[code] OTScanIt logfile created on: 7/2/2008 11:56:15 PM OTScanIt by OldTimer - Version 1.0.15.18 Folder = C:\Documents and Settings\Michael\Desktop\OTScanIt Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 509.48 Mb Total Physical Memory | 195.60 Mb Available Physical Memory | 38.39% Memory free 1.22 Gb Paging File | 0.95 Gb Available in Paging File | 78.20% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 13.97 Gb Total Space | 0.99 Gb Free Space | 7.11% Space Free | Partition Type: NTFS Drive D: | 55.55 Gb Total Space | 7.10 Gb Free Space | 12.79% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: VALUED-4DA88152 Current User Name: Michael Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] aawservice.exe -> D:\Program Files D Drive\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 6/19/2008 12:15:02 AM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2/18/2008 11:16:30 AM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] shwserv.exe -> %ProgramFiles%\Sony\giga pocket\shwserv.exe -> Sony Corporation [Ver = 5, 5, 41, 05120 | Size = 77824 bytes | Modified Date = 7/3/2003 8:29:24 PM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4364 | Size = 65536 bytes | Modified Date = 5/2/2003 6:51:00 PM | Attr = ] qbcfmonitorservice.exe -> %CommonProgramFiles%\Intuit\QuickBooks\QBCFMonitorService.exe -> Intuit [Ver = 2.0.2804.16013 | Size = 20480 bytes | Modified Date = 9/5/2007 10:53:48 AM | Attr = ] hkserv.exe -> %ProgramFiles%\Sony\HotKey Utility\HKServ.exe -> Sony Corporation [Ver = 3.3.0.6260 | Size = 90112 bytes | Modified Date = 6/26/2003 7:00:00 PM | Attr = ] ezsp_px.exe -> %SystemRoot%\system32\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 1:29:26 PM | Attr = ] wdbtnmgr.exe -> %SystemRoot%\system32\WDBtnMgr.exe -> Western Digital Technologies, Inc. [Ver = 2, 0, 4, 0 | Size = 339968 bytes | Modified Date = 9/24/2006 2:31:51 PM | Attr = ] bjmyprt.exe -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE -> CANON INC. [Ver = 1, 3, 0, 0 | Size = 1191936 bytes | Modified Date = 3/21/2006 9:30:00 PM | Attr = ] hkwnd.exe -> %ProgramFiles%\Sony\HotKey Utility\HKWnd.exe -> Sony Corporation [Ver = 3.3.0.6260 | Size = 299008 bytes | Modified Date = 6/26/2003 7:00:00 PM | Attr = ] opwarese4.exe -> %ProgramFiles%\ScanSoft\OmniPageSE4.0\OpWareSE4.exe -> ScanSoft, Inc. [Ver = 15.0 | Size = 69632 bytes | Modified Date = 3/21/2006 2:19:40 PM | Attr = ] ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 6/2/2008 11:13:26 AM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr = ] bagent.exe -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 16.1.5.7 | Size = 87592 bytes | Modified Date = 5/7/2007 2:17:44 PM | Attr = ] osa.exe -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 51984 bytes | Modified Date = 9/12/1997 | Attr = ] rm_sv.exe -> %ProgramFiles%\Sony\giga pocket\RM_SV.exe -> Sony Corporation [Ver = 5, 5, 0, 05280 | Size = 90112 bytes | Modified Date = 7/3/2003 8:28:32 PM | Attr = ] pcfmgr.exe -> %ProgramFiles%\PowerPanel\Program\PcfMgr.exe -> Phoenix Technologies Ltd. [Ver = 5.3.1.1 | Size = 872448 bytes | Modified Date = 6/23/2003 1:11:46 PM | Attr = ] usbsircs.exe -> %ProgramFiles%\Sony\USBSircs\USBsircs.exe -> Sony Corporation [Ver = 5, 5, 00, 03191 | Size = 163840 bytes | Modified Date = 3/19/2003 9:55:32 PM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 6/2/2008 11:13:16 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.18 | Size = 397312 bytes | Modified Date = 6/27/2008 3:53:14 PM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9 | Size = 307712 bytes | Modified Date = 5/29/2008 4:08:56 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> D:\Program Files D Drive\aawservice.exe -> Lavasoft [Ver = 7,1,0,12 | Size = 611664 bytes | Modified Date = 6/19/2008 12:15:02 AM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2/18/2008 11:16:30 AM | Attr = ] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 224768 bytes | Modified Date = 4/13/2008 8:12:17 PM | Attr = ] (Giga Pocket Hardware Detector) Giga Pocket Hardware Detector [Win32_Own | Auto | Running] -> %ProgramFiles%\Sony\giga pocket\shwserv.exe -> Sony Corporation [Ver = 5, 5, 41, 05120 | Size = 77824 bytes | Modified Date = 7/3/2003 8:29:24 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.2.9 | Size = 504104 bytes | Modified Date = 6/2/2008 11:13:16 AM | Attr = ] (NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4364 | Size = 65536 bytes | Modified Date = 5/2/2003 6:51:00 PM | Attr = ] (QBCFMonitorService) QBCFMonitorService [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Intuit\QuickBooks\QBCFMonitorService.exe -> Intuit [Ver = 2.0.2804.16013 | Size = 20480 bytes | Modified Date = 9/5/2007 10:53:48 AM | Attr = ] (QBFCService) Intuit QuickBooks FCS [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -> Intuit Inc. [Ver = 1.2.0.5 | Size = 61440 bytes | Modified Date = 5/24/2007 8:08:44 AM | Attr = ] (SNDSrvc) Symantec Network Drivers Service [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> Symantec Corporation [Ver = 6.0.4.402 | Size = 214720 bytes | Modified Date = 8/7/2006 4:03:02 PM | Attr = ] (Sony TV Tuner Controller) Sony TV Tuner Controller [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\giga pocket\halsv.exe -> Sony Corporation [Ver = 5.5.03.05270 | Size = 118784 bytes | Modified Date = 6/11/2003 2:35:42 PM | Attr = ] (Sony TV Tuner Manager) Sony TV Tuner Manager [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Sony\giga pocket\RM_SV.exe -> Sony Corporation [Ver = 5, 5, 0, 05280 | Size = 90112 bytes | Modified Date = 7/3/2003 8:28:32 PM | Attr = ] (SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 3.2.00.12242 | Size = 65536 bytes | Modified Date = 12/24/2002 2:01:22 PM | Attr = ] (VAIOMediaPlatform-MusicServer-AppServer) VAIO Media Music Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Music\SSSvr.exe -> Sony Corporation [Ver = 2.6.00.07010 | Size = 495705 bytes | Modified Date = 7/1/2003 9:53:48 PM | Attr = ] (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP) [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> Sony Corporation [Ver = 2.6.00.06090 | Size = 57344 bytes | Modified Date = 6/23/2003 11:16:38 PM | Attr = ] (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> Sony Corporation [Ver = 4.0.00.06240 | Size = 720896 bytes | Modified Date = 6/24/2003 5:49:54 PM | Attr = ] (VAIOMediaPlatform-PhotoServer-AppServer) VAIO Media Photo Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe -> Sony Corporation [Ver = 2, 6, 0,06300 | Size = 925696 bytes | Modified Date = 6/30/2003 8:35:22 PM | Attr = ] (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP) [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> Sony Corporation [Ver = 2.6.00.06090 | Size = 57344 bytes | Modified Date = 6/23/2003 11:16:38 PM | Attr = ] (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> Sony Corporation [Ver = 4.0.00.06240 | Size = 720896 bytes | Modified Date = 6/24/2003 5:49:54 PM | Attr = ] (VAIOMediaPlatform-VideoServer-AppServer) VAIO Media Video Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -> Sony Corporation [Ver = 2, 6, 00,06300 | Size = 1196032 bytes | Modified Date = 6/30/2003 8:38:40 PM | Attr = ] (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP) [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -> Sony Corporation [Ver = 2.6.00.06090 | Size = 57344 bytes | Modified Date = 6/23/2003 11:16:38 PM | Attr = ] (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP) [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -> Sony Corporation [Ver = 4.0.00.06240 | Size = 720896 bytes | Modified Date = 6/24/2003 5:49:54 PM | Attr = ] (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 75304 bytes | Modified Date = 3/14/2008 12:11:08 AM | Attr = ] [Driver Services - Non-Microsoft Only] (AnyDVD) AnyDVD [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\AnyDVD.sys -> SlySoft, Inc. [Ver = 3.0.0.6 | Size = 21504 bytes | Modified Date = 11/21/2003 10:14:56 AM | Attr = ] (ApfiltrService) Alps Pointing-device Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Apfiltr.sys -> Alps Electric Co., Ltd. [Ver = 5.3.1.220 | Size = 93700 bytes | Modified Date = 6/11/2003 12:35:58 AM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 