[code] OTScanIt logfile created on: 2008-05-28 22:07:48 OTScanIt by OldTimer - Version 1.0.15.2 Folder = C:\Documents and Settings\Administrator\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = ) Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: yyyy-MM-dd 1023.00 Mb Total Physical Memory | 794.76 Mb Available Physical Memory | 77.69% Memory free 2.40 Gb Paging File | 2.32 Gb Available in Paging File | 96.66% Paging File free Paging file location(s): c:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.72 Gb Total Space | 49.98 Gb Free Space | 44.74% Space Free | Partition Type: NTFS Drive D: | 7.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME Current User Name: Administrator Logged in as Administrator. Current Boot Mode: SafeMode with Networking Scan Mode: All users [Processes - Non-Microsoft Only] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.2 | Size = 374272 bytes | Modified Date = 2008-05-28 02:37:38 | Attr = ] [Win32 Services - Non-Microsoft Only] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4180 | Size = 495616 bytes | Modified Date = 2007-10-17 11:54:20 | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 2007-10-16 20:05:00 | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 2008-02-10 10:06:33 | Attr = ] (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\guard.exe -> GRISOFT s.r.o. [Ver = 7, 5, 1, 22 | Size = 312880 bytes | Modified Date = 2007-05-30 22:31:10 | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 2008-01-26 11:47:02 | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 2008-01-26 11:47:02 | Attr = ] (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 2008-01-26 11:47:02 | Attr = ] (comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 3.0.0.71 | Size = 55640 bytes | Modified Date = 2007-08-22 18:21:30 | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 1999-12-13 03:01:00 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 17:56:48 | Attr = ] (GBPoll) GoBack Polling Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Norton SystemWorks\Norton GoBack\GBPoll.exe -> Symantec Corporation [Ver = 4.11.371 | Size = 595632 bytes | Modified Date = 2005-11-14 08:24:04 | Attr = R ] (gusvc) Google Updater Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 2008-05-24 18:53:47 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-03 23:41:10 | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.1.232 | Size = 3220856 bytes | Modified Date = 2008-02-10 10:06:25 | Attr = ] (LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 2008-01-26 11:47:02 | Attr = ] (MaxBackServiceInt) MaxBackServiceInt [Win32_Own | Auto | Stopped] -> -> File not found (NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 2003-03-03 15:33:40 | Attr = ] (NProtectService) Norton UnErase Protection [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -> Symantec Corporation [Ver = 19.0.1.8 | Size = 95832 bytes | Modified Date = 2005-11-03 17:08:01 | Attr = ] (NSCService) Norton Protection Center Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Symantec Shared\Security Console\NSCSRVCE.EXE -> Symantec Corporation [Ver = 2006.1.8.2 | Size = 750720 bytes | Modified Date = 2006-12-15 12:36:28 | Attr = ] (NTService1) MaxSyncService [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Maxtor\OneTouch\Utils\SyncServices.exe -> [Ver = 1, 0, 0, 1 | Size = 106496 bytes | Modified Date = 2006-02-07 15:10:14 | Attr = ] (PCTAVSvc) PC Tools AntiVirus Engine [Win32_Own | Auto | Stopped] -> %ProgramFiles%\PC Tools AntiVirus\PCTAVSvc.exe -> PC Tools Research Pty Ltd [Ver = 4, 0, 0, 26 | Size = 767888 bytes | Modified Date = 2008-03-05 08:37:32 | Attr = ] (pr2ah4nc) DiRT Drivers Auto Removal (pr2ah4nc) [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\pr2ah4nc.exe -> CODEMASTERS [Ver = 2.09 | Size = 410984 bytes | Modified Date = 2007-08-18 03:35:20 | Attr = ] (ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Stopped] -> %SystemRoot%\SYSTEM32\PSIService.exe -> [Ver = 2.0.0.1 | Size = 177704 bytes | Modified Date = 2007-06-05 12:20:32 | Attr = ] (sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5.5.0.40 | Size = 747912 bytes | Modified Date = 2008-02-01 12:55:54 | Attr = ] (sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.0.74 | Size = 948616 bytes | Modified Date = 2008-02-01 12:55:56 | Attr = ] (Speed Disk service) Speed Disk service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -> Symantec Corporation [Ver = 7.00.0.24 | Size = 176193 bytes | Modified Date = 2005-11-03 16:44:58 | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 2008-02-25 22:06:30 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ccApp -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> Symantec Corporation [Ver = 107.0.4.2 | Size = 51048 bytes | Modified Date = 2008-01-26 11:47:22 | Attr = ] CTDVDDet -> %ProgramFiles%\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe [C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE] -> Creative Technology Ltd [Ver = 1.0.2.0 | Size = 45056 bytes | Modified Date = 2002-09-30 03:00:00 | Attr = ] CTSysVol -> %ProgramFiles%\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe] -> Creative Technology Ltd [Ver = 1.1.3.0 | Size = 49152 bytes | Modified Date = 2002-10-29 11:18:24 | Attr = ] EPSON Stylus Photo RX700 Series -> %SystemRoot%\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_FATI9IE.