[code] OTScanIt logfile created on: 6/7/2008 2:06:24 AM OTScanIt by OldTimer - Version 1.0.15.11 Folder = C:\Documents and Settings\CurtFess\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 383.01 Mb Total Physical Memory | 99.87 Mb Available Physical Memory | 26.07% Memory free 794.88 Mb Paging File | 493.25 Mb Available in Paging File | 62.05% Paging File free Paging file location(s): C:\pagefile.sys 450 570; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.24 Gb Total Space | 10.98 Gb Free Space | 29.48% Space Free | Partition Type: NTFS Drive D: | 480.69 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: UPSTAIRS Current User Name: CurtFess Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 5/26/2008 2:13:58 PM | Attr = ] ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ] navapsvc.exe -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 8.07.17 | Size = 116344 bytes | Modified Date = 2/27/2002 12:29:26 PM | Attr = ] avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.84 | Size = 311576 bytes | Modified Date = 5/26/2008 2:14:01 PM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 8/28/2004 5:48:28 PM | Attr = ] qttask.exe -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2/21/2005 7:29:44 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr = ] avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 5/26/2008 2:13:59 PM | Attr = ] avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 902424 bytes | Modified Date = 5/26/2008 2:13:59 PM | Attr = ] whatpulse.exe -> %ProgramFiles%\WhatPulse\WhatPulse.exe -> WhatPulse.org [Ver = 1, 5, 0, 0 | Size = 665600 bytes | Modified Date = 8/21/2006 1:48:46 PM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/15/2007 12:20:10 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.11 | Size = 397824 bytes | Modified Date = 6/3/2008 6:00:48 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 902424 bytes | Modified Date = 5/26/2008 2:13:59 PM | Attr = ] (avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 5/26/2008 2:13:58 PM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 2:01:00 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/6/2007 9:48:43 PM | Attr = ] (MsSecurity1.209.4) MsSecurity Updated [Win32_Shared | Auto | Stopped] -> %SystemRoot%\b2new.exe -> File not found (navapsvc) Norton AntiVirus Auto Protect Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton AntiVirus\NAVAPSVC.EXE -> Symantec Corporation [Ver = 8.07.17 | Size = 116344 bytes | Modified Date = 2/27/2002 12:29:26 PM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 155715 bytes | Modified Date = 8/11/2006 10:42:50 PM | Attr = ] (SBService) ScriptBlocking Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\Script Blocking\SBServ.exe -> Symantec Corporation [Ver = 1, 1, 0, 126 | Size = 54408 bytes | Modified Date = 8/14/2001 12:18:36 AM | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 5.4.4.17 | Size = 206552 bytes | Modified Date = 1/21/2005 11:32:12 PM | Attr = ] [Driver Services - Non-Microsoft Only] (AVG Anti-Rootkit) AVG Anti-Rootkit [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\avgarkt.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.13 | Size = 5632 bytes | Modified Date = 1/31/2007 9:33:46 AM | Attr = ] (AvgArCln) Avg Anti-Rootkit Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Modified Date = 1/18/2007 8:00:28 AM | Attr = ] (AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 5/26/2008 2:14:21 PM | Attr = ] (AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> %SystemRoot%\system32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 5/26/2008 2:14:18 PM | Attr = ] (AvgTdiX) AVG8 Network Redirector [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.87 | Size = 75272 bytes | Modified Date = 5/26/2008 2:14:28 PM | Attr = ] (ctljystk) Creative SBLive! Gameport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctljystk.sys -> Creative Technology Ltd. [Ver = 5.1.2501.0 built by: WinDDK | Size = 3712 bytes | Modified Date = 8/17/2001 8:19:20 AM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 2:07:17 AM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 2:07:16 AM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/18/2001 8:00:00 AM | Attr = ] (emu10k) Creative SB Live! Value (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\emu10k1f.sys -> Creative Technology Ltd. [Ver = 5.12.01.3511 | Size = 777088 bytes | Modified Date = 9/13/2001 2:09:48 PM | Attr = ] (emu10k1) Creative Interface Manager Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctlface.sys -> Creative Technology Ltd. [Ver = 5.12.01.2110 | Size = 6912 bytes | Modified Date = 7/11/2001 7:34:52 AM | Attr = ] (HCF_MSFT) HCF_MSFT [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HCF_MSFT.sys -> Conexant [Ver = 2.1.2.171.021.003 | Size = 907456 bytes | Modified Date = 8/17/2001 9:28:02 AM | Attr = ] (NAVAP) NAVAP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NAVAP.SYS -> Symantec Corporation [Ver = 8.0.0.00 | Size = 184416 bytes | Modified Date = 1/5/2004 1:38:02 PM | Attr = ] (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20050223.007\NAVENG.SYS -> Symantec Corporation [Ver = 2004.4.0.15 | Size = 73728 bytes | Modified Date = 2/23/2005 5:00:00 AM | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20050223.007\NAVEX15.SYS -> Symantec Corporation [Ver = 2004.4.0.15 | Size = 631040 bytes | Modified Date = 2/23/2005 5:00:00 AM | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 3958496 bytes | Modified Date = 8/11/2006 10:42:42 PM | Attr = ] (nv4) nv4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4.sys -> NVIDIA Corporation [Ver = 5.01.2001.1240 (ReleasedBinaries.010717-0141) | Size = 731648 bytes | Modified Date = 8/17/2001 8:50:26 AM | Attr = ] (OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> Dell Computer Corporation [Ver = 1, 0, 0, 0 | Size = 10368 bytes | Modified Date = 5/14/2001 7:15:40 PM | Attr = ] (PfModNT) PfModNT [Kernel | Auto | Running] -> %SystemRoot%\system32\PfModNT.sys -> Creative Technology Ltd. [Ver = 2.0.0.0 | Size = 6752 bytes | Modified Date = 12/17/1999 2:00:00 AM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/18/2001 8:00:00 AM | Attr = ] (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/4/2004 2:31:32 AM | Attr = ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 AM | Attr = ] (sfman) Creative SoundFont Manager Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sfman.sys -> Creative Technology Ltd. [Ver = 4.10.3302 | Size = 36992 bytes | Modified Date = 8/31/2001 9:37:58 AM | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.2.2.11 | Size = 73496 bytes | Modified Date = 5/27/2003 1:00:34 PM | Attr = ] (SYMREDRV) SYMREDRV [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\symredrv.sys -> Symantec Corporation [Ver = 5.4.4.17 | Size = 26424 bytes | Modified Date = 1/21/2005 11:31:48 PM | Attr = ] (SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> Symantec Corporation [Ver = 5.4.4.17 | Size = 267384 bytes | Modified Date = 1/21/2005 11:31:50 PM | Attr = ] (Winachcf) Winachcf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\winachcf.sys -> Conexant [Ver = 2.1.2.171.025 | Size = 737973 bytes | Modified Date = 8/13/2001 5:17:34 PM | Attr = ] (XTrapD12) XTrapD12 [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Legend Of Ares\\XTrap\XTrapD12.sys -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 5/26/2008 2:13:59 PM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 7630848 bytes | Modified Date = 8/11/2006 10:43:02 PM | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9147 | Size = 86016 bytes | Modified Date = 8/11/2006 10:43:04 PM | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [Ver = | Size = 1519616 bytes | Modified Date = 8/11/2006 10:43:00 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 6.5.1 | Size = 98304 bytes | Modified Date = 2/21/2005 7:29:44 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3208 | Size = 180269 bytes | Modified Date = 8/28/2004 5:48:28 PM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/15/2007 12:20:10 PM | Attr = ] WhatPulse -> %ProgramFiles%\WhatPulse\WhatPulse.exe [C:\Program Files\WhatPulse\WhatPulse.exe] -> WhatPulse.org [Ver = 1, 5, 0, 0 | Size = 665600 bytes | Modified Date = 8/21/2006 1:48:46 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < CurtFess Startup Folder > -> C:\Documents and