799744 bytes | Modified Date = 4/13/2008 2:44:48 PM | Attr = ] (DMICall) Sony DMI Call service [Kernel | System | Running] -> %SystemRoot%\system32\drivers\DMICall.sys -> Sony Corporation [Ver = 1.0.01.12050 | Size = 3952 bytes | Modified Date = 12/5/2000 7:18:02 PM | Attr = R ] (dmio) dmio [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.5512.503.0 | Size = 153344 bytes | Modified Date = 4/13/2008 2:44:46 PM | Attr = ] (dmload) dmload [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> Symantec Corporation [Ver = 106.3.3.2 | Size = 387384 bytes | Modified Date = 11/30/2006 5:00:00 AM | Attr = ] (ElbyCDIO) ElbyCDIO Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 4, 3, 1, 0 | Size = 9728 bytes | Modified Date = 6/8/2004 3:57:57 PM | Attr = ] (ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ElbyDelay.sys -> Elaborate Bytes AG [Ver = 5, 0, 0, 1 | Size = 3968 bytes | Modified Date = 6/8/2004 3:57:57 PM | Attr = ] (GEARAspiWDM) GEAR CDRom Filter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.00.07.03 | Size = 16168 bytes | Modified Date = 1/29/2008 12:01:28 PM | Attr = ] (HSFHWSIS) HSFHWSIS [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWSIS.sys -> Conexant Systems, Inc. [Ver = 6.01.18 | Size = 156288 bytes | Modified Date = 3/13/2003 5:19:00 PM | Attr = ] (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> Conexant Systems, Inc. [Ver = 6.01.18 | Size = 1106944 bytes | Modified Date = 3/13/2003 5:15:00 PM | Attr = ] (KLIF) KLIF [Kernel | On_Demand | Stop_Pending] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.295 | Size = 186128 bytes | Modified Date = 7/19/2007 4:10:32 PM | Attr = ] (LEX_AS_NIC_SERVICE_YNOS) LAN-Express AS IEEE 802.11g Wireless Network Adapter Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ExpasAG.sys -> Atheros Communications, Inc. [Ver = 2.4.1.21 | Size = 323200 bytes | Modified Date = 7/1/2003 11:17:16 PM | Attr = ] (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> Conexant [Ver = 1.0.1.012 | Size = 11044 bytes | Modified Date = 12/11/2002 2:22:00 PM | Attr = ] (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.01.4364 | Size = 1247390 bytes | Modified Date = 5/2/2003 6:51:00 PM | Attr = ] (Pcouffin) Low level access layer for CD devices [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\Drivers\Pcouffin.sys -> File not found (pelmouse) Mouse Suite Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PELMOUSE.SYS -> Primax Electronics Ltd. [Ver = 1.4.0.0 | Size = 17251 bytes | Modified Date = 6/28/2002 9:21:40 PM | Attr = ] (pelusblf) USB Mouse Low Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PELUSBlf.SYS -> Primax Electronics Ltd. [Ver = 1.4.1.7 | Size = 7520 bytes | Modified Date = 7/24/2001 1:34:34 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 8/15/2007 6:33:10 PM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 12:53:48 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 4:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] (SbcpHid) SbcpHid [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\SbcpHid.sys -> [Ver = 5,00,21,0 | Size = 38176 bytes | Modified Date = 1/19/2001 10:51:11 AM | Attr = ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 4/13/2008 12:39:15 PM | Attr = ] (SISAGP) SiS AGP Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\SISAGPX.SYS -> Silicon Integrated Systems Corporation [Ver = 7.2.0.1140 built by: WinDDK | Size = 30848 bytes | Modified Date = 12/24/2002 7:09:48 PM | Attr = ] (SISNIC) SiS PCI Fast Ethernet Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sisnic.sys -> SiS Corporation [Ver = 1.16.00.00 built by: WinDDK | Size = 32256 bytes | Modified Date = 7/11/2002 3:39:34 AM | Attr = ] (smrt) Sony MPEG RealTime encoder board [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smrt.sys -> Sony Corporation [Ver = 1.1.03.08150 | Size = 764288 bytes | Modified Date = 8/15/2003 1:55:50 PM | Attr = ] (SNC) Sony Notebook Control Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SonyNC.sys -> Sony Corporation [Ver = 6.0.1.08290 | Size = 48896 bytes | Modified Date = 11/9/2000 11:15:08 PM | Attr = ] (SPI) Sony Programmable