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9IE.EXE /P31 "EPSON Stylus Photo RX700 Series" /O6 "USB001" /M "Stylus Photo RX700"] -> SEIKO EPSON CORPORATION [Ver = 3.00 | Size = 98304 bytes | Modified Date = 2004-11-10 13:00:00 | Attr = ] NeroFilterCheck -> %SystemRoot%\SYSTEM32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 2001-07-09 10:50:42 | Attr = ] osCheck -> %ProgramFiles%\Norton Internet Security\osCheck.exe ["C:\Program Files\Norton Internet Security\osCheck.exe"] -> Symantec Corporation [Ver = 15.5.0.32 | Size = 718704 bytes | Modified Date = 2008-02-07 16:49:38 | Attr = ] PCTAVApp -> %ProgramFiles%\PC Tools AntiVirus\PCTAV.exe ["C:\Program Files\PC Tools AntiVirus\PCTAV.exe" /MONITORSCAN] -> PC Tools Research Pty Ltd [Ver = 4, 0, 0, 26 | Size = 1238928 bytes | Modified Date = 2008-03-05 09:37:56 | Attr = ] StartCCC -> %ProgramFiles%\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"] -> [Ver = | Size = 90112 bytes | Modified Date = 2006-11-10 11:35:24 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.49 | Size = 443968 bytes | Modified Date = 2008-02-26 11:23:34 | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.49 | Size = 443968 bytes | Modified Date = 2008-02-26 11:23:34 | Attr = ] < A Startup Folder > -> C:\Documents and Settings\A\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < K Startup Folder > -> C:\Documents and Settings\K\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> GRISOFT s.r.o. [Ver = 7, 5, 1, 36 | Size = 79408 bytes | Modified Date = 2007-05-30 22:29:58 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500] > -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\SYSTEM32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 2007-10-17 11:55:44 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500] > -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\SYSTEM32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 2004-08-04 15:59:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CDDVDW_SH-S203D________________SB00____\5&3892e308&0&0.0.0 [IDE\CdRomTSSTcorp_CDDVDW_SH-S203D________________SB00____\5&3892e308&0&0.0.0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 2007-05-04 19:08:52 | Attr = ] Autorun.exe [MZ | ] -> D:\Autorun.exe [ CDFS ] -> Codemasters Software Co. [Ver = 1.0.0.1 | Size = 749568 bytes | Modified Date = 2007-05-20 05:32:23 | Attr = R ] autorun.inf [[autorun] | OPEN="autorun.exe" | icon="autorun.exe" | label="DIRT" | | ] -> D:\autorun.inf [ CDFS ] -> [Ver = | Size = 67 bytes | Modified Date = 2007-05-01 20:26:01 | Attr = R ] < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://www.dell.com -> HKEY_USERS\.DEFAULT\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://www.dell.com -> HKEY_USERS\S-1-5-18\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-19\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-19\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-20\: Main\\Search Bar -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-20\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\] > -> -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4497 domain(s) found. -> 36 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4507 domain(s) found. -> 35 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4496 domain(s) found. -> 35 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4496 domain(s) found. -> 35 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 16 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\] > -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4507 domain(s) found. -> 35 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\] > -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2008.2.5.32 | Size = 349552 bytes | Modified Date = 2008-02-07 14:05:16 | Attr = ] {6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.2.0.81 | Size = 116088 bytes | Modified Date = 2008-02-25 22:07:36 | Attr = ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 2008-05-25 00:16:14 | Attr = ] {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EpsonToolBandKicker Class] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 2004-02-10 13:08:58 | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\] > -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.5.32 | Size = 349552 bytes | Modified Date = 2008-02-07 14:05:16 | Attr = ] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll [EPSON Web-To-Page] -> SEIKO EPSON CORPORATION [Ver = 1, 0, 0, 0 | Size = 339968 bytes | Modified Date = 2004-02-10 13:08:58 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {5E638779-1818-4754-A595-EF1C63B87A56}:Exec -> %ProgramFiles%\Norton SystemWorks\Norton Cleanup\WCQuick.lnk [Express Cleanup] -> [Ver = | Size = 761 bytes | Modified Date = 2006-07-08 17:28:37 | Attr = ] {85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] -> [Ver = | Size = 53248 bytes | Modified Date = 2008-01-09 15:01:48 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Web Browser Applet Control] -> File not found CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton SystemWorks\Norton Cleanup\WCQuick.lnk [Express Cleanup] -> [Ver = | Size = 761 bytes | Modified Date = 2006-07-08 17:28:37 | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Web Browser Applet Control] -> File not found CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton SystemWorks\Norton Cleanup\WCQuick.lnk [Express Cleanup] -> [Ver = | Size = 761 bytes | Modified Date = 2006-07-08 17:28:37 | Attr = ] CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Web Browser Applet Control] -> File not found CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton SystemWorks\Norton Cleanup\WCQuick.lnk [Express Cleanup] -> [Ver = | Size = 761 bytes | Modified Date = 2006-07-08 17:28:37 | Attr = ] CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\] > -> HKEY_USERS\S-1-5-21-1910491801-580534171-2784282402-500\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> [Web Browser Applet Control] -> File not found CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton SystemWorks\Norton Cleanup\WCQuick.lnk [Express Cleanup] -> [Ver = | Size = 761 bytes | Modified Date = 2006-07-08 17:28:37 | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {0197378B-1A05-4AB8-93BA-CCAA0D3D90E7} -> () -> {3A9AEB03-DEC7-4DB7-B644-D0CD9E952E72} -> (Windows Mobile-based Device) -> {8D5137BF-3E31-4DC4-A6F8-0DB15C2CEB96} -> (1394 Net Adapter) -> {A5B32C1C-80ED-4FD4-9AFA-569268D813EF} -> 203.23.211.11,203.23.211.11 (Intel(R) PRO/100 VE Network Connection) -> {B1091516-DF50-48FF-B7A3-136E52F05906} -> 203.23.211.11,203.23.211.11 (NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries\000000000001 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000006 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000007 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000008 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000009 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000010 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000011 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000012 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000013 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000014 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000015 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000016 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000017 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000018 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000019 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000020 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000021 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000022 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000023 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000024 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000025 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000026 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000027 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000028 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000029 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000030 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000031 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000032 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000033 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000034 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000035 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000036 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000037 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000038 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000039 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000040 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000041 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000042 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000043 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000044 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000045 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000046 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000047 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000048 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000049 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000050 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000051 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000052 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000053 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000054 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000055 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000056 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000057 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000058 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000059 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000060 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000061 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000062 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000063 -> %CommonProgramFiles%\PC Tools\Lsp\PCTLsp.dll -> PC Tools Research Pty Ltd. [Ver = 1, 0, 88, 0 | Size = 190360 bytes | Modified Date = 2007-12-06 15:51:40 | Attr = ] < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 2007-11-12 14:48:02 | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> {0A5FD7C5-A45C-49FC-ADB5-9952547D5715}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15026/CTSUEng.cab[Creative Software AutoUpdate] -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> {34F12AFD-E9B5-492A-85D2-40FA4535BE83}[HKEY_LOCAL_MACHINE] -> http://www.symantec.com/techsupp/activedata/nprdtinf.cab[AxProdInfoCtl Class] -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> {644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> {6A344D34-5231-452A-8A57-D064AC9B7862}[HKEY_LOCAL_MACHINE] -> https://webdl.symantec.com/activex/symdlmgr.cab[Symantec Download Manager] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129693247937[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}[HKEY_LOCAL_MACHINE] -> https://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab[Symantec Download Bridge] -> {B1E2B96C-12FE-45E2-BEF1-44A219113CDD}[HKEY_LOCAL_MACHINE] -> http://www.superadblocker.com/activex/sabspx.cab[SABScanProcesses Class] -> {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> {F6ACF75C-C32C-447B-9BEF-46B766368D29}[HKEY_LOCAL_MACHINE] -> http://www.creative.com/su/ocx/15029/CTPID.cab[Creative Software AutoUpdate Support Package] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandel.exe\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/bdoscandellang.