[code] OTScanIt logfile created on: 6/18/2008 8:14:19 PM OTScanIt by OldTimer - Version 1.0.15.15 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 239.41 Mb Total Physical Memory | 78.50 Mb Available Physical Memory | 32.79% Memory free 586.43 Mb Paging File | 279.44 Mb Available in Paging File | 47.65% Paging File free Paging file location(s): C:\pagefile.sys 360 720; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 25.95 Gb Total Space | 18.22 Gb Free Space | 70.21% Space Free | Partition Type: NTFS Drive D: | 2.00 Gb Total Space | 0.86 Gb Free Space | 43.07% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SHIAO-I-SEN Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 6/3/2008 12:59:11 AM | Attr = ] defwatch.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 32768 bytes | Modified Date = 5/21/2003 1:22:36 AM | Attr = ] rtvscan.exe -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 610304 bytes | Modified Date = 5/21/2003 1:27:46 AM | Attr = ] indicatoruty.exe -> %ProgramFiles%\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe -> FUJITSU LIMITED [Ver = 2, 1, 0, 0 | Size = 81920 bytes | Modified Date = 8/29/2002 12:20:54 AM | Attr = ] quicktouch.exe -> %ProgramFiles%\Fujitsu\Application Panel\QuickTouch.exe -> FUJITSU LIMITED [Ver = 4, 3, 0, 0 | Size = 242688 bytes | Modified Date = 8/29/2002 12:59:38 AM | Attr = ] btnhnd.exe -> %ProgramFiles%\Fujitsu\BtnHnd\BtnHnd.exe -> FUJITSU LIMITED [Ver = 2, 5, 0, 1 | Size = 61440 bytes | Modified Date = 8/28/2002 2:01:06 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.15 | Size = 397312 bytes | Modified Date = 6/12/2008 12:29:06 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 6/3/2008 12:59:11 AM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2evxx.exe -> [Ver = | Size = 131072 bytes | Modified Date = 7/30/2002 9:16:02 PM | Attr = ] (DefWatch) DefWatch [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 32768 bytes | Modified Date = 5/21/2003 1:22:36 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 3:56:48 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 2/18/2007 10:47:19 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 1:06:04 AM | Attr = ] (Norton AntiVirus Server) Symantec AntiVirus Client [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -> Symantec Corporation [Ver = 8.1.0.825 | Size = 610304 bytes | Modified Date = 5/21/2003 1:27:46 AM | Attr = ] [Driver Services - Non-Microsoft Only] (aliadwdm) ALi Audio Accelerator WDM driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ac97ali.sys -> Acer Laboratories Inc. [Ver = 5.12.01.6003 | Size = 231552 bytes | Modified Date = 8/4/2004 1:32:21 PM | Attr = ] (AliIde) AliIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\aliide.sys -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/18/2001 8:00:00 PM | Attr = ] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.13.10.6143 | Size = 480512 bytes | Modified Date = 7/30/2002 9:32:50 PM | Attr = ] (BtnHnd) BtnHnd [Kernel | Auto | Running] -> %ProgramFiles%\Fujitsu\BtnHnd\BtnHnd.sys -> FUJITSU LIMITED [Ver = 2, 5, 0, 6 | Size = 18688 bytes | Modified Date = 8/29/2002 12:45:32 AM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 2:07:17 PM | Attr = ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 2:07:16 PM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/18/2001 8:00:00 PM | Attr = ] (FIDMOUF) Fujitsu Touch Panel [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fidmouf.sys -> Fujitsu Component Limited [Ver = V1.9L30 | Size = 7952 bytes | Modified Date = 2/7/2002 10:47:12 PM | Attr = R ] (FIDTPU) Fujitsu Touch Panel (USB) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\FIDTPU.sys -> Fujitsu Component Limited [Ver = V1.9L34 built by: WinDDK | Size = 23424 bytes | Modified Date = 6/24/2002 6:53:12 AM | Attr = R ] (FUJ02B1) Fujitsu FUJ02B1 Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fuj02b1.sys -> FUJITSU LIMITED [Ver = 1.21 built by: WinDDK | Size = 5248 bytes | Modified Date = 8/1/2001 11:00:22 AM | Attr = R ] (LucentSoftModem) Lucent Technologies Soft Modem [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LTSM.sys -> Lucent Technologies [Ver = 3.1.113 3.1.113 05/07/2002 14:55:12 | Size = 808939 bytes | Modified Date = 5/7/2002 1:55:14 PM | Attr = R ] (NAVAP) NAVAP [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -> Symantec Corporation [Ver = 9.1.0.26 | Size = 224256 bytes | Modified Date = 5/2/2003 9:08:18 PM | Attr = ] (NAVAPEL) NAVAPEL [Kernel | Auto | Running] -> %ProgramFiles%\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -> Symantec Corporation [Ver = 9.1.0.26 | Size = 30208 bytes | Modified Date = 5/2/2003 9:08:22 PM | Attr = ] (NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080612.003\NAVENG.