I/O Control Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SonyPI.sys -> Sony Corporation [Ver = 7, 0, 3, 820 | Size = 71961 bytes | Modified Date = 8/20/2002 3:59:32 PM | Attr = ] (STAC97) Audio Driver (WDM) - SigmaTel CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\STAC97.sys -> SigmaTel, Inc. [Ver = 5.10.3782 | Size = 219024 bytes | Modified Date = 3/22/2003 1:30:58 PM | Attr = ] (SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.0.3.1 | Size = 107696 bytes | Modified Date = 5/16/2006 2:34:37 PM | Attr = ] (TSP) TSP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\klif.sys -> Kaspersky Lab [Ver = 6.12.10.295 | Size = 186128 bytes | Modified Date = 7/19/2007 4:10:32 PM | Attr = ] (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Modified Date = 2/18/2008 11:16:24 AM | Attr = ] (vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 394952 bytes | Modified Date = 3/14/2008 12:11:18 AM | Attr = ] (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> Conexant Systems, Inc. [Ver = 6.01.18 built by: WinDDK | Size = 622592 bytes | Modified Date = 3/13/2003 5:17:00 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> CanonMyPrinter -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE [C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon] -> CANON INC. [Ver = 1, 3, 0, 0 | Size = 1191936 bytes | Modified Date = 3/21/2006 9:30:00 PM | Attr = ] ezShieldProtector for Px -> %SystemRoot%\system32\ezSP_Px.exe [C:\WINDOWS\System32\ezSP_Px.exe] -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 1:29:26 PM | Attr = ] HKSERV.EXE -> %ProgramFiles%\Sony\HotKey Utility\HKServ.exe [C:\Program Files\Sony\HotKey Utility\HKserv.exe] -> Sony Corporation [Ver = 3.3.0.6260 | Size = 90112 bytes | Modified Date = 6/26/2003 7:00:00 PM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.2.9 | Size = 267048 bytes | Modified Date = 6/2/2008 11:13:26 AM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.01.4364 | Size = 4612096 bytes | Modified Date = 5/2/2003 6:51:00 PM | Attr = ] OpwareSE4 -> %ProgramFiles%\ScanSoft\OmniPageSE4.0\OpWareSE4.exe ["C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"] -> ScanSoft, Inc. [Ver = 15.0 | Size = 69632 bytes | Modified Date = 3/21/2006 2:19:40 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr = ] SSBkgdUpdate -> %CommonProgramFiles%\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe ["C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot] -> Scansoft, Inc. [Ver = 1, 0, 0, 6 | Size = 155648 bytes | Modified Date = 9/30/2003 1:14:58 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 3/25/2008 4:28:02 AM | Attr = ] VAIO Recovery -> %SystemRoot%\SONYSYS\VAIO Recovery\PartSeal.exe [C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe] -> Sony Electronics Inc [Ver = 1.0.2 | Size = 28672 bytes | Modified Date = 4/20/2003 1:08:42 AM | Attr = ] WD Button Manager -> %SystemRoot%\system32\WDBtnMgr.exe [WDBtnMgr.exe] -> Western Digital Technologies, Inc. [Ver = 2, 0, 4, 0 | Size = 339968 bytes | Modified Date = 9/24/2006 2:31:51 PM | Attr = ] ZoneAlarm Client -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> Zone Labs, LLC [Ver = 7.0.470.000 | Size = 919016 bytes | Modified Date = 3/14/2008 12:11:10 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> QuickenScheduledUpdates -> %ProgramFiles%\Quicken\bagent.exe [C:\Program Files\Quicken\bagent.exe] -> Intuit Inc. [Ver = 16.1.5.7 | Size = 87592 bytes | Modified Date = 5/7/2007 2:17:44 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 3, 6, 0, 1000 | Size = 1310720 bytes | Modified Date = 2/27/2007 11:39:26 AM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Find Fast.lnk -> %ProgramFiles%\Microsoft Office\Office\FINDFAST.EXE -> [Ver = | Size = 111376 bytes | Modified Date = 9/12/1997 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Office Startup.lnk -> %ProgramFiles%\Microsoft Office\Office\OSA.EXE -> [Ver = | Size = 51984 bytes | Modified Date = 9/12/1997 | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\PowerPanel.lnk -> %ProgramFiles%\PowerPanel\Program\PcfMgr.exe -> Phoenix Technologies Ltd. [Ver = 5.3.1.1 | Size = 872448 