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdcore.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bdupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clt05PIN.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clt05PIN.dll\\.Owner -> {34F12AFD-E9B5-492A-85D2-40FA4535BE83} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clt05PIN.dll\\{34F12AFD-E9B5-492A-85D2-40FA4535BE83} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clt06PIN.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clt06PIN.dll\\.Owner -> {34F12AFD-E9B5-492A-85D2-40FA4535BE83} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/clt06PIN.dll\\{34F12AFD-E9B5-492A-85D2-40FA4535BE83} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTPID.ocx\\{F6ACF75C-C32C-447B-9BEF-46B766368D29} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CTSUEng.ocx\\{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ipsupd.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/lang.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libfn.dll\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/live.ini\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/nprdtinf.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/nprdtinf.dll\\.Owner -> {34F12AFD-E9B5-492A-85D2-40FA4535BE83} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/nprdtinf.dll\\{34F12AFD-E9B5-492A-85D2-40FA4535BE83} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan82.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan82.ocx\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/oscan82.ocx\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\{644E432F-49D3-41A1-8DD5-E099162EEEC5} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\\.Owner -> {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sabspx.dll\\{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\\.Owner -> {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scanoptions.tsi\\{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\\.Owner -> {6A344D34-5231-452A-8A57-D064AC9B7862} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/symdlmgr.dll\\{6A344D34-5231-452A-8A57-D064AC9B7862} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/msvcr71.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/msvcr71.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/msvcr71.dll\\{6A344D34-5231-452A-8A57-D064AC9B7862} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/sabprocenum.sys\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/sabprocenum.sys\\.Owner -> {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/sabprocenum.sys\\{B1E2B96C-12FE-45E2-BEF1-44A219113CDD} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 17:56:43 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 2005-06-16 03:49:30 | Attr = ] msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2004-08-04 17:56:43 | Attr = ] schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 2007-04-26 00:21:15 | Attr = ] wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 2006-03-24 14:37:50 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1700 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2004-08-04 17:56:44 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2004-08-04 17:56:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 34 10 8F F7 B9 C6 ED 1E A2 30 6A 10 FC 9A 45 2B 63 38 62 34 38 31 65 63 00 00 00 00 01 00 00 00 BC 01 00 00 C0 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 1C 5F D4 7B [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 44 8B 45 B6 9C FB 20 AF 9D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 67 D6 B1 4D 0E 89 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\SYSTEM32\iissuba.dll [iissuba] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2003-07-17 02:24:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 0A 63 92 AD A8 12 03 B3 20 28 EF 76 A7 C1 D5 07 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> E8 13 24 E1 EC 8C C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 6F E3 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 17:56:57 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11477 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2004-08-04 17:56:42 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\SharedAutoDial -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 17:56:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 22:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 199464 bytes | Modified Date = 2006-11-13 13:39:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 1289000 bytes | Modified Date = 2006-11-13 13:39:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 4270888 bytes | Modified Date = 2006-11-13 13:39:54 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\IcmpSettings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\IcmpSettings\\AllowInboundEchoRequest -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.6.0.244 | Size = 21686568 bytes | Modified Date = 2007-12-07 14:08:02 | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FTP Explorer\ftpx.exe -> C:\Program Files\FTP Explorer\ftpx.exe [C:\Program Files\FTP Explorer\ftpx.exe:*:Enabled:FTP Explorer Application] -> FTPx Corp. [Ver = 1.00.010 | Size = 631808 bytes | Modified Date = 1997-06-03 20:44:04 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 17:56:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eDonkey2000\edonkey2000.exe -> C:\Program Files\eDonkey2000\edonkey2000.exe [C:\Program Files\eDonkey2000\edonkey2000.exe:*:Enabled:edonkey2000] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\GameSpy Arcade\Aphex.exe -> C:\Program Files\GameSpy Arcade\Aphex.exe [C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade] -> IGN