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 89936 bytes | Modified Date = 6/12/2008 4:00:00 PM | Attr = ] (NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20080612.003\NAVEX15.SYS -> Symantec Corporation [Ver = 20081.1.1.13 | Size = 856336 bytes | Modified Date = 6/12/2008 4:00:00 PM | Attr = ] (PRISM) Intersil PRISM Wireless LAN Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\PRISMNDS.sys -> Intersil Corporation [Ver = 1.07.41 | Size = 51200 bytes | Modified Date = 6/18/2002 1:26:02 AM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/18/2001 8:00:00 PM | Attr = ] (rtl8139) Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\R8139n51.sys -> Realtek Semiconductor Corporation [Ver = 5.504.613.2002 built by: WinDDK | Size = 45568 bytes | Modified Date = 6/13/2002 10:37:16 AM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 6:25:53 PM | Attr = ] (Sparrow) Sparrow [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\sparrow.sys -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/18/2001 5:07:44 AM | Attr = ] (STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\STAC97.sys -> SigmaTel, Inc. [Ver = 5.10.3687 | Size = 180048 bytes | Modified Date = 8/14/2002 8:24:44 PM | Attr = R ] (SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.2.2.11 | Size = 73496 bytes | Modified Date = 11/4/2004 6:42:21 AM | Attr = ] (Tp4Track) QuickPoint Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tp4track.sys -> IBM Corporation [Ver = 2.16 | Size = 9447 bytes | Modified Date = 8/6/2001 10:26:52 AM | Attr = R ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ATIModeChange -> %SystemRoot%\system32\Ati2mdxx.exe [Ati2mdxx.exe] -> ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Modified Date = 7/30/2002 8:19:08 PM | Attr = ] IndicatorUtility -> %ProgramFiles%\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe [C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe] -> FUJITSU LIMITED [Ver = 2, 1, 0, 0 | Size = 81920 bytes | Modified Date = 8/29/2002 12:20:54 AM | Attr = ] LoadBtnHnd -> %ProgramFiles%\Fujitsu\BtnHnd\BtnHnd.exe [C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe] -> FUJITSU LIMITED [Ver = 2, 5, 0, 1 | Size = 61440 bytes | Modified Date = 8/28/2002 2:01:06 AM | Attr = ] LoadFujitsuQuickTouch -> %ProgramFiles%\Fujitsu\Application Panel\QuickTouch.exe [C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe] -> FUJITSU LIMITED [Ver = 4, 3, 0, 0 | Size = 242688 bytes | Modified Date = 8/29/2002 12:59:38 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 12:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003] > -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 282624 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] NavLogon -> %SystemRoot%\system32\NavLogon.dll -> [Ver = | Size = 45056 bytes | Modified Date = 5/21/2003 1:19:00 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003] > -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 1:59:52 PM | Attr = ] *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\INITSTARTFAILED -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 9/27/2002 2:47:24 AM | Attr = ] < HOSTS File > (734 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.fujitsupc.com/ -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://mail.yahoo.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[gogl] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.fujitsupc.com/ -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.fujitsupc.com/ -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: Main\\Start Page -> http://www.fujitsupc.com/ -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: Main\\Start Page -> http://www.fujitsupc.com/ -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\] > -> -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\: Main\\Start Page -> http://mail.yahoo.com/ -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\: SearchURL\\ -> http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com[gogl] -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> .[msn] -> My Computer -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\] > -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> .[msn] -> My Computer -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\] > -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.5.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.60.5 | Size = 184423 bytes | Modified Date = 11/10/2005 1:22:12 PM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\] > -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\] > -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar4.