Settings\CurtFess\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 5/26/2008 2:14:30 PM | Attr = ] *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> zwebauth.dll -> %SystemRoot%\system32\ZWebAuth.dll -> [Ver = | Size = 16973 bytes | Modified Date = 9/18/2001 6:37:34 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoBackButton -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\comdlg32\\NoFileMru -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> _ [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 1:59:52 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRom_NEC_DV-5800A___________________________1.0A____\5&2dcfb49&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRom_NEC_NR-7800A___________________________1.0B____\5&2dcfb49&0&0.1.0 -> < Drives - Autoruns > -> -> autoplay.exe [MZ | ] -> D:\autoplay.exe [ CDFS ] -> [Ver = | Size = 61440 bytes | Modified Date = 5/18/2003 2:54:20 PM | Attr = R ] autorun.inf [[autorun] | open=autoplay.exe | icon=appicon.ico | | ] -> D:\autorun.inf [ CDFS ] -> [Ver = | Size = 50 bytes | Modified Date = 2/12/2003 3:01:48 AM | Attr = R ] < HOSTS File > (1166 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.msn.com/ -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: URLSearchHooks\\{707E6F76-9FFB-4920-A976-EA101271BC25} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found HKEY_LOCAL_MACHINE\: ProxyEnable -> [binary data] -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/ -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. -> .[msn] -> My Computer -> 4 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 3/2/2001 12:02:04 PM | Attr = ] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.90 | Size = 419096 bytes | Modified Date = 5/26/2008 2:14:06 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar5.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 3, 0, 1225, 9868 | Size = 734704 bytes | Modified Date = 4/8/2008 6:44:28 PM | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {1212BCB8-67DD-475e-8025-9D2198FB8F61} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QdrDrive\QdrDrive15.dll [Internet Speed Monitor] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar5.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Norton AntiVirus\NAVSHEXT.DLL [Norton AntiVirus] -> Symantec Corporation [Ver = 8.07.17 | Size = 102400 bytes | Modified Date = 2/27/2002 12:07:30 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar5.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar5.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/20/2007 12:55:32 AM | Attr = R ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {2FDEF853-0759-11D4-A92E-006097DBED37}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Encarta Encyclopedia] -> File not found {5DA9DE80-097A-11D4-A92E-006097DBED37}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Define] -> File not found {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM95\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 6/2/2005 1:34:34 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{2FDEF853-0759-11D4-A92E-006097DBED37} [HKEY_LOCAL_MACHINE] -> [Encarta Encyclopedia] -> File not found CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{49783ED4-258D-4f9f-BE11-137C18D3E543} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5DA9DE80-097A-11D4-A92E-006097DBED37} [HKEY_LOCAL_MACHINE] -> [Define] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM95\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 6/2/2005 1:34:34 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Define -> %CommonProgramFiles%\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM -> [Ver = | Size = 1408 bytes | Modified Date = 7/7/2000 5:48:00 PM | Attr = ] Look Up in &Encyclopedia -> %CommonProgramFiles%\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM -> [Ver = | Size = 1412 bytes | Modified Date = 7/7/2000 5:48:00 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> Extension\.spop -> %ProgramFiles%\Internet Explorer\PLUGINS\NPDocBox.dll [] -> InterTrust Technologies Corporation, Inc. [Ver = 1.0.30.95 | Size = 225280 bytes | Modified Date = 1/30/2001 1:56:24 PM | Attr = ] < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> Q312461 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {30A07809-6442-40A0-9178-D2AF120C61F3} -> (Westell WireSpeed Dual Connect Modem) -> {EFF8BFD1-1A55-4C9F-ABBC-3DE992BE11F9} -> (Realtek RTL8139 Family PCI Fast Ethernet NIC) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 5/26/2008 2:14:12 PM | Attr = ] msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> text/html:{07851C6A-1C43-41d9-8319-BC89154A8C00}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\RcvSystem\httpdchk.dll[Reg Error: Value does not exist or could not be read.] -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[QuickTime Object] -> {0E5F0222-96B9-11D3-8997-00104BD12D94}[HKEY_LOCAL_MACHINE] -> http://pcpitstop.com/pcpitstop/PCPitStop.CAB[PCPitstop Utility] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}[HKEY_LOCAL_MACHINE] -> http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15.cab[Reg Error: Key does not exist or could not be opened.] -> {288C5F13-7E52-4ADA-A32E-F5BF9D125F99}[HKEY_LOCAL_MACHINE] -> http://www.miniclip.com/supergerball/miniclipGameLoader.dll[CR64Loader Object] -> {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}[HKEY_LOCAL_MACHINE] -> http://download.yahoo.com/dl/installs/yinst0401.cab[YInstStarter Class] -> {33564D57-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab[Reg Error: Key does not exist or could not be opened.] -> {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}[HKEY_LOCAL_MACHINE] -> http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab[FilePlanet Download Control Class] -> {54823A9D-6BAE-11D5-B519-0050BA2413EB}[HKEY_LOCAL_MACHINE] -> http://www.cyberlink.com/winxp/CheckDVD.cab[ChkDVDCtl Class] -> {67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[Reg Error: Key does not exist or could not be opened.] -> {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A}[HKEY_LOCAL_MACHINE] -> http://www.acclaim.com/cabs/acclaim_v5.cab[GameLauncher Control] -> {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B}[HKEY_LOCAL_MACHINE] -> https://www.gamespyid.com/alaunch.cab[GSDACtl Class] -> {77E32299-629F-43C6-AB77-6A1E6D7663F6}[HKEY_LOCAL_MACHINE] -> http://www.nick.com/common/groove/gx/GrooveAX25.cab[Reg Error: Key does not exist or could not be opened.] -> {79B96C72-C0D0-4DC8-BC7E-9F314A918228}[HKEY_LOCAL_MACHINE] -> http://ak.imgfarm.com/images/nocache/myspeedbar/myinitialsetup1.0.0.7.cab[Reg Error: Key does not exist or could not be opened.] -> {7A32634B-029C-4836-A023-528983982A49}[HKEY_LOCAL_MACHINE] -> http://fdl.msn.com/public/chat/msnchat42.cab[Reg Error: Key does not exist or could not be opened.] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {9F1C11AA-197B-4942-BA54-47A8489BB47F}[HKEY_LOCAL_MACHINE] -> http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38041.4426157407[Reg Error: Key does not exist or could not be opened.] -> {B9191F79-5613-4C76-AA2A-398534BB8999}[HKEY_LOCAL_MACHINE] -> http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab[Reg Error: Key does not exist or could not be opened.] -> {B942A249-D1E7-4C11-98AE-FCB76B08747F}[HKEY_LOCAL_MACHINE] -> http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab[RealArcadeRdxIE Class] -> {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9}[HKEY_LOCAL_MACHINE] -> http://www.windowsecurity.com/trojanscan/axscan.cab[ASquaredScanForm Element] -> {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3}[HKEY_LOCAL_MACHINE] -> http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe[Virtools WebPlayer Class] -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}[HKEY_LOCAL_MACHINE] -> http://chat.msn.com/bin/msnchat45.cab[MSN Chat Control 4.5] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/axscan.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/axscan.ocx\\.Owner -> {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/axscan.ocx\\{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BridgeX.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BridgeX.dll\\.Owner -> {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BridgeX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ChkDVD.