Entertainment, Inc. [Ver = 2.0.4.5227 | Size = 4206658 bytes | Modified Date = 2006-05-24 18:49:16 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe -> C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe [C:\Program Files\Illusion Softworks\Hidden & Dangerous 2\hd2.exe:*:Enabled:hd2] -> [Ver = | Size = 6881280 bytes | Modified Date = 2004-09-03 21:15:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Router Tools V2.5.3\SyslogRd.exe -> C:\Program Files\Router Tools V2.5.3\SyslogRd.exe [C:\Program Files\Router Tools V2.5.3\SyslogRd.exe:*:Enabled:DrayTek Syslog Monitor] -> DrayTek corp. [Ver = 2.4.5 | Size = 397312 bytes | Modified Date = 2004-01-06 15:06:16 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eMule\emule.exe -> C:\Program Files\eMule\emule.exe [C:\Program Files\eMule\emule.exe:*:Enabled:eMule] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Codemasters\Colin McRae Rally 2005\CMR5.EXE -> C:\Program Files\Codemasters\Colin McRae Rally 2005\CMR5.EXE [C:\Program Files\Codemasters\Colin McRae Rally 2005\CMR5.EXE:*:Enabled:Colin McRae Rally 2005 Application] -> [Ver = 1, 0, 0, 0 | Size = 2002944 bytes | Modified Date = 2004-09-21 15:02:14 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 2006-10-10 22:44:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\SYSTEM32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2004-08-04 17:56:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 199464 bytes | Modified Date = 2006-11-13 13:39:34 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 1289000 bytes | Modified Date = 2006-11-13 13:39:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> Microsoft Corporation [Ver = 4.5.5096.0 | Size = 4270888 bytes | Modified Date = 2006-11-13 13:39:54 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundEchoRequest -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 17:56:57 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2004-08-04 17:56:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\SYSTEM32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 14:39:49 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\SYSTEM32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2004-08-04 17:56:57 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\SYSTEM32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2004-08-04 17:56:44 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\SYSTEM32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2004-08-04 17:56:57 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\SYSTEM32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 2005-07-26 14:39:49 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> CTHelper hkey=HKLM key=Run -> %SystemRoot%\CTHELPER.EXE -> Creative Technology Ltd [Ver = 2, 0, 0, 41 | Size = 17920 bytes | Modified Date = 2006-08-11 14:56:02 | Attr = ] CTxfiHlp hkey=HKLM key=Run -> %SystemRoot%\SYSTEM32\CTXFIHLP.EXE -> Creative Technology Ltd [Ver = 2, 0, 1, 3 | Size = 18944 bytes | Modified Date = 2006-08-11 14:56:04 | Attr = ] EEventManager hkey=HKLM key=Run -> %ProgramFiles%\epson\Creativity Suite\Event Manager\EEventManager.exe -> [Ver = 1, 0, 0, 1 | Size = 118784 bytes | Modified Date = 2004-11-01 16:33:50 | Attr = ] [Files/Folders - Created Within 90 days] Combo-Fix -> %SystemDrive%\Combo-Fix -> [Folder | Created Date = 2008-05-26 20:47:51 | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 2008-05-26 20:48:02 | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Created Date = 2008-03-25 14:50:40 | Attr = ] AVFilter.sys -> %SystemRoot%\System32\drivers\AVFilter.sys -> PC Tools Research Pty Ltd [Ver = 1, 3, 0, 0 | Size = 21904 bytes | Created Date = 2008-05-24 19:21:35 | Attr = ] AvgAsCln.sys -> %SystemRoot%\System32\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 10872 bytes | Created Date = 2008-05-24 18:19:50 | Attr = ] AVHook.sys -> %SystemRoot%\System32\drivers\AVHook.sys -> PC Tools Research Pty Ltd. [Ver = 3.00.012 Build 012 | Size = 28568 bytes | Created Date = 2008-05-24 19:21:35 | Attr = ] AVRec.sys -> %SystemRoot%\System32\drivers\AVRec.sys -> PC Tools Research Pty Ltd [Ver = 3.00.012 Build 012 | Size = 21912 bytes | Created Date = 2008-05-24 19:21:35 | Attr = ] dsload.sys -> %SystemRoot%\System32\drivers\dsload.sys -> Oracle Corp. [Ver = 4.06.377 | Size = 10910 bytes | Created Date = 2008-04-24 21:53:34 | Attr = ] ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Created Date = 2008-05-25 07:52:50 | Attr = ] iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 2008-05-25 07:52:50 | Attr = ] iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 2008-05-25 07:52:50 | Attr = ] kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 2008-05-25 07:52:50 | Attr = ] 404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Created Date = 2008-05-24 18:04:34 | Attr = ] BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30120 bytes | Created Date = 2008-05-25 00:32:23 | Attr = ] BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30120 bytes | Created Date = 2008-05-25 00:32:23 | Attr = ] BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30912 bytes | Created Date = 2008-05-25 00:32:23 | Attr = ] BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30912 bytes | Created Date = 2008-05-25 00:32:23 | Attr = ] dsgrab_01c8a601d2d658a0.dll -> %SystemRoot%\System32\dsgrab_01c8a601d2d658a0.dll -> Oracle Corp. [Ver = 4.06.377 | Size = 32318 bytes | Created Date = 2008-04-24 21:53:39 | Attr = ] dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 2008-05-24 18:04:33 | Attr = ] DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 11564 bytes | Created Date = 2008-05-25 00:32:23 | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Created Date = 