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {FB5F1910-F110-11d2-BB9E-00C04F795683}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Messenger] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Messenger] -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Messenger] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Messenger] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\] > -> HKEY_USERS\S-1-5-21-681764103-4217759621-2681017343-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Messenger] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {E3887EF9-AAB6-4DEB-A639-05A83081D413} -> (Realtek RTL8139/810x Family Fast Ethernet NIC) -> {F0E1FCA5-4E26-473C-8B17-228AD2776180} -> (Intersil PRISM Wireless LAN PCI Card) -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[Reg Error: Key does not exist or could not be opened.] -> {33704B0F-9EB7-434B-B752-EA6CFFB87423}[HKEY_LOCAL_MACHINE] -> http://cuecmr01.viewnetcam.com/JpegInst.cab[pmjpegaudio Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab[Java Plug-in 1.5.0_06] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {F3D4C08D-3616-43F0-9E29-44C749B0664B}[HKEY_LOCAL_MACHINE] -> http://cuecmr01.viewnetcam.com/JpegInst.cab[pmjpegcam Class] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MgAxCtrl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MgAxCtrl.dll\\.Owner -> {62789780-B744-11D0-986B-00609731A21D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MgAxCtrl.dll\\{62789780-B744-11D0-986B-00609731A21D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pmjpegaudio.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pmjpegaudio.ocx\\.Owner -> {33704B0F-9EB7-434B-B752-EA6CFFB87423} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pmjpegaudio.ocx\\{33704B0F-9EB7-434B-B752-EA6CFFB87423} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pmjpegcam.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pmjpegcam.ocx\\.Owner -> {33704B0F-9EB7-434B-B752-EA6CFFB87423} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pmjpegcam.ocx\\{33704B0F-9EB7-434B-B752-EA6CFFB87423} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MSCOMCTL.OCX\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MSCOMCTL.OCX\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MSRDO20.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MSRDO20.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msstkprp.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msstkprp.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/RDOCURS.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/RDOCURS.DLL\\.Owner -> Unknown Owner -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/16/2005 1:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 3:56:43 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 3:56:46 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 524 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 3:56:44 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 3:56:44 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 05 27 73 4C 11 0D CB 3F FC 2F FA 1A 68 46 7B C2 30 62 65 38 32 33 61 61 00 00 00 00 01 00 00 00 B0 01 00 00 B4 01 00 00 40 CA 06 00 5B A5 BF 71 04 00 00 00 10 00 00 00 00 00 00 00 30 E5 DC 71 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 2E E2 13 DD 58 0C 57 A2 0D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> D4 20 2B 92 D8 C7 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 56 E9 F1 FE AB 0D A2 EF 02 0F 47 71 10 A6 AA CF [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 30 F5 76 87 1E CE C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 6F E3 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 14963 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 3:56:42 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:56:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 93184 bytes | Modified Date = 8/4/2004 3:56:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 3:56:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{F0E1FCA5-4E26-473C-8B17-228AD2776180} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E3887EF9-AAB6-4DEB-A639-05A83081D413} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{4A7CF5B6-16C3-4921-825E-86FA4BEDE1A1} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{670A4689-9E51-49EF-9770-3510541312B5} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{A4D1D7CD-D088-470B-BE82-27FADFC4050D} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{1E991689-97A8-4F13-871E-ABBC94AAB77C} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 3:56:57 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 3:56:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> Adobe