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ChkDVD.dll\\.Owner -> {54823A9D-6BAE-11D5-B519-0050BA2413EB} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ChkDVD.dll\\{54823A9D-6BAE-11D5-B519-0050BA2413EB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DiskFAU.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FilePlanetDownloadCtrl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FilePlanetDownloadCtrl.dll\\.Owner -> {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FilePlanetDownloadCtrl.dll\\{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GameLauncher.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GameLauncher.ocx\\.Owner -> {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GameLauncher.ocx\\{69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\\.Owner -> {77E32299-629F-43C6-AB77-6A1E6D7663F6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\\{77E32299-629F-43C6-AB77-6A1E6D7663F6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gsda.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gsda.dll\\.Owner -> {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gsda.dll\\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/miniclipGameLoader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/miniclipGameLoader.dll\\.Owner -> {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/miniclipGameLoader.dll\\{288C5F13-7E52-4ADA-A32E-F5BF9D125F99} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSNChat42.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSNChat42.ocx\\.Owner -> {7A32634B-029C-4836-A023-528983982A49} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSNChat42.ocx\\{7A32634B-029C-4836-A023-528983982A49} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSNChat45.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSNChat45.ocx\\.Owner -> {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MSNChat45.ocx\\{F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PCPitstop.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RealArcadeRdxIE.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RealArcadeRdxIE.dll\\.Owner -> {B942A249-D1E7-4C11-98AE-FCB76B08747F} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RealArcadeRdxIE.dll\\{B942A249-D1E7-4C11-98AE-FCB76B08747F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\\.Owner -> {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/yinsthelper.dll\\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuctl.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/iuengine.dll\\{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ObjSafe.tlb\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ObjSafe.tlb\\.Owner -> {E0CE16CB-741C-4B24-8D04-A817856E07F4} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ObjSafe.tlb\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/pcpbios.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/pcpbios.exe\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/pcpbios.exe\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/sysres.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/sysres.dll\\.Owner -> {0E5F0222-96B9-11D3-8997-00104BD12D94} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/sysres.dll\\{0E5F0222-96B9-11D3-8997-00104BD12D94} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/wupdt.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/wupdt.exe\\.Owner -> {556DDE35-E955-11D0-A707-000000521958} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/wupdt.exe\\{556DDE35-E955-11D0-A707-000000521958} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 12:37:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 700 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 3:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> A6 B5 A6 1C 33 17 2A 99 21 34 41 CF 3A AA 0E A7 37 38 63 61 66 32 30 66 00 68 07 00 01 00 00 00 DC 00 00 00 E0 00 00 00 48 FA 06 00 97 55 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 E4 83 4B 7C [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 05 B0 B1 32 21 3B 74 A8 F7 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 97 58 0B D6 94 2E [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 59 CE 98 C1 B1 1E DC 70 20 19 C0 68 CD 2A 17 8E [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 64 F0 B6 47 A3 89 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 6F E3 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Name -> ZWebAuth -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Comment -> MSN Gaming Zone SSP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Capabilities -> 48 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\TokenSize -> 44 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Time -> 00 CB 62 82 92 40 C1 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 18221 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM95\aim.exe -> %ProgramFiles%\AIM95\aim.exe [C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 6/2/2005 1:34:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0] -> Microsoft Corporation [Ver = 7.0.0813 | Size = 6856704 bytes | Modified Date = 4/27/2005 1:04:08 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:56:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Warcraft III\war3.exe -> %ProgramFiles%\Warcraft III\war3.exe [C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III] -> Blizzard Entertainment [Ver = 1, 21, 0, 6263 | Size = 1572307 bytes | Modified Date = 12/28/2006 4:35:21 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 12:24:37 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YPager.exe -> %ProgramFiles%\Yahoo!\Messenger\YPager.exe [C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> RealNetworks, Inc. [Ver = 6.0.12.1040 | Size = 204845 bytes | Modified Date = 8/28/2004 5:48:47 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM95\AIM95_c0\aim.exe -> %ProgramFiles%\AIM95\AIM95_c0\aim.exe [C:\Program Files\AIM95\AIM95_c0\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM95\AIM95_c1\aim.exe -> %ProgramFiles%\AIM95\AIM95_c1\aim.exe [C:\Program Files\AIM95\AIM95_c1\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM95\AIM95_c2\aim.exe -> %ProgramFiles%\AIM95\AIM95_c2\aim.exe [C:\Program Files\AIM95\AIM95_c2\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM95\AIM95_c3\aim.exe -> %ProgramFiles%\AIM95\AIM95_c3\aim.exe [C:\Program Files\AIM95\AIM95_c3\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM95\AIM95_c4\aim.exe -> %ProgramFiles%\AIM95\AIM95_c4\aim.exe [C:\Program Files\AIM95\AIM95_c4\aim.exe:*:Enabled:AOL Instant Messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\Steam.exe -> %ProgramFiles%\Steam\Steam.exe [C:\Program Files\Steam\Steam.exe:*:Enabled:Steam] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\mopardudeguy@aol.com\condition zero\hl.exe -> %ProgramFiles%\Steam\SteamApps\mopardudeguy@aol.com\condition zero\hl.exe [C:\Program Files\Steam\SteamApps\mopardudeguy@aol.com\condition zero\hl.exe:*:Enabled:Half-Life Launcher] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\mopardudeguy@aol.com\counter-strike source beta\hl2.exe -> %ProgramFiles%\Steam\SteamApps\mopardudeguy@aol.com\counter-strike source beta\hl2.exe [C:\Program Files\Steam\SteamApps\mopardudeguy@aol.com\counter-strike source beta\hl2.exe:*:Enabled:hl2] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Integrity Messenger\messenger.exe -> %ProgramFiles%\Integrity Messenger\messenger.exe [C:\Program Files\Integrity Messenger\messenger.exe:*:Enabled:messenger] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\mopardudeguy@aol.com\half-life\hl.exe -> %ProgramFiles%\Steam\SteamApps\mopardudeguy@aol.com\half-life\hl.exe [C:\Program Files\Steam\SteamApps\mopardudeguy@aol.com\half-life\hl.exe:*:Enabled:Half-Life Launcher] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Atari-Infogrames\RiskII\RiskII.exe -> %ProgramFiles%\Atari-Infogrames\RiskII\RiskII.exe [C:\Program Files\Atari-Infogrames\RiskII\RiskII.exe:*:Enabled:Risk II] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Atari-Infogrames\Civilization III Gold Edition\Civ3PTW\Civilization3x.exe -> %ProgramFiles%\Atari-Infogrames\Civilization III Gold Edition\Civ3PTW\Civilization3x.exe [C:\Program Files\Atari-Infogrames\Civilization III Gold Edition\Civ3PTW\Civilization3x.exe:*:Enabled:Civilization3X] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Steam\SteamApps\mopardudeguy@aol.com\counter-strike\hl.exe -> %ProgramFiles%\Steam\SteamApps\mopardudeguy@aol.com\counter-strike\hl.exe [C:\Program Files\Steam\SteamApps\mopardudeguy@aol.