2008-05-24 18:04:34 | Attr = ] ImageDrive.cpl -> %SystemRoot%\System32\ImageDrive.cpl -> Nero AG [Ver = 3.0.0.7 | Size = 81920 bytes | Created Date = 2008-05-24 09:28:03 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 2008-05-25 12:47:21 | Attr = ] 12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 2008-05-24 18:04:33 | Attr = ] settings.sfm -> %SystemRoot%\System32\settings.sfm -> [Ver = | Size = 1080 bytes | Created Date = 2008-05-25 00:32:23 | Attr = ] settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Created Date = 2008-05-25 00:32:23 | Attr = ] SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 2008-05-24 18:04:33 | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Created Date = 2008-05-24 18:04:34 | Attr = ] VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 2008-05-24 18:04:33 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Created Date = 2008-05-24 23:55:52 | Attr = ] WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 2008-05-24 18:04:34 | Attr = ] BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Created Date = 2008-05-25 13:16:13 | Attr = ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2008-05-26 20:50:16 | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 2008-05-26 20:47:58 | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 2008-05-26 20:47:58 | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.05 | Size = 28160 bytes | Created Date = 2008-05-26 20:47:58 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 2008-05-26 20:54:49 | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 2008-05-26 20:47:58 | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 2008-05-26 20:47:58 | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 2008-05-26 20:47:58 | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 2008-05-26 20:54:20 | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2008-05-26 20:47:58 | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 2008-05-26 20:47:58 | Attr = ] RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 440 bytes | Created Date = 2008-05-20 16:12:02 | Attr = ] RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 374 bytes | Created Date = 2008-05-20 16:12:01 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] DVD Shrink -> %AllUsersProfile%\Application Data\DVD Shrink -> [Folder | Created Date = 2008-04-24 16:36:43 | Attr = ] Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [Folder | Created Date = 2008-05-25 00:16:07 | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Created Date = 2008-05-24 18:19:42 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 2008-05-25 12:47:23 | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 2008-05-24 17:51:23 | Attr = ] PC Tools -> %AllUsersProfile%\Application Data\PC Tools -> [Folder | Created Date = 2008-05-24 19:21:28 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 2008-05-24 19:38:04 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Created Date = 2008-05-24 14:27:40 | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Created Date = 2008-05-24 18:20:24 | Attr = ] U3 -> %AppData%\U3 -> [Folder | Created Date = 2008-05-24 10:17:11 | Attr = ] Symantec -> %UserProfile%\Local Settings\Application Data\Symantec -> [Folder | Created Date = 2008-05-24 10:32:46 | Attr = ] cc_20080524_1700.reg -> %UserProfile%\My Documents\cc_20080524_1700.reg -> [Ver = | Size = 900096 bytes | Created Date = 2008-05-24 17:00:55 | Attr = ] mbam-setup.exe -> %UserProfile%\My Documents\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1699142 bytes | Created Date = 2008-05-25 15:32:32 | Attr = ] Combo-Fix.exe -> %UserProfile%\Desktop\Combo-Fix.exe -> [Ver = | Size = 1955424 bytes | Created Date = 2008-05-26 20:47:16 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1955327 bytes | Created Date = 2008-05-26 19:02:38 | Attr = ] Hijackthis.lnk -> %UserProfile%\Desktop\Hijackthis.lnk -> [Ver = | Size = 660 bytes | Created Date = 2008-05-25 15:01:24 | Attr = ] OTCleanIt.exe -> %UserProfile%\Desktop\OTCleanIt.exe -> OldTimer Tools [Ver = 1.0.3.1 | Size = 181248 bytes | Created Date = 2008-05-26 19:02:38 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.2 | Size = 291328 bytes | Created Date = 2008-05-26 19:02:38 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 2008-05-28 22:00:47 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 544843 bytes | Created Date = 2008-05-28 22:00:05 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 2008-05-25 15:25:22 | Attr = ] Oracle -> %CommonProgramFiles%\Oracle -> [Folder | Created Date = 2008-04-24 21:53:25 | Attr = ] PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Created Date = 2008-05-24 19:21:36 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 2008-05-24 23:11:06 | Attr = ] Grisoft -> %ProgramFiles%\Grisoft -> [Folder | Created Date = 2008-05-24 18:19:40 | Attr = ] Hijackthis -> %ProgramFiles%\Hijackthis -> [Folder | Created Date = 2008-05-25 15:01:23 | Attr = ] Mozilla Firefox -> %ProgramFiles%\Mozilla Firefox -> [Folder | Created Date = 2008-05-25 14:23:29 | Attr = ] PC Tools AntiVirus -> %ProgramFiles%\PC Tools AntiVirus -> [Folder | Created Date = 2008-05-24 19:21:28 | Attr = ] RegCure -> %ProgramFiles%\RegCure -> [Folder | Created Date = 2008-05-20 16:11:51 | Attr = ] Spyware Doctor -> %ProgramFiles%\Spyware Doctor -> [Folder | Created Date = 2008-05-25 07:52:41 | Attr = ] uTorrent -> %ProgramFiles%\uTorrent -> [Folder | Created Date = 2008-05-25 00:03:18 | Attr = ] WebDialogs -> %ProgramFiles%\WebDialogs -> [Folder | Created Date = 2008-03-02 07:51:29 | Attr = ] [Files/Folders - Modified Within 90 days] Combo-Fix -> %SystemDrive%\Combo-Fix -> [Folder | Modified Date = 2008-05-27 05:47:37 