Reader Speed Launcher hkey=HKLM key=Run -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ] AtiPTA hkey=HKLM key=Run -> %SystemRoot%\system32\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.13.10.3017 | Size = 290816 bytes | Modified Date = 7/30/2002 10:18:42 PM | Attr = ] avgnt hkey=HKLM key=Run -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe -> File not found FTMSFLT(USB) hkey=HKLM key=Run -> %ProgramFiles%\FIDTPU\WIN2K\FTMSFLTU.exe -> Fujitsu Component Limited [Ver = V1.9L35 | Size = 69632 bytes | Modified Date = 7/11/2002 4:44:42 PM | Attr = R ] LTSMMSG hkey=HKLM key=Run -> %SystemRoot%\LTSMMSG.exe -> Lucent Technologies [Ver = 3.1.113 3.1.113 05/07/2002 14:54:58 | Size = 32768 bytes | Modified Date = 5/7/2002 1:55:00 PM | Attr = R ] < MountPoints2 > -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##CUECENTRIC-01#G\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##CUECENTRIC-01#G\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##CUECENTRIC-01#G\\_CommentFromDesktopINI -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##CUECENTRIC-01#G\\_LabelFromDesktopINI -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##CUECENTRIC-01#G\\_AutorunStatus -> 01 DF DF 00 DF 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 00 00 20 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05deb030-48f4-11d9-838d-00e000d4a962}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05deb030-48f4-11d9-838d-00e000d4a962}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05deb030-48f4-11d9-838d-00e000d4a962}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 20 00 00 00 09 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{398d4a50-d197-11d6-bcda-00e000c3fe52}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{398d4a50-d197-11d6-bcda-00e000c3fe52}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe98d00-37cf-11d9-8373-00e000d4a962}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe98d00-37cf-11d9-8373-00e000d4a962}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3fe98d00-37cf-11d9-8373-00e000d4a962}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4718f020-d142-11d6-a91b-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4718f020-d142-11d6-a91b-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4718f021-d142-11d6-a91b-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4718f021-d142-11d6-a91b-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55a4cf10-29f9-11d9-8333-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55a4cf10-29f9-11d9-8333-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55a4cf11-29f9-11d9-8333-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55a4cf11-29f9-11d9-8333-806d6172696f}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d50-e467-11d9-83cd-00e000d4a962}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d50-e467-11d9-83cd-00e000d4a962}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d50-e467-11d9-83cd-00e000d4a962}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d51-e467-11d9-83cd-00e000d4a962}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d51-e467-11d9-83cd-00e000d4a962}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d51-e467-11d9-83cd-00e000d4a962}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d52-e467-11d9-83cd-00e000d4a962}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d52-e467-11d9-83cd-00e000d4a962}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d52-e467-11d9-83cd-00e000d4a962}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 02 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d52-e467-11d9-83cd-00e000d4a962}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d52-e467-11d9-83cd-00e000d4a962}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d52-e467-11d9-83cd-00e000d4a962}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d52-e467-11d9-83cd-00e000d4a962}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/26/2007 11:36:51 AM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d52-e467-11d9-83cd-00e000d4a962}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d52-e467-11d9-83cd-00e000d4a962}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d53-e467-11d9-83cd-00e000d4a962}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d53-e467-11d9-83cd-00e000d4a962}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{67fc9d53-e467-11d9-83cd-00e000d4a962}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03065-ee83-11d9-83d6-00e000d4a962}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03065-ee83-11d9-83d6-00e000d4a962}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03065-ee83-11d9-83d6-00e000d4a962}\\_AutorunStatus -> 01 00 01 