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\CurtFess\Desktop\WoWMovieDownloader-EnUS.exe -> %UserProfile%\Desktop\WoWMovieDownloader-EnUS.exe [C:\Documents and Settings\CurtFess\Desktop\WoWMovieDownloader-EnUS.exe:*:Enabled:Blizzard Downloader] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Amercaindancer\Local Settings\Temp\~os1E.tmp\ossproxy.exe -> %SystemDrive%\Documents and Settings\Amercaindancer\Local Settings\Temp\~os1E.tmp\ossproxy.exe [C:\Documents and Settings\Amercaindancer\Local Settings\Temp\~os1E.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Amercaindancer\Local Settings\Temp\~os38.tmp\ossproxy.exe -> %SystemDrive%\Documents and Settings\Amercaindancer\Local Settings\Temp\~os38.tmp\ossproxy.exe [C:\Documents and Settings\Amercaindancer\Local Settings\Temp\~os38.tmp\ossproxy.exe:*:Enabled:ossproxy.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM95\aim.exe -> %ProgramFiles%\AIM95\aim.exe [C:\Program Files\AIM95\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.3797 | Size = 67160 bytes | Modified Date = 6/2/2005 1:34:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0] -> Microsoft Corporation [Ver = 7.0.0813 | Size = 6856704 bytes | Modified Date = 4/27/2005 1:04:08 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 5:22:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kazaa\kazaa.exe -> %ProgramFiles%\Kazaa\kazaa.exe [C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\mIRC\mirc.exe -> %ProgramFiles%\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Amercaindancer\My Documents\Warcraft III\Warcraft III.exe -> %SystemDrive%\Documents and Settings\Amercaindancer\My Documents\Warcraft III\Warcraft III.exe [C:\Documents and Settings\Amercaindancer\My Documents\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\NetStorm\netstorm.exe -> %SystemDrive%\NetStorm\netstorm.exe [C:\NetStorm\netstorm.exe:*:Enabled:netstorm] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\NetstormLaunch\package\netstorm.exe -> %ProgramFiles%\NetstormLaunch\package\Netstorm.exe [C:\Program Files\NetstormLaunch\package\netstorm.exe:*:Enabled:netstorm] -> [Ver = | Size = 1552384 bytes | Modified Date = 12/5/2007 3:40:01 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Softnyx\Rakion\Bin\Rakion.bin -> %ProgramFiles%\Softnyx\Rakion\Bin\Rakion.bin [C:\Program Files\Softnyx\Rakion\Bin\Rakion.bin:*:Enabled:Rakion] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [Ver = | Size = 13261992 bytes | Modified Date = 4/19/2005 4:10:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe -> %ProgramFiles%\SmartFTP Client 2.0\SmartFTP.exe [C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe -> %ProgramFiles%\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\NetStorm\r.exe -> %SystemDrive%\NetStorm\r.exe [C:\NetStorm\r.exe:*:Disabled:r] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\c:\windows\system32\rk.exe -> %SystemRoot%\system32\rk.exe [c:\windows\system32\rk.exe:*:Disabled:rk.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidnm.exe -> %SystemRoot%\system32\SolidStateNetworks\SolidStateION\solidnm.exe [C:\WINDOWS\system32\SolidStateNetworks\SolidStateION\solidnm.exe:*:Enabled:Solid State Networks Browser Plugin] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe -> %ProgramFiles%\Atari\Neverwinter Nights 2\nwn2main.exe [C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe -> %ProgramFiles%\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe [C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe -> %ProgramFiles%\Atari\Neverwinter Nights 2\nwupdate.exe [C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe -> %ProgramFiles%\Atari\Neverwinter Nights 2\nwn2server.exe [C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 8:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> %ProgramFiles%\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 796440 bytes | Modified Date = 5/26/2008 2:13:59 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 902424 bytes | Modified Date = 5/26/2008 2:13:59 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3724:TCP -> 3724:TCP:*:Enabled:Blizzard Downloader -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6112:TCP -> 6112:TCP:*:Enabled:Blizzard Downloader -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9842:TCP -> 9842:TCP:*:Enabled:SolidNetworkManager -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9842:UDP -> 9842:UDP:*:Enabled:SolidNetworkManager -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{30A07809-6442-40A0-9178-D2AF120C61F3} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> 0 -> [Files/Folders - Created Within 30 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Created Date = 5/26/2008 2:35:08 PM | Attr = H ] 1 C:\*.tmp files -> C:\*.tmp -> 1.reg -> %SystemDrive%\1.reg -> [Ver = | Size = 448 bytes | Created Date = 5/25/2008 4:37:01 AM | Attr = ] Avenger -> %SystemDrive%\Avenger -> [Folder | Created Date = 5/25/2008 4:03:56 AM | Attr = ] avexport.bat -> %SystemDrive%\avexport.bat -> [Ver = | Size = 285 bytes | Created Date = 5/25/2008 4:37:01 AM | Attr = ] BFU -> %SystemDrive%\BFU -> [Folder | Created Date = 5/24/2008 11:43:35 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 5/24/2008 12:27:50 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 401686528 bytes | Created Date = 5/24/2008 11:57:36 PM | Attr = HS] registrybackup.reg -> %SystemDrive%\registrybackup.reg -> [Ver = | Size = 80758520 bytes | Created Date = 5/25/2008 6:06:42 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 5/27/2008 4:17:35 AM | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Created Date = 5/26/2008 2:14:14 PM | Attr = ] avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 6061540 bytes | Created Date = 5/26/2008 2:14:14 PM | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 24384910 bytes | Created Date = 5/26/2008 2:14:14 PM | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 71465 bytes | Created Date = 5/26/2008 2:14:14 PM | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 838585 bytes | Created Date = 5/26/2008 2:14:14 PM | Attr = ] AvgArCln.sys -> %SystemRoot%\System32\drivers\AvgArCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 5/26/2008 2:17:56 PM | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Created Date = 5/26/2008 2:14:21 PM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Created Date = 5/26/2008 2:14:18 PM | Attr = ] avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.87 | Size = 75272 bytes | Created Date = 5/26/2008 2:14:28 PM | Attr = ] afntaqis.ini -> %SystemRoot%\System32\afntaqis.ini -> [Ver = | Size = 2756788 bytes | Created Date = 5/15/2008 5:07:33 PM | Attr = HS] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Created Date = 5/26/2008 2:14:30 PM | Attr = ] BcLlonpo.ini -> %SystemRoot%\System32\BcLlonpo.ini -> [Ver = | Size = 26038 bytes | Created Date = 5/22/2008 9:30:58 AM | Attr = HS] BKQAyJlm.ini -> %SystemRoot%\System32\BKQAyJlm.ini -> [Ver = | Size = 1009135 bytes | Created Date = 5/19/2008 4:05:20 PM | Attr = HS] cLorBJjl.ini -> %SystemRoot%\System32\cLorBJjl.ini -> [Ver = | Size = 1065 bytes | Created Date = 5/16/2008 8:51:10 PM | Attr = HS] cmvbuqxd.ini -> %SystemRoot%\System32\cmvbuqxd.ini -> [Ver = | Size = 1504983 bytes | Created Date = 5/11/2008 8:46:12 AM | Attr = HS] drcltsmg.ini -> %SystemRoot%\System32\drcltsmg.ini -> [Ver = | Size = 1485879 bytes | Created Date = 5/19/2008 2:57:28 AM | Attr = HS] en-US -> %SystemRoot%\System32\en-US -> [Folder | Created Date = 5/10/2008 8:32:06 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> F?nts -> %SystemRoot%\System32\Fοnts -> [Folder | Modified Date = 10/11/2006 6:20:24 PM | Attr = ] gepoyxgv.ini -> %SystemRoot%\System32\gepoyxgv.ini -> [Ver = | Size = 1505729 bytes | Created Date = 5/20/2008 3:12:19 PM | Attr = HS] gplhhdha.ini -> %SystemRoot%\System32\gplhhdha.ini -> [Ver = | Size = 1469030 bytes | Created Date = 5/16/2008 8:57:43 PM | Attr = HS] gQYFPXyb.ini -> %SystemRoot%\System32\gQYFPXyb.ini -> [Ver = | Size = 7915 bytes | Created Date = 5/10/2008 2:25:41 PM | Attr = HS] hPVCKRqr.ini -> %SystemRoot%\System32\hPVCKRqr.ini -> [Ver = | Size = 7246 bytes | Created Date = 5/10/2008 9:45:45 PM | Attr = HS] HPXGNXbc.ini -> %SystemRoot%\System32\HPXGNXbc.ini -> [Ver = | Size = 1351995 bytes | Created Date = 