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2008-05-25 15:01:23 | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 2008-05-26 20:51:03 | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2008-05-26 20:56:41 | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-05-27 05:47:37 | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Modified Date = 2008-03-25 14:50:40 | Attr = ] coh_mon.cat -> %SystemRoot%\System32\drivers\coh_mon.cat -> [Ver = | Size = 10537 bytes | Modified Date = 2008-03-06 20:32:09 | Attr = ] COH_Mon.inf -> %SystemRoot%\System32\drivers\COH_Mon.inf -> [Ver = | Size = 706 bytes | Modified Date = 2008-03-06 20:32:09 | Attr = ] COH_Mon.sys -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23904 bytes | Modified Date = 2008-03-06 20:32:09 | Attr = ] ETC -> %SystemRoot%\System32\drivers\ETC -> [Folder | Modified Date = 2008-05-26 21:04:23 | Attr = ] hosts -> %SystemRoot%\System32\drivers\ETC\hosts -> [Ver = | Size = 27 bytes | Modified Date = 2008-05-26 21:04:23 | Attr = ] hosts.20080524-230506.backup -> %SystemRoot%\System32\drivers\ETC\hosts.20080524-230506.backup -> [Ver = | Size = 734 bytes | Modified Date = 2008-05-24 18:08:34 | Attr = ] Hosts.bak -> %SystemRoot%\System32\drivers\ETC\Hosts.bak -> [Ver = | Size = 243463 bytes | Modified Date = 2008-05-25 01:07:00 | Attr = RH ] 404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Modified Date = 2008-05-18 21:40:36 | Attr = ] BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30120 bytes | Modified Date = 2008-05-27 06:11:36 | Attr = ] BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30120 bytes | Modified Date = 2008-05-27 06:11:36 | Attr = ] BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30912 bytes | Modified Date = 2008-05-27 06:11:36 | Attr = ] BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 30912 bytes | Modified Date = 2008-05-27 06:11:36 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 2008-04-12 07:44:13 | Attr = ] 12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-05-26 21:27:04 | Attr = ] CONFIG -> %SystemRoot%\System32\CONFIG -> [Folder | Modified Date = 2008-05-26 20:55:11 | Attr = ] DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 2008-05-24 09:34:29 | Attr = RHS] DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 2008-05-28 21:55:03 | Attr = ] DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx -> [Ver = | Size = 11564 bytes | Modified Date = 2008-05-27 06:11:36 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 166400 bytes | Modified Date = 2008-04-12 10:38:40 | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Modified Date = 2008-05-18 21:40:36 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 2008-05-25 12:47:21 | Attr = ] msjetoledb40.dll -> %SystemRoot%\System32\msjetoledb40.dll -> [Ver = | Size = 355112 bytes | Modified Date = 2008-03-25 14:50:40 | Attr = ] PERFC009.DAT -> %SystemRoot%\System32\PERFC009.DAT -> [Ver = | Size = 74634 bytes | Modified Date = 2008-05-26 18:54:52 | Attr = ] PERFH009.DAT -> %SystemRoot%\System32\PERFH009.DAT -> [Ver = | Size = 451614 bytes | Modified Date = 2008-05-26 18:54:52 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 536470 bytes | Modified Date = 2008-05-26 18:54:52 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2008-05-26 20:56:41 | Attr = ] settings.sfm -> %SystemRoot%\System32\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 2008-05-27 06:11:36 | Attr = ] settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 2008-05-27 06:11:36 | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Modified Date = 2008-05-15 23:22:46 | Attr = ] WBEM -> %SystemRoot%\System32\WBEM -> [Folder | Modified Date = 2008-03-21 09:45:38 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2008-05-28 21:55:41 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2008-05-14 16:38:11 | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2008-04-17 08:23:11 | Attr = R S] BDOSCAN8 -> %SystemRoot%\BDOSCAN8 -> [Folder | Modified Date = 2008-05-25 13:21:29 | Attr = ] BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 2008-05-28 21:54:07 | Attr = S] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 2008-05-24 14:21:18 | Attr = HS] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 2008-05-24 16:58:20 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-05-25 13:16:16 | Attr = S] EPISME00.SWB -> %SystemRoot%\EPISME00.SWB -> [Ver = | Size = 9662 bytes | Modified Date = 2008-03-12 15:06:29 | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2008-05-26 20:54:58 | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 2008-04-12 08:41:43 | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 2008-05-25 13:16:13 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-05-24 09:41:39 | Attr = HS] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 2008-04-17 08:23:16 | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 2008-05-24 16:58:19 | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 229 bytes | Modified Date = 2008-05-22 09:35:43 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-05-27 05:52:27 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-05-26 20:54:49 | Attr = ] SECURITY -> %SystemRoot%\SECURITY -> [Folder | Modified Date = 2008-03-08 13:36:59 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 246 bytes | Modified Date = 2008-05-26 21:04:33 | Attr = ] SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 2008-05-26 20:55:39 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2008-05-20 16:12:02 | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 2008-05-28 21:58:14 | Attr = ] VBADDIN.INI -> %SystemRoot%\VBADDIN.INI -> [Ver = | Size = 63 bytes | Modified Date = 2008-04-12 08:39:51 | Attr = ] VDEN.bkm -> %SystemRoot%\VDEN.bkm -> [Ver = | Size = 10 bytes | Modified Date = 2008-03-24 10:10:42 | Attr = ] WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 613 bytes | Modified Date = 2008-03-20 18:26:53 | Attr = ] WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 153 bytes | Modified Date = 2008-05-24 23:01:49 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2008-04-13 15:53:41 | Attr = ] {00000002-00000000-00000002-00001102-00000004-10031102}.CDF -> %SystemRoot%\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF -> [Ver = | Size = 4959907 bytes | Modified Date = 2008-04-06 22:25:04 | Attr = ] Norton Internet Security - Run Full System Scan - Krasch.