Date = 2008-03-26 17:24:27 | Attr = ] Resume - 3-26-08.doc -> %UserProfile%\My Documents\Resume - 3-26-08.doc -> [Ver = | Size = 31744 bytes | Modified Date = 2008-04-10 18:26:55 | Attr = ] TurboTax -> %UserProfile%\My Documents\TurboTax -> [Folder | Modified Date = 2008-05-09 20:14:29 | Attr = ] AntiSpyware.lnk -> %AllUsersProfile%\Desktop\AntiSpyware.lnk -> [Ver = | Size = 2249 bytes | Modified Date = 2008-05-25 20:58:38 | Attr = ] AT&T Yahoo! Music Jukebox.lnk -> %AllUsersProfile%\Desktop\AT&T Yahoo! Music Jukebox.lnk -> [Ver = | Size = 2112 bytes | Modified Date = 2008-03-09 14:21:05 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 2008-05-19 21:18:22 | Attr = ] RealPlayer.lnk -> %AllUsersProfile%\Desktop\RealPlayer.lnk -> [Ver = | Size = 897 bytes | Modified Date = 2008-04-25 21:33:14 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 2008-05-20 17:58:10 | Attr = ] TurboTax Premier Investments 2006.lnk -> %AllUsersProfile%\Desktop\TurboTax Premier Investments 2006.lnk -> [Ver = | Size = 1775 bytes | Modified Date = 2008-04-29 20:40:45 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1955424 bytes | Modified Date = 2008-05-26 09:29:50 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ComboFix.exe:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 2008-05-21 06:50:21 | Attr = ] Microsoft Word.lnk -> %UserProfile%\Desktop\Microsoft Word.lnk -> [Ver = | Size = 2473 bytes | Modified Date = 2008-05-10 07:14:07 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.2 | Size = 291328 bytes | Modified Date = 2008-05-26 13:52:49 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 2008-05-26 13:57:18 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 544393 bytes | Modified Date = 2008-05-26 13:56:58 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Modified Date = 2008-05-25 18:10:33 | Attr = ] Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Modified Date = 2008-05-25 18:19:34 | Attr = ] ymetray.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\ymetray.lnk -> [Ver = | Size = 911 bytes | Modified Date = 2008-03-09 14:21:05 | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Modified Date = 2008-04-25 21:30:59 | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 2008-05-25 20:06:01 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 2008-05-20 17:56:59 | Attr = ] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Modified Date = 2008-04-25 21:34:01 | Attr = ] < End of report > [/code]