5/16/2008 5:38:05 PM | Attr = HS] HQsuvyxx.ini -> %SystemRoot%\System32\HQsuvyxx.ini -> [Ver = | Size = 1006431 bytes | Created Date = 5/17/2008 8:08:06 AM | Attr = HS] itphroku.ini -> %SystemRoot%\System32\itphroku.ini -> [Ver = | Size = 1417430 bytes | Created Date = 5/23/2008 8:22:55 PM | Attr = HS] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 5/25/2008 3:55:00 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Created Date = 5/25/2008 3:55:00 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 5/25/2008 3:55:00 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Created Date = 5/25/2008 3:55:00 AM | Attr = ] jklSYJjl.ini -> %SystemRoot%\System32\jklSYJjl.ini -> [Ver = | Size = 1011424 bytes | Created Date = 5/19/2008 6:57:03 PM | Attr = HS] kqljhjah.ini -> %SystemRoot%\System32\kqljhjah.ini -> [Ver = | Size = 1468910 bytes | Created Date = 5/18/2008 2:56:53 AM | Attr = HS] ksdmcllj.ini -> %SystemRoot%\System32\ksdmcllj.ini -> [Ver = | Size = 1468970 bytes | Created Date = 5/16/2008 5:41:31 PM | Attr = HS] KSYccMoq.ini -> %SystemRoot%\System32\KSYccMoq.ini -> [Ver = | Size = 1041515 bytes | Created Date = 5/11/2008 8:34:12 AM | Attr = HS] lgqmkgwv.ini -> %SystemRoot%\System32\lgqmkgwv.ini -> [Ver = | Size = 1496212 bytes | Created Date = 5/19/2008 4:06:28 PM | Attr = HS] lt.res -> %SystemRoot%\System32\lt.res -> [Ver = | Size = 251 bytes | Created Date = 5/10/2008 2:25:06 PM | Attr = ] mUBJjkkj.ini -> %SystemRoot%\System32\mUBJjkkj.ini -> [Ver = | Size = 885749 bytes | Created Date = 5/21/2008 2:49:15 PM | Attr = HS] mukvbiaj.ini -> %SystemRoot%\System32\mukvbiaj.ini -> [Ver = | Size = 1469090 bytes | Created Date = 5/17/2008 9:59:58 PM | Attr = HS] mVvFOXbc.ini -> %SystemRoot%\System32\mVvFOXbc.ini -> [Ver = | Size = 1023416 bytes | Created Date = 5/20/2008 3:05:55 PM | Attr = HS] M?crosoft -> %SystemRoot%\System32\Mіcrosoft -> [Folder | Modified Date = 1/4/2007 12:52:16 PM | Attr = ] M?crosoft.NET -> %SystemRoot%\System32\Mіcrosoft.NET -> [Folder | Modified Date = 7/20/2006 2:45:36 PM | Attr = ] pooonnpo.ini -> %SystemRoot%\System32\pooonnpo.ini -> [Ver = | Size = 1344014 bytes | Created Date = 5/18/2008 2:53:37 AM | Attr = HS] qYadfMoq.ini -> %SystemRoot%\System32\qYadfMoq.ini -> [Ver = | Size = 1443 bytes | Created Date = 5/15/2008 1:51:15 PM | Attr = HS] rggvhlmo.ini -> %SystemRoot%\System32\rggvhlmo.ini -> [Ver = | Size = 1551849 bytes | Created Date = 5/11/2008 2:36:30 PM | Attr = HS] rgxkpevp.ini -> %SystemRoot%\System32\rgxkpevp.ini -> [Ver = | Size = 1389545 bytes | Created Date = 5/21/2008 2:52:32 PM | Attr = HS] sft.res -> %SystemRoot%\System32\sft.res -> [Ver = | Size = 7138 bytes | Created Date = 5/10/2008 2:22:41 PM | Attr = ] ssiknqii.ini -> %SystemRoot%\System32\ssiknqii.ini -> [Ver = | Size = 1496152 bytes | Created Date = 5/19/2008 7:09:20 PM | Attr = HS] stuvGfhk.ini -> %SystemRoot%\System32\stuvGfhk.ini -> [Ver = | Size = 395 bytes | Created Date = 5/16/2008 4:25:01 PM | Attr = HS] s?mbols -> %SystemRoot%\System32\sуmbols -> [Folder | Modified Date = 2/18/2006 8:08:13 AM | Attr = ] TuxEOqru.ini -> %SystemRoot%\System32\TuxEOqru.ini -> [Ver = | Size = 901681 bytes | Created Date = 5/22/2008 8:16:30 PM | Attr = HS] T?sks -> %SystemRoot%\System32\Tаsks -> [Folder | Modified Date = 4/7/2006 8:36:41 PM | Attr = ] UFeLnnmp.ini -> %SystemRoot%\System32\UFeLnnmp.ini -> [Ver = | Size = 1346133 bytes | Created Date = 5/17/2008 9:44:50 PM | Attr = HS] usyayvpf.ini -> %SystemRoot%\System32\usyayvpf.ini -> [Ver = | Size = 1496212 bytes | Created Date = 5/19/2008 3:03:48 PM | Attr = HS] vsgtebqs.ini -> %SystemRoot%\System32\vsgtebqs.ini -> [Ver = | Size = 1469150 bytes | Created Date = 5/17/2008 8:20:22 AM | Attr = HS] wxFOVvut.ini -> %SystemRoot%\System32\wxFOVvut.ini -> [Ver = | Size = 1050209 bytes | Created Date = 5/11/2008 2:33:23 PM | Attr = HS] W?nSxS -> %SystemRoot%\System32\WіnSxS -> [Folder | Modified Date = 3/14/2006 2:20:56 PM | Attr = ] xyfudhnm.ini -> %SystemRoot%\System32\xyfudhnm.ini -> [Ver = | Size = 1551969 bytes | Created Date = 5/15/2008 1:55:25 PM | Attr = HS] yatmccrm.ini -> %SystemRoot%\System32\yatmccrm.ini -> [Ver = | Size = 1469030 bytes | Created Date = 5/17/2008 4:12:48 PM | Attr = HS] ynvulvoc.ini -> %SystemRoot%\System32\ynvulvoc.ini -> [Ver = | Size = 2161760 bytes | Created Date = 5/15/2008 6:40:24 PM | Attr = HS] ?ecurity -> %SystemRoot%\System32\ѕecurity -> [Folder | Modified Date = 3/28/2006 8:32:23 PM | Attr = ] ??mantec -> %SystemRoot%\System32\Ѕуmantec -> [Folder | Modified Date = 4/18/2006 2:37:42 PM | Attr = ] ?ssembly -> %SystemRoot%\System32\аssembly -> [Folder | Modified Date = 4/26/2006 3:41:44 PM | Attr = ] ??sembly -> %SystemRoot%\System32\аѕsembly -> [Folder | Modified Date = 9/22/2006 2:53:52 PM | Attr = ] ?racle -> %SystemRoot%\System32\Оracle -> [Folder | Modified Date = 9/17/2006 11:44:57 AM | Attr = ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 5/10/2008 8:27:42 PM | Attr = H ] 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 5/10/2008 8:26:15 PM | Attr = H ] a?sembly -> %SystemRoot%\aѕsembly -> [Folder | Modified Date = 4/6/2006 6:56:22 PM | Attr = ] A?pPatch -> %SystemRoot%\AрpPatch -> [Folder | Modified Date = 3/1/2007 11:09:03 PM | Attr = ] BMf310f7b0.xml -> %SystemRoot%\BMf310f7b0.xml -> [Ver = | Size = 109850 bytes | Created Date = 5/11/2008 8:35:43 AM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 5/24/2008 12:28:26 PM | Attr = ] F?nts -> %SystemRoot%\Fοnts -> [Folder | Modified Date = 8/17/2006 6:27:49 PM | Attr = ] F?nts -> %SystemRoot%\Fоnts -> [Folder | Modified Date = 1/23/2007 9:41:24 PM | Attr = ] homepage.html -> %SystemRoot%\homepage.html -> [Ver = | Size = 1294 bytes | Created Date = 5/10/2008 2:25:06 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 5/10/2008 8:29:03 PM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 5/10/2008 8:48:29 PM | Attr = ] index.html -> %SystemRoot%\index.html -> [Ver = | Size = 1906 bytes | Created Date = 5/10/2008 2:22:41 PM | Attr = ] mainms.vpi -> %SystemRoot%\mainms.vpi -> [Ver = | Size = 138 bytes | Created Date = 5/10/2008 2:21:22 PM | Attr = RHS] megavid.cdt -> %SystemRoot%\megavid.cdt -> [Ver = | Size = 4 bytes | Created Date = 5/10/2008 2:20:48 PM | Attr = RHS] muotr.so -> %SystemRoot%\muotr.so -> [Ver = | Size = 33 bytes | Created Date = 5/10/2008 2:20:43 PM | Attr = RHS] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 5/10/2008 8:20:58 PM | Attr = ] promo1.html -> %SystemRoot%\promo1.html -> [Ver = | Size = 283 bytes | Created Date = 5/10/2008 2:25:07 PM | Attr = ] promo2.html -> %SystemRoot%\promo2.html -> [Ver = | Size = 283 bytes | Created Date = 5/10/2008 2:25:09 PM | Attr = ] promo3.html -> %SystemRoot%\promo3.html -> [Ver = | Size = 283 bytes | Created Date = 5/10/2008 2:25:09 PM | Attr = ] promo4.html -> %SystemRoot%\promo4.html -> [Ver = | Size = 500 bytes | Created Date = 5/10/2008 2:25:10 PM | Attr = ] promo5.html -> %SystemRoot%\promo5.html -> [Ver = | Size = 478 bytes | Created Date = 5/10/2008 2:25:11 PM | Attr = ] promo6.html -> %SystemRoot%\promo6.html -> [Ver = | Size = 507 bytes | Created Date = 5/10/2008 2:25:11 PM | Attr = ] promogif1.gif -> %SystemRoot%\promogif1.gif -> [Ver = | Size = 24351 bytes | Created Date = 5/10/2008 2:25:07 PM | Attr = ] promogif2.gif -> %SystemRoot%\promogif2.gif -> [Ver = | Size = 24066 bytes | Created Date = 5/10/2008 2:25:09 PM | Attr = ] promogif3.gif -> %SystemRoot%\promogif3.gif -> [Ver = | Size = 57546 bytes | Created Date = 5/10/2008 2:25:10 PM | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Created Date = 5/11/2008 8:35:45 AM | Attr = ] s?stem32 -> %SystemRoot%\sуstem32 -> [Folder | Modified Date = 2/21/2006 1:24:24 PM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 5/10/2008 8:32:09 PM | Attr = ] ?dobe -> %SystemRoot%\Αdobe -> [Folder | Modified Date = 1/22/2007 5:03:02 PM | Attr = ] ??crosoft.NET -> %SystemRoot%\Μіcrosoft.NET -> [Folder | Modified Date = 11/10/2006 12:02:20 PM | Attr = ] ?racle -> %SystemRoot%\Οracle -> [Folder | Modified Date = 5/27/2006 8:31:03 AM | Attr = ] ?asks -> %SystemRoot%\Τasks -> [Folder | Modified Date = 6/2/2006 8:07:47 PM | Attr = ] ?ystem32 -> %SystemRoot%\ѕystem32 -> [Folder | Modified Date = 2/15/2006 3:09:40 PM | Attr = ] ??stem32 -> %SystemRoot%\ѕуstem32 -> [Folder | Modified Date = 3/31/2006 5:58:08 PM | Attr = ] ?icrosoft -> %SystemRoot%\Мicrosoft -> [Folder | Modified Date = 2/20/2006 9:55:59 AM | Attr = ] ?icrosoft.NET -> %SystemRoot%\Мicrosoft.NET -> [Folder | Modified Date = 5/28/2006 8:46:49 AM | Attr = ] ?racle -> %SystemRoot%\Оracle -> [Folder | Modified Date = 3/11/2006 1:03:12 PM | Attr = ] ?asks -> %SystemRoot%\Тasks -> [Folder | Modified Date = 3/9/2006 5:50:56 PM | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Created Date = 5/26/2008 3:02:58 PM | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Created Date = 5/26/2008 2:13:55 PM | Attr = ] BFU -> %UserProfile%\My Documents\BFU -> [Folder | Created Date = 5/24/2008 11:42:54 PM | Attr = ] AVG Anti-Rootkit Free.