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03065-ee83-11d9-83d6-00e000d4a962}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03065-ee83-11d9-83d6-00e000d4a962}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03065-ee83-11d9-83d6-00e000d4a962}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03065-ee83-11d9-83d6-00e000d4a962}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/26/2007 11:36:51 AM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03065-ee83-11d9-83d6-00e000d4a962}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03065-ee83-11d9-83d6-00e000d4a962}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03066-ee83-11d9-83d6-00e000d4a962}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03066-ee83-11d9-83d6-00e000d4a962}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03066-ee83-11d9-83d6-00e000d4a962}\\_AutorunStatus -> 01 00 01 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03066-ee83-11d9-83d6-00e000d4a962}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03066-ee83-11d9-83d6-00e000d4a962}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03066-ee83-11d9-83d6-00e000d4a962}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03066-ee83-11d9-83d6-00e000d4a962}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/26/2007 11:36:51 AM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03066-ee83-11d9-83d6-00e000d4a962}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8bc03066-ee83-11d9-83d6-00e000d4a962}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be4b5270-ee0e-11da-8403-00e000d4a962}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be4b5270-ee0e-11da-8403-00e000d4a962}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be4b5270-ee0e-11da-8403-00e000d4a962}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be4b5271-ee0e-11da-8403-00e000d4a962}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be4b5271-ee0e-11da-8403-00e000d4a962}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be4b5271-ee0e-11da-8403-00e000d4a962}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be4b5272-ee0e-11da-8403-00e000d4a962}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be4b5272-ee0e-11da-8403-00e000d4a962}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be4b5272-ee0e-11da-8403-00e000d4a962}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 01 00 01 01 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 06 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be4b5273-ee0e-11da-8403-00e000d4a962}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be4b5273-ee0e-11da-8403-00e000d4a962}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be4b5273-ee0e-11da-8403-00e000d4a962}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F CF 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F CF CF CF CF CF CF CF CF 5F CF CF CF 5F 5F 5F 5F 5F 5F 5F 5F 5F 5F 00 00 10 00 00 00 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1bfab00-0c29-11da-83ed-00e000d4a962}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1bfab00-0c29-11da-83ed-00e000d4a962}\\BaseClass -> Drive -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1bfab00-0c29-11da-83ed-00e000d4a962}\\_AutorunStatus -> 01 00 01 00 00 01 00 DF DF 5F DF 5F 5F 5F 5F DF DF 5F 5F 5F DF DF DF 5F 5F 5F DF DF DF 5F 5F DF 5F 5F 5F 5F 5F 00 5F 5F 5F 5F 5F CF CF 5F 5F 5F 5F 01 01 00 EE FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF 00 00 10 00 00 08 01 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1bfab00-0c29-11da-83ed-00e000d4a962}\shell\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1bfab00-0c29-11da-83ed-00e000d4a962}\shell\\ -> None -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1bfab00-0c29-11da-83ed-00e000d4a962}\shell\Autoplay\ -> -> *MUIVerb* -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1bfab00-0c29-11da-83ed-00e000d4a962}\shell\Autoplay\\MUIVerb -> @shell32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/26/2007 11:36:51 AM | Attr = ] -8504 -> -> File not found *MultiFile Done* -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1bfab00-0c29-11da-83ed-00e000d4a962}\shell\Autoplay\DropTarget\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1bfab00-0c29-11da-83ed-00e000d4a962}\shell\Autoplay\DropTarget\\CLSID -> {f26a669a-bcbb-4e37-abf9-7325da15f931} -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{55a4cf10-29f9-11d9-8333-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{55a4cf10-29f9-11d9-8333-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{55a4cf10-29f9-11d9-8333-806d6172696f}\\Generation -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{55a4cf11-29f9-11d9-8333-806d6172696f}\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{55a4cf11-29f9-11d9-8333-806d6172696f}\\Data -> [Binary data over 100 bytes] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{55a4cf11-29f9-11d9-8333-806d6172696f}\\Generation -> 1 -> [Files/Folders - Created Within 90 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 6/16/2008 8:27:43 AM | Attr = ] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Created Date = 5/26/2008 10:14:20 PM | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Created Date = 5/26/2008 10:14:20 PM | Attr = H ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Created Date = 3/25/2008 12:50:40 PM | Attr = ] Awrtpd.sys -> %SystemRoot%\System32\drivers\Awrtpd.sys -> Lavasoft AB [Ver = 1.0.0.134 | Size = 12960 bytes | Created Date = 4/29/2008 11:19:50 AM | Attr = ] Awrtrd.sys -> %SystemRoot%\System32\drivers\Awrtrd.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 15648 bytes | Created Date = 4/29/2008 11:19:54 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Created Date = 6/14/2008 8:39:43 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 6/14/2008 8:39:43 PM | Attr = ] NSDriver.sys -> %SystemRoot%\System32\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 15648 bytes | Created Date = 4/29/2008 11:20:00 AM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Created Date = 5/26/2008 10:07:20 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [Ver = | Size = 12632 bytes | Created Date = 5/16/2008 11:58:04 AM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 6/16/2008 8:28:14 AM | Attr = ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 16 bytes | Created Date = 6/15/2008 9:00:25 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 6/17/2008 8:21:30 AM | Attr = ] RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 438 bytes | Created Date = 6/13/2008 8:32:46 PM | Attr = ] RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 372 bytes | Created Date = 6/13/2008 8:32:46 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Avira -> %AllUsersProfile%\Application Data\Avira -> [Folder | Created Date = 5/30/2008 7:42:32 AM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Created Date = 5/30/2008 5:24:38 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 6/14/2008 8:39:45 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 6/14/2008 9:21:38 PM | Attr = ] WildTangent -> %AllUsersProfile%\Application Data\WildTangent -> [Folder | Created Date = 6/15/2008 5:45:49 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 6/14/2008 8:39:58 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 6/14/2008 9:20:42 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 565 bytes | Created Date = 5/26/2008 10:17:31 PM | Attr = ] Play Bejeweled 2 Deluxe.lnk -> %AllUsersProfile%\Desktop\Play Bejeweled 2 Deluxe.lnk -> [Ver = | Size = 1801 bytes | Created Date = 6/15/2008 5:46:12 PM | Attr = ] Windows Live Messenger.lnk -> %AllUsersProfile%\Desktop\Windows Live Messenger.lnk -> [Ver = | Size = 1736 bytes | Created Date = 5/26/2008 10:06:45 PM | Attr = ] Disc Cleaners -> %UserProfile%\Desktop\Disc Cleaners -> [Folder | Created Date = 5/30/2008 4:43:58 AM | Attr = ] Games -> %UserProfile%\Desktop\Games -> [Folder | Created Date = 6/13/2008 9:05:58 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 6/18/2008 8:09:17 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 6/14/2008 8:39:14 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 5/30/2008 5:17:38 AM | Attr = ] CCleaner -> %ProgramFiles%\CCleaner -> [Folder | Created Date = 5/29/2008 10:09:34 PM | Attr = ] HP Games -> %ProgramFiles%\HP Games -> [Folder | Created Date = 6/15/2008 5:44:48 PM | Attr = ] IObit -> %ProgramFiles%\IObit -> [Folder | Created Date = 5/26/2008 6:59:00 AM | Attr = ] Lavasoft -> %ProgramFiles%\Lavasoft -> [Folder | Created Date = 5/30/2008 5:24:40 AM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 6/14/2008 8:39:41 PM | Attr = ] MSN Messenger -> %ProgramFiles%\MSN Messenger -> [Folder | Created Date = 5/26/2008 10:06:25 PM | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 6/15/2008 8:37:14 AM | Attr = ] RegCure -> %ProgramFiles%\RegCure -> [Folder | Created Date = 6/13/2008 8:32:10 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 6/14/2008 9:20:42 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 6/14/2008 8:29:36 PM | Attr = ] [Files/Folders - Modified Within 90 days] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 6/17/2008 8:53:00 AM | Attr = RHS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 6/16/2008 8:27:43 AM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/17/2008 8:26:36 AM | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 6/13/2008 9:02:01 PM | Attr = ] I Sen -> %SystemDrive%\I Sen -> [Folder | Modified Date = 6/13/2008 9:01:49 PM | Attr = ] Ling -> %SystemDrive%\Ling -> [Folder | Modified Date = 5/30/2008 4:55:41 AM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/15/2008 5:44:48 PM | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 6/17/2008 8:40:22 AM | Attr = HS] sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [Ver = | Size = 268 bytes | Modified Date = 5/26/2008 10:14:20 PM | Attr = H ] sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [Ver = | Size = 244 bytes | Modified Date = 5/26/2008 10:14:20 PM | Attr = H ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 6/16/2008 8:28:09 AM | Attr = HS] temp -> %SystemDrive%\temp -> [Folder | Modified Date = 6/13/2008 9:01:21 PM | Attr = ] Ting -> %SystemDrive%\Ting -> [Folder | Modified Date = 6/13/2008 9:00:48 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/18/2008 7:10:37 PM | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 5/7/2008 1:18:48 PM | Attr = ] Awrtpd.sys -> %SystemRoot%\System32\drivers\Awrtpd.sys -> Lavasoft AB [Ver = 1.0.0.134 | Size = 12960 bytes | Modified Date = 4/29/2008 11:19:50 AM | Attr = ] Awrtrd.sys -> %SystemRoot%\System32\drivers\Awrtrd.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 15648 bytes | Modified Date = 4/29/2008 11:19:54 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [Ver = | Size = 15864 bytes | Modified Date = 6/10/2008 7:02:40 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 6/10/2008 7:02:44 PM | Attr = ] NSDriver.sys -> %SystemRoot%\System32\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 15648 bytes | Modified Date = 4/29/2008 11:20:00 AM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/17/2008 8:08:26 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 6/14/2008 7:19:14 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 6/15/2008 8:44:52 AM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 5/26/2008 10:07:20 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 220040 bytes | Modified Date = 5/25/2008 7:41:45 AM | Attr = ] lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [Ver = | Size = 12632 bytes | Modified Date = 5/16/2008 11:58:04 AM | Attr = ] msjetoledb40.dll -> %SystemRoot%\System32\msjetoledb40.dll -> [Ver = | Size = 355112 bytes | Modified Date = 3/25/2008 12:50:40 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 5/7/2008 1:18:48 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 6/16/2008 8:28:09 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 6/18/2008 7:11:45 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/15/2008 5:06:55 PM | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 6/18/2008 7:08:40 PM | Attr = S] cfgcheck.ini -> %SystemRoot%\cfgcheck.ini -> [Ver = | Size = 134 bytes | Modified Date = 6/13/2008 8:47:24 PM | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 6/14/2008 6:47:02 AM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/17/2008 9:21:36 PM | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 6/16/2008 8:28:14 AM | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/23/2008 9:25:39 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/15/2008 5:07:14 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/14/2008 9:21:00 PM | Attr = HS] popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 16 bytes | Modified Date = 6/17/2008 9:47:20 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 6/18/2008 8:09:44 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 6/17/2008 8:21:31 AM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 6/15/2008 9:01:28 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 6/17/2008 8:53:00 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 6/14/2008 8:56:56 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/13/2008 9:57:01 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 6/17/2008 9:21:36 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 665 bytes | Modified Date = 6/17/2008 8:53:00 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 5/26/2008 10:06:36 PM | Attr = ] RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 438 bytes | Modified Date = 6/18/2008 7:09:59 PM | Attr = ] RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 372 bytes | Modified Date = 6/13/2008 9:57:01 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 6/18/2008 7:09:57 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 11/1/2004 8:26:58 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 7756 bytes | Modified Date = 6/18/2008 7:12:00 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 7756 bytes | Modified Date = 6/18/2008 7:12:00 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 6/29/2006 9:25:48 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 3804 bytes | Modified Date = 11/4/2004 10:49:10 AM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa11.dat -> [Ver = | Size = 11062 bytes | Modified Date = 6/29/2006 10:05:02 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 5/21/2007 1:52:14 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/30/2004 10:03:30 PM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\~zuvlzma.