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Krasch.job -> [Ver = | Size = 624 bytes | Modified Date = 2008-05-06 08:46:53 | Attr = ] RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 440 bytes | Modified Date = 2008-05-26 21:27:04 | Attr = ] RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 374 bytes | Modified Date = 2008-05-20 16:12:03 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-05-27 06:11:11 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 2004-04-13 19:58:45 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 7806 bytes | Modified Date = 2008-05-26 21:28:53 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 7806 bytes | Modified Date = 2008-05-26 21:28:53 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 2004-06-01 14:13:50 | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1632 bytes | Modified Date = 2004-06-01 14:20:47 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2004-06-01 14:13:50 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data -> [Folder | Modified Date = 2005-01-13 10:54:23 | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\data.dat -> [Ver = | Size = 11896 bytes | Modified Date = 2005-01-13 10:54:45 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 2005-04-04 17:13:23 | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2004-05-02 12:49:17 | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\TEMP -> [Folder | Modified Date = 2008-05-28 21:58:14 | Attr = ] Perflib_Perfdata_e5c.dat -> C:\WINDOWS\TEMP\Perflib_Perfdata_e5c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 2008-05-26 21:27:13 | Attr = ] 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] DVD Shrink -> %AllUsersProfile%\Application Data\DVD Shrink -> [Folder | Modified Date = 2008-04-24 16:36:43 | Attr = ] Google Updater -> %AllUsersProfile%\Application Data\Google Updater -> [Folder | Modified Date = 2008-05-26 21:32:35 | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 2008-05-24 18:19:42 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 2008-05-25 12:47:23 | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 2008-05-24 17:51:23 | Attr = ] PC Tools -> %AllUsersProfile%\Application Data\PC Tools -> [Folder | Modified Date = 2008-05-24 19:23:54 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 2008-05-24 19:39:35 | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Modified Date = 2008-03-27 19:42:54 | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 2008-05-28 21:58:23 | Attr = ] @Alternate Data Stream - 109 bytes -> %AllUsersProfile%\Application Data\TEMP:7E95B6FD @Alternate Data Stream - 98 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 $_hpcst$.hpc -> %AppData%\$_hpcst$.hpc -> [Ver = | Size = 2528 bytes | Modified Date = 2008-03-10 16:15:11 | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 2008-05-24 14:27:40 | Attr = ] Grisoft -> %AppData%\Grisoft -> [Folder | Modified Date = 2008-05-24 18:20:24 | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Modified Date = 2008-05-24 19:24:01 | Attr = ] U3 -> %AppData%\U3 -> [Folder | Modified Date = 2008-05-26 20:07:58 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 37000 bytes | Modified Date = 2008-05-24 10:32:45 | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 2008-03-10 19:26:15 | Attr = ] Symantec -> %UserProfile%\Local Settings\Application Data\Symantec -> [Folder | Modified Date = 2008-05-24 10:32:46 | Attr = ] cc_20080524_1700.reg -> %UserProfile%\My Documents\cc_20080524_1700.reg -> [Ver = | Size = 900096 bytes | Modified Date = 2008-05-24 17:02:32 | Attr = ] mbam-setup.exe -> %UserProfile%\My Documents\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1699142 bytes | Modified Date = 2008-05-25 15:25:22 | Attr = ] Combo-Fix.exe -> %UserProfile%\Desktop\Combo-Fix.exe -> [Ver = | Size = 1955424 bytes | Modified Date = 2008-05-26 20:45:56 | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 1955327 bytes | Modified Date = 2008-05-26 08:50:14 | Attr = ] Hijackthis.lnk -> %UserProfile%\Desktop\Hijackthis.lnk -> [Ver = | Size = 660 bytes | Modified Date = 2008-05-25 15:01:24 | Attr = ] OTCleanIt.exe -> %UserProfile%\Desktop\OTCleanIt.exe -> OldTimer Tools [Ver = 1.0.3.1 | Size = 181248 bytes | Modified Date = 2008-05-26 08:48:14 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.2 | Size = 291328 bytes | Modified Date = 2008-05-26 08:48:36 | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 2008-05-28 22:06:10 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 544843 bytes | Modified Date = 2008-05-28 22:00:08 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 2008-05-25 15:25:22 | Attr = ] Oracle -> %CommonProgramFiles%\Oracle -> [Folder | Modified Date = 2008-04-24 21:53:25 | Attr = ] PC Tools -> %CommonProgramFiles%\PC Tools -> [Folder | Modified Date = 2008-05-24 19:21:36 | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 2008-05-26 21:56:23 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 2008-05-25 15:33:05 | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]