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Rootkit Free.lnk -> [Ver = | Size = 828 bytes | Created Date = 5/26/2008 2:17:57 PM | Attr = ] AVG Free 8.0.lnk -> %AllUsersProfile%\Desktop\AVG Free 8.0.lnk -> [Ver = | Size = 1507 bytes | Created Date = 5/26/2008 2:14:31 PM | Attr = ] Amercaindancer -> %UserProfile%\Desktop\Amercaindancer -> [Folder | Created Date = 6/7/2008 2:00:19 AM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 5/25/2008 3:57:38 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier avenger -> %UserProfile%\Desktop\avenger -> [Folder | Created Date = 5/24/2008 11:41:38 PM | Attr = ] avenger.zip -> %UserProfile%\Desktop\avenger.zip -> [Ver = | Size = 725024 bytes | Created Date = 5/24/2008 11:21:46 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier bfu.zip -> %UserProfile%\Desktop\bfu.zip -> [Ver = | Size = 78686 bytes | Created Date = 5/24/2008 11:23:29 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\bfu.zip:Zone.Identifier dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 5/24/2008 12:27:39 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier fix.reg -> %UserProfile%\Desktop\fix.reg -> [Ver = | Size = 6841 bytes | Created Date = 5/24/2008 11:44:19 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 5/19/2008 3:34:48 PM | Attr = ] jre-6u6-windows-i586-p.exe -> %UserProfile%\Desktop\jre-6u6-windows-i586-p.exe -> [Ver = | Size = 15951256 bytes | Created Date = 5/25/2008 12:07:33 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\jre-6u6-windows-i586-p.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/7/2008 1:52:09 AM | Attr = ] Patient%20Information%20Form%20With%20Addresses%203-4-08[1].pdf -> %UserProfile%\Desktop\Patient%20Information%20Form%20With%20Addresses%203-4-08[1].pdf -> [Ver = | Size = 41667 bytes | Created Date = 5/19/2008 7:19:25 PM | Attr = ] regallow.exe -> %UserProfile%\Desktop\regallow.exe -> Bleeping Computer, LLC. [Ver = 1.00 | Size = 69632 bytes | Created Date = 5/24/2008 11:22:31 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\regallow.exe:Zone.Identifier RegFix1.reg -> %UserProfile%\Desktop\RegFix1.reg -> [Ver = | Size = 96 bytes | Created Date = 5/25/2008 6:07:29 PM | Attr = ] SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [Folder | Created Date = 5/24/2008 11:18:55 AM | Attr = ] SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> [Ver = | Size = 1391204 bytes | Created Date = 5/24/2008 11:18:45 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SmitfraudFix.exe:Zone.Identifier Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 5/25/2008 3:53:11 AM | Attr = ] M?crosoft.NET -> %CommonProgramFiles%\Mіcrosoft.NET -> [Folder | Modified Date = 11/1/2006 3:33:03 PM | Attr = ] ?dobe -> %CommonProgramFiles%\Αdobe -> [Folder | Modified Date = 2/21/2006 9:56:19 AM | Attr = ] ?racle -> %CommonProgramFiles%\Οracle -> [Folder | Modified Date = 12/22/2006 11:09:24 AM | Attr = ] ??stem -> %CommonProgramFiles%\ѕуstem -> [Folder | Modified Date = 2/24/2007 10:58:26 AM | Attr = ] ?ppPatch -> %CommonProgramFiles%\АppPatch -> [Folder | Modified Date = 1/8/2007 3:59:17 PM | Attr = ] ?racle -> %CommonProgramFiles%\Оracle -> [Folder | Modified Date = 11/30/2006 1:55:35 PM | Attr = ] ??sks -> %CommonProgramFiles%\Таsks -> [Folder | Modified Date = 4/9/2006 12:15:21 PM | Attr = ] AVG -> %ProgramFiles%\AVG -> [Folder | Created Date = 5/26/2008 2:13:56 PM | Attr = ] A?pPatch -> %ProgramFiles%\AрpPatch -> [Folder | Modified Date = 12/9/2006 9:41:37 AM | Attr = ] F?nts -> %ProgramFiles%\Fοnts -> [Folder | Modified Date = 7/23/2006 5:04:55 PM | Attr = ] Java -> %ProgramFiles%\Java -> [Folder | Created Date = 5/25/2008 3:53:19 AM | Attr = ] s?stem -> %ProgramFiles%\sуstem -> [Folder | Modified Date = 3/17/2006 9:09:22 AM | Attr = ] s?stem32 -> %ProgramFiles%\sуstem32 -> [Folder | Modified Date = 10/21/2006 8:08:19 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 5/19/2008 3:34:46 PM | Attr = ] Windows Defender -> %ProgramFiles%\Windows Defender -> [Folder | Created Date = 5/26/2008 2:59:39 PM | Attr = ] ?racle -> %ProgramFiles%\Οracle -> [Folder | Modified Date = 4/15/2006 8:11:28 PM | Attr = ] ?ecurity -> %ProgramFiles%\ѕecurity -> [Folder | Modified Date = 7/19/2006 2:58:35 PM | Attr = ] ??mbols -> %ProgramFiles%\ѕуmbols -> [Folder | Modified Date = 12/13/2006 4:11:37 PM | Attr = ] ?ppPatch -> %ProgramFiles%\АppPatch -> [Folder | Modified Date = 10/4/2006 6:09:35 PM | Attr = ] ?icrosoft.NET -> %ProgramFiles%\Мicrosoft.NET -> [Folder | Modified Date = 2/13/2007 6:34:44 PM | Attr = ] ?racle -> %ProgramFiles%\Оracle -> [Folder | Modified Date = 3/8/2007 11:01:01 PM | Attr = ] [Files/Folders - Modified Within 30 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Modified Date = 6/7/2008 1:57:30 AM | Attr = H ] 1 C:\*.tmp files -> C:\*.tmp -> 1.reg -> %SystemDrive%\1.reg -> [Ver = | Size = 448 bytes | Modified Date = 5/25/2008 4:37:01 AM | Attr = ] Avenger -> %SystemDrive%\Avenger -> [Folder | Modified Date = 5/26/2008 2:06:54 PM | Attr = ] avexport.bat -> %SystemDrive%\avexport.bat -> [Ver = | Size = 285 bytes | Modified Date = 5/25/2008 4:37:01 AM | Attr = ] BFU -> %SystemDrive%\BFU -> [Folder | Modified Date = 5/24/2008 11:43:57 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 5/24/2008 12:27:50 PM | Attr = ] DELETEME -> %SystemDrive%\DELETEME -> [Folder | Modified Date = 5/19/2008 3:05:47 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/7/2008 2:02:10 AM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 401686528 bytes | Modified Date = 6/7/2008 1:37:17 AM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/7/2008 2:02:19 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 5/24/2008 11:52:50 PM | Attr = HS] registrybackup.reg -> %SystemDrive%\registrybackup.reg -> [Ver = | Size = 80758520 bytes | Modified Date = 5/25/2008 6:06:56 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 5/24/2008 12:28:22 PM | Attr = HS] temp -> %SystemDrive%\temp -> [Folder | Modified Date = 5/19/2008 3:07:03 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 5/27/2008 4:17:35 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/30/2008 4:30:02 PM | Attr = ] World of Warcraft -> %SystemDrive%\World of Warcraft -> [Folder | Modified Date = 5/15/2008 2:04:48 PM | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Modified Date = 6/6/2008 9:20:26 PM | Attr = ] avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 6061540 bytes | Modified Date = 6/4/2008 7:08:19 PM | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 24384910 bytes | Modified Date = 6/6/2008 9:19:22 PM | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 71465 bytes | Modified Date = 6/3/2008 9:48:15 AM | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 838585 bytes | Modified Date = 5/26/2008 2:16:37 PM | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 5/26/2008 2:14:21 PM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 5/26/2008 2:14:18 PM | Attr = ] avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.87 | Size = 75272 bytes | Modified Date = 5/26/2008 2:14:28 PM | Attr = ] afntaqis.ini -> %SystemRoot%\System32\afntaqis.ini -> [Ver = | Size = 2756788 bytes | Modified Date = 5/15/2008 6:33:34 PM | Attr = HS] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 5/26/2008 2:14:30 PM | Attr = ] BcLlonpo.ini -> %SystemRoot%\System32\BcLlonpo.ini -> [Ver = | Size = 26038 bytes | Modified Date = 5/22/2008 8:06:04 PM | Attr = HS] BKQAyJlm.ini -> %SystemRoot%\System32\BKQAyJlm.ini -> [Ver = | Size = 1009135 bytes | Modified Date = 5/19/2008 6:42:31 PM | Attr = HS] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/7/2008 1:41:00 AM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> cLorBJjl.ini -> %SystemRoot%\System32\cLorBJjl.ini -> [Ver = | Size = 1065 bytes | Modified Date = 5/19/2008 3:00:33 PM | Attr = HS] cmvbuqxd.ini -> %SystemRoot%\System32\cmvbuqxd.ini -> [Ver = | Size = 1504983 bytes | Modified Date = 5/11/2008 2:28:23 PM | Attr = HS] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 5/10/2008 8:41:57 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 5/29/2008 9:07:23 PM | Attr = RHS] drcltsmg.ini -> %SystemRoot%\System32\drcltsmg.ini -> [Ver = | Size = 1485879 bytes | Modified Date = 5/19/2008 2:58:05 AM | Attr = HS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 5/26/2008 2:17:56 PM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 5/10/2008 8:49:46 PM | Attr = ] F?nts -> %SystemRoot%\System32\Fοnts -> [Folder | Modified Date = 10/11/2006 6:20:24 PM | Attr = ] gepoyxgv.ini -> %SystemRoot%\System32\gepoyxgv.ini -> [Ver = | Size = 1505729 bytes | Modified Date = 5/20/2008 3:12:33 PM | Attr = HS] gplhhdha.ini -> %SystemRoot%\System32\gplhhdha.ini -> [Ver = | Size = 1469030 bytes | Modified Date = 5/17/2008 8:01:39 AM | Attr = HS] gQYFPXyb.ini -> %SystemRoot%\System32\gQYFPXyb.ini -> [Ver = | Size = 7915 bytes | Modified Date = 5/19/2008 3:00:33 PM | Attr = HS] hPVCKRqr.ini -> %SystemRoot%\System32\hPVCKRqr.ini -> [Ver = | Size = 7246 bytes | Modified Date = 5/19/2008 3:00:33 PM | Attr = HS] HPXGNXbc.ini -> %SystemRoot%\System32\HPXGNXbc.ini -> [Ver = | Size = 1351995 bytes | Modified Date = 5/19/2008 3:00:23 PM | Attr = HS] HQsuvyxx.ini -> %SystemRoot%\System32\HQsuvyxx.ini -> [Ver = | Size = 1006431 bytes | Modified Date = 5/19/2008 3:54:54 PM | Attr = HS] itphroku.ini -> %SystemRoot%\System32\itphroku.ini -> [Ver = | Size = 1417430 bytes | Modified Date = 5/24/2008 11:05:44 AM | Attr = HS] jklSYJjl.ini -> %SystemRoot%\System32\jklSYJjl.ini -> [Ver = | Size = 1011424 bytes | Modified Date = 5/19/2008 10:12:36 PM | Attr = HS] kqljhjah.ini -> %SystemRoot%\System32\kqljhjah.ini -> [Ver = | Size = 1468910 bytes | Modified Date = 5/18/2008 2:56:58 AM | Attr = HS] ksdmcllj.ini -> %SystemRoot%\System32\ksdmcllj.ini -> [Ver = | Size = 1468970 bytes | Modified Date = 5/16/2008 8:43:06 PM | Attr = HS] KSYccMoq.ini -> %SystemRoot%\System32\KSYccMoq.ini -> [Ver = | Size = 1041515 bytes | Modified Date = 5/19/2008 3:00:36 PM | Attr = HS] lgqmkgwv.ini -> %SystemRoot%\System32\lgqmkgwv.ini -> [Ver = | Size = 1496212 bytes | Modified Date = 5/19/2008 4:13:00 PM | Attr = HS] lt.res -> %SystemRoot%\System32\lt.res -> [Ver = | Size = 251 bytes | Modified Date = 5/10/2008 2:25:11 PM | Attr = ] mUBJjkkj.ini -> %SystemRoot%\System32\mUBJjkkj.ini -> [Ver = | Size = 885749 bytes | Modified Date = 5/22/2008 3:57:47 AM | Attr = HS] mukvbiaj.ini -> %SystemRoot%\System32\mukvbiaj.ini -> [Ver = | Size = 1469090 bytes | Modified Date = 5/17/2008 10:00:33 PM | Attr = HS] mVvFOXbc.ini -> %SystemRoot%\System32\mVvFOXbc.ini -> [Ver = | Size = 1023416 bytes | Modified Date = 5/21/2008 2:16:32 AM | Attr = HS] M?crosoft -> %SystemRoot%\System32\Mіcrosoft -> [Folder | Modified Date = 1/4/2007 12:52:16 PM | Attr = ] M?crosoft.NET -> %SystemRoot%\System32\Mіcrosoft.NET -> [Folder | Modified Date = 7/20/2006 2:45:36 PM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 81200 bytes | Modified Date = 6/7/2008 1:38:20 AM | Attr = ] pooonnpo.ini -> %SystemRoot%\System32\pooonnpo.ini -> [Ver = | Size = 1344014 bytes | Modified Date = 5/19/2008 3:00:23 PM | Attr = HS] qYadfMoq.ini -> %SystemRoot%\System32\qYadfMoq.ini -> [Ver = | Size = 1443 bytes | Modified Date = 5/19/2008 3:00:18 PM | Attr = HS] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 5/26/2008 2:06:20 PM | Attr = ] rggvhlmo.ini -> %SystemRoot%\System32\rggvhlmo.ini -> [Ver = | Size = 1551849 bytes | Modified Date = 5/15/2008 1:50:33 PM | Attr = HS] rgxkpevp.ini -> %SystemRoot%\System32\rgxkpevp.ini -> [Ver = | Size = 1389545 bytes | Modified Date = 5/21/2008 2:52:45 PM | Attr = HS] sft.res -> %SystemRoot%\System32\sft.res -> [Ver = | Size = 7138 bytes | Modified Date = 5/24/2008 11:13:34 PM | Attr = ] ssiknqii.ini -> %SystemRoot%\System32\ssiknqii.ini -> [Ver = | Size = 1496152 bytes | Modified Date = 5/19/2008 7:09:25 PM | Attr = HS] stuvGfhk.ini -> %SystemRoot%\System32\stuvGfhk.ini -> [Ver = | Size = 395 bytes | Modified Date = 5/16/2008 4:29:30 PM | Attr = HS] s?mbols -> %SystemRoot%\System32\sуmbols -> [Folder | Modified Date = 2/18/2006 8:08:13 AM | Attr = ] TuxEOqru.ini -> %SystemRoot%\System32\TuxEOqru.ini -> [Ver = | Size = 901681 bytes | Modified Date = 5/23/2008 11:03:32 PM | Attr = HS] T?sks -> %SystemRoot%\System32\Tаsks -> [Folder | Modified Date = 4/7/2006 8:36:41 PM | Attr = ] UFeLnnmp.ini -> %SystemRoot%\System32\UFeLnnmp.ini -> [Ver = | Size = 1346133 bytes | Modified Date = 5/19/2008 3:00:36 PM | Attr = HS] usyayvpf.ini -> %SystemRoot%\System32\usyayvpf.ini -> [Ver = | Size = 1496212 bytes | Modified Date = 5/19/2008 3:32:08 PM | Attr = HS] vsgtebqs.ini -> %SystemRoot%\System32\vsgtebqs.ini -> [Ver = | Size = 1469150 bytes | Modified Date = 5/17/2008 3:53:04 PM | Attr = HS] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 5/29/2008 5:05:02 PM | Attr = ] wxFOVvut.ini -> %SystemRoot%\System32\wxFOVvut.ini -> [Ver = | Size = 1050209 bytes | Modified Date = 5/19/2008 3:00:36 PM | Attr = HS] W?nSxS -> %SystemRoot%\System32\WіnSxS -> [Folder | Modified Date = 3/14/2006 2:20:56 PM | Attr = ] xyfudhnm.ini -> %SystemRoot%\System32\xyfudhnm.ini -> [Ver = | Size = 1551969 bytes | Modified Date = 5/15/2008 4:54:25 PM | Attr = HS] yatmccrm.ini -> %SystemRoot%\System32\yatmccrm.ini -> [Ver = | Size = 1469030 bytes | Modified Date = 5/17/2008 9:39:42 PM | Attr = HS] ynvulvoc.ini -> %SystemRoot%\System32\ynvulvoc.ini -> [Ver = | Size = 2161760 bytes | Modified Date = 5/15/2008 6:42:17 PM | Attr = HS] ?ecurity -> %SystemRoot%\System32\ѕecurity -> [Folder | Modified Date = 3/28/2006 8:32:23 PM | Attr = ] ??mantec -> %SystemRoot%\System32\Ѕуmantec -> [Folder | Modified Date = 4/18/2006 2:37:42 PM | Attr = ] ?ssembly -> %SystemRoot%\System32\аssembly -> [Folder | Modified Date = 4/26/2006 3:41:44 PM | Attr = ] ??sembly -> %SystemRoot%\System32\аѕsembly -> [Folder | Modified Date = 9/22/2006 2:53:52 PM | Attr = ] ?racle -> %SystemRoot%\System32\Оracle -> [Folder | Modified Date = 9/17/2006 11:44:57 AM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/29/2008 5:16:29 PM | Attr = H ] 6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 5/10/2008 8:27:42 PM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 5/10/2008 8:26:15 PM | Attr = H ] a?sembly -> %SystemRoot%\aѕsembly -> [Folder | Modified Date = 4/6/2006 6:56:22 PM | Attr = ] A?pPatch -> %SystemRoot%\AрpPatch -> [Folder | Modified Date = 3/1/2007 11:09:03 PM | Attr = ] BMf310f7b0.xml -> %SystemRoot%\BMf310f7b0.xml -> [Ver = | Size = 109850 bytes | Modified Date = 5/24/2008 11:13:14 AM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/7/2008 1:37:26 AM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/24/2008 12:35:29 PM | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 5/24/2008 12:28:26 PM | Attr = ] F?nts -> %SystemRoot%\Fοnts -> [Folder | Modified Date = 8/17/2006 6:27:49 PM | Attr = ] F?nts -> %SystemRoot%\Fоnts -> [Folder | Modified Date = 1/23/2007 9:41:24 PM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/10/2008 9:39:27 PM | Attr = ] homepage.html -> %SystemRoot%\homepage.html -> [Ver = | Size = 1294 bytes | Modified Date = 5/10/2008 2:25:06 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 5/10/2008 8:31:03 PM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 5/26/2008 1:56:15 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 5/26/2008 5:47:40 PM | Attr = ] index.html -> %SystemRoot%\index.html -> [Ver = | Size = 1906 bytes | Modified Date = 5/10/2008 2:25:06 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 5/29/2008 9:07:37 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 5/27/2008 4:08:09 AM | Attr = HS] mainms.vpi -> %SystemRoot%\mainms.vpi -> [Ver = | Size = 138 bytes | Modified Date = 5/10/2008 2:21:22 PM | Attr = RHS] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 5/10/2008 8:31:39 PM | Attr = ] megavid.cdt -> %SystemRoot%\megavid.cdt -> [Ver = | Size = 4 bytes | Modified Date = 5/10/2008 9:38:21 PM | Attr = RHS] muotr.so -> %SystemRoot%\muotr.so -> [Ver = | Size = 33 bytes | Modified Date = 5/10/2008 2:21:22 PM | Attr = RHS] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 5/10/2008 8:21:06 