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\~zuvlzma.tmp\ -> [Folder | Modified Date = 6/16/2008 2:41:52 PM | Attr = H ] md5deep.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~zuvlzma.tmp\md5deep.exe -> [Ver = | Size = 21504 bytes | Modified Date = 7/30/2007 10:23:07 AM | Attr = ] sed.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~zuvlzma.tmp\sed.exe -> [Ver = | Size = 37376 bytes | Modified Date = 7/30/2007 10:23:07 AM | Attr = ] swreg.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\~zuvlzma.tmp\swreg.exe -> SteelWerX [Ver = 2.0.2.0 | Size = 119296 bytes | Modified Date = 7/30/2007 10:23:07 AM | Attr = ] C:\Documents and Settings\Owner\Local Settings\Temp\~zuvlzma.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\~zuvlzma.tmp\ -> [Folder | Modified Date = 6/16/2008 2:41:52 PM | Attr = H ] dss.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\~zuvlzma.tmp\dss.dll -> [Ver = | Size = 37888 bytes | Modified Date = 10/14/2007 2:42:28 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 5/30/2008 5:23:26 AM | Attr = ] Avira -> %AllUsersProfile%\Application Data\Avira -> [Folder | Modified Date = 6/14/2008 8:07:42 PM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 5/30/2008 5:28:07 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 6/14/2008 8:39:45 PM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 5/30/2008 5:08:47 AM | Attr = S] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 6/14/2008 9:21:38 PM | Attr = ] WildTangent -> %AllUsersProfile%\Application Data\WildTangent -> [Folder | Modified Date = 6/15/2008 5:51:18 PM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 5/30/2008 5:29:26 AM | Attr = ] Lavasoft -> %AppData%\Lavasoft -> [Folder | Modified Date = 5/30/2008 5:08:47 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 6/14/2008 8:39:58 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 5/26/2008 10:08:13 PM | Attr = S] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 6/14/2008 9:20:42 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 5/30/2008 5:29:33 AM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 58456 bytes | Modified Date = 6/16/2008 2:45:08 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 5680554 bytes | Modified Date = 6/17/2008 10:21:22 AM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 6/15/2008 9:08:36 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 6/16/2008 8:01:10 AM | Attr = R ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 565 bytes | Modified Date = 6/13/2008 9:29:41 PM | Attr = ] Play Bejeweled 2 Deluxe.lnk -> %AllUsersProfile%\Desktop\Play Bejeweled 2 Deluxe.lnk -> [Ver = | Size = 1801 bytes | Modified Date = 6/15/2008 5:46:12 PM | Attr = ] Windows Live Messenger.lnk -> %AllUsersProfile%\Desktop\Windows Live Messenger.lnk -> [Ver = | Size = 1736 bytes | Modified Date = 5/26/2008 10:06:46 PM | Attr = ] Disc Cleaners -> %UserProfile%\Desktop\Disc Cleaners -> [Folder | Modified Date = 6/17/2008 9:06:07 AM | Attr = ] Games -> %UserProfile%\Desktop\Games -> [Folder | Modified Date = 6/13/2008 9:06:17 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 6/18/2008 8:11:21 PM | Attr = ] Windows Explorer.lnk -> %UserProfile%\Desktop\Windows Explorer.lnk -> [Ver = | Size = 1475 bytes | Modified Date = 5/26/2008 6:57:14 AM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 5/30/2008 5:21:40 AM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 6/14/2008 8:39:14 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 5/26/2008 10:08:07 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 6/14/2008 9:19:09 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... IPC error: 2 The system cannot find the file specified. scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Reinstall\\xe6H\xf5w\17\xe6\1] "DisplayName"="\t" "DeviceDesc"="\t" "ProviderName"="" "MFG"="\xd54" "ReinstallString"="2002, 6.13.10.6143" "DeviceInstanceIds"=str(7):"" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion] "IQ\ah\xdf\x8d\x8f\x2013"=dword:00000001 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... IPC error: 2 The system cannot find the file specified. C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Owner\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 5 < End of report > [/code]