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/7/2008 2:04:45 AM | Attr = ] promo1.html -> %SystemRoot%\promo1.html -> [Ver = | Size = 283 bytes | Modified Date = 5/10/2008 2:25:07 PM | Attr = ] promo2.html -> %SystemRoot%\promo2.html -> [Ver = | Size = 283 bytes | Modified Date = 5/10/2008 2:25:09 PM | Attr = ] promo3.html -> %SystemRoot%\promo3.html -> [Ver = | Size = 283 bytes | Modified Date = 5/10/2008 2:25:09 PM | Attr = ] promo4.html -> %SystemRoot%\promo4.html -> [Ver = | Size = 500 bytes | Modified Date = 5/10/2008 2:25:10 PM | Attr = ] promo5.html -> %SystemRoot%\promo5.html -> [Ver = | Size = 478 bytes | Modified Date = 5/10/2008 2:25:11 PM | Attr = ] promo6.html -> %SystemRoot%\promo6.html -> [Ver = | Size = 507 bytes | Modified Date = 5/10/2008 2:25:11 PM | Attr = ] promogif1.gif -> %SystemRoot%\promogif1.gif -> [Ver = | Size = 24351 bytes | Modified Date = 5/10/2008 2:25:07 PM | Attr = ] promogif2.gif -> %SystemRoot%\promogif2.gif -> [Ver = | Size = 24066 bytes | Modified Date = 5/10/2008 2:25:09 PM | Attr = ] promogif3.gif -> %SystemRoot%\promogif3.gif -> [Ver = | Size = 57546 bytes | Modified Date = 5/10/2008 2:25:10 PM | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 5/24/2008 11:03:37 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 5/23/2008 9:07:23 AM | Attr = H ] system -> %SystemRoot%\system -> [Folder | Modified Date = 5/26/2008 2:08:02 PM | Attr = ] SYSTEM.INI -> %SystemRoot%\SYSTEM.INI -> [Ver = | Size = 536 bytes | Modified Date = 5/19/2008 3:16:58 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 6/7/2008 2:02:19 AM | Attr = ] s?stem32 -> %SystemRoot%\sуstem32 -> [Folder | Modified Date = 2/21/2006 1:24:24 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/7/2008 1:40:56 AM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/7/2008 2:07:54 AM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 5/10/2008 8:32:09 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 5/26/2008 2:13:42 PM | Attr = ] ?dobe -> %SystemRoot%\Αdobe -> [Folder | Modified Date = 1/22/2007 5:03:02 PM | Attr = ] ??crosoft.NET -> %SystemRoot%\Μіcrosoft.NET -> [Folder | Modified Date = 11/10/2006 12:02:20 PM | Attr = ] ?racle -> %SystemRoot%\Οracle -> [Folder | Modified Date = 5/27/2006 8:31:03 AM | Attr = ] ?asks -> %SystemRoot%\Τasks -> [Folder | Modified Date = 6/2/2006 8:07:47 PM | Attr = ] ?ystem32 -> %SystemRoot%\ѕystem32 -> [Folder | Modified Date = 2/15/2006 3:09:40 PM | Attr = ] ??stem32 -> %SystemRoot%\ѕуstem32 -> [Folder | Modified Date = 3/31/2006 5:58:08 PM | Attr = ] ?icrosoft -> %SystemRoot%\Мicrosoft -> [Folder | Modified Date = 2/20/2006 9:55:59 AM | Attr = ] ?icrosoft.NET -> %SystemRoot%\Мicrosoft.NET -> [Folder | Modified Date = 5/28/2006 8:46:49 AM | Attr = ] ?racle -> %SystemRoot%\Оracle -> [Folder | Modified Date = 3/11/2006 1:03:12 PM | Attr = ] ?asks -> %SystemRoot%\Тasks -> [Folder | Modified Date = 3/9/2006 5:50:56 PM | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 6/7/2008 1:45:28 AM | Attr = H ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/7/2008 1:37:42 AM | Attr = H ] Symantec NetDetect.job -> %SystemRoot%\tasks\Symantec NetDetect.job -> [Ver = | Size = 418 bytes | Modified Date = 6/7/2008 1:39:55 AM | Attr = ] {4BA28505-D509-483C-8D83-A40EFBC328F6}_STARCRAFT_Amercaindancer.job -> %SystemRoot%\tasks\{4BA28505-D509-483C-8D83-A40EFBC328F6}_STARCRAFT_Amercaindancer.job -> [Ver = | Size = 414 bytes | Modified Date = 6/7/2008 12:00:13 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 11/2/2001 8:14:03 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5522 bytes | Modified Date = 6/7/2008 1:39:41 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5522 bytes | Modified Date = 6/7/2008 1:39:42 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 4/20/2005 7:58:20 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 11/4/2001 12:46:35 PM | Attr = ] wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 16 bytes | Modified Date = 10/23/2007 12:49:58 PM | Attr = ] wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 16 bytes | Modified Date = 10/23/2007 12:49:58 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Modified Date = 5/26/2008 2:13:55 PM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 5/26/2008 2:59:40 PM | Attr = S] AVG7 -> %AppData%\AVG7 -> [Folder | Modified Date = 5/24/2008 11:03:57 AM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 5/27/2008 4:12:33 AM | Attr = ] BFU -> %UserProfile%\My Documents\BFU -> [Folder | Modified Date = 5/24/2008 11:42:54 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 79 bytes | Modified Date = 5/15/2008 4:52:56 PM | Attr = HS] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 5/15/2008 4:52:59 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 5/15/2008 4:52:57 PM | Attr = R ] Ad-Aware SE Personal.lnk -> %AllUsersProfile%\Desktop\Ad-Aware SE Personal.lnk -> [Ver = | Size = 2391 bytes | Modified Date = 5/15/2008 4:55:09 PM | Attr = ] AVG Anti-Rootkit Free.lnk -> %AllUsersProfile%\Desktop\AVG Anti-Rootkit Free.lnk -> [Ver = | Size = 828 bytes | Modified Date = 5/26/2008 2:17:57 PM | Attr = ] AVG Free 8.0.lnk -> %AllUsersProfile%\Desktop\AVG Free 8.0.lnk -> [Ver = | Size = 1507 bytes | Modified Date = 5/26/2008 2:14:31 PM | Attr = ] Amercaindancer -> %UserProfile%\Desktop\Amercaindancer -> [Folder | Modified Date = 6/7/2008 2:00:25 AM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 5/25/2008 3:57:39 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier avenger -> %UserProfile%\Desktop\avenger -> [Folder | Modified Date = 5/24/2008 11:45:03 PM | Attr = ] avenger.zip -> %UserProfile%\Desktop\avenger.zip -> [Ver = | Size = 725024 bytes | Modified Date = 5/24/2008 11:21:51 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avenger.zip:Zone.Identifier bfu.zip -> %UserProfile%\Desktop\bfu.zip -> [Ver = | Size = 78686 bytes | Modified Date = 5/24/2008 11:23:29 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\bfu.zip:Zone.Identifier dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 5/24/2008 12:27:47 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier fix.reg -> %UserProfile%\Desktop\fix.reg -> [Ver = | Size = 6841 bytes | Modified Date = 5/24/2008 11:44:19 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 5/19/2008 3:34:48 PM | Attr = ] jre-6u6-windows-i586-p.exe -> %UserProfile%\Desktop\jre-6u6-windows-i586-p.exe -> [Ver = | Size = 15951256 bytes | Modified Date = 5/25/2008 12:07:40 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\jre-6u6-windows-i586-p.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 6/7/2008 1:52:11 AM | Attr = ] Patient%20Information%20Form%20With%20Addresses%203-4-08[1].pdf -> %UserProfile%\Desktop\Patient%20Information%20Form%20With%20Addresses%203-4-08[1].pdf -> [Ver = | Size = 41667 bytes | Modified Date = 5/19/2008 7:19:26 PM | Attr = ] regallow.exe -> %UserProfile%\Desktop\regallow.exe -> Bleeping Computer, LLC. [Ver = 1.00 | Size = 69632 bytes | Modified Date = 5/24/2008 11:22:32 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\regallow.exe:Zone.Identifier RegFix1.reg -> %UserProfile%\Desktop\RegFix1.reg -> [Ver = | Size = 96 bytes | Modified Date = 5/25/2008 6:07:29 PM | Attr = ] SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [Folder | Modified Date = 6/7/2008 1:43:14 AM | Attr = ] SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> [Ver = | Size = 1391204 bytes | Modified Date = 5/24/2008 11:18:53 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SmitfraudFix.exe:Zone.Identifier Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 5/25/2008 3:53:11 AM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 5/26/2008 2:13:43 PM | Attr = ] M?crosoft.NET -> %CommonProgramFiles%\Mіcrosoft.NET -> [Folder | Modified Date = 11/1/2006 3:33:03 PM | Attr = ] ?dobe -> %CommonProgramFiles%\Αdobe -> [Folder | Modified Date = 2/21/2006 9:56:19 AM | Attr = ] ?racle -> %CommonProgramFiles%\Οracle -> [Folder | Modified Date = 12/22/2006 11:09:24 AM | Attr = ] ??stem -> %CommonProgramFiles%\ѕуstem -> [Folder | Modified Date = 2/24/2007 10:58:26 AM | Attr = ] ?ppPatch -> %CommonProgramFiles%\АppPatch -> [Folder | Modified Date = 1/8/2007 3:59:17 PM | Attr = ] ?racle -> %CommonProgramFiles%\Оracle -> [Folder | Modified Date = 11/30/2006 1:55:35 PM | Attr = ] ??sks -> %CommonProgramFiles%\Таsks -> [Folder | Modified Date = 4/9/2006 12:15:21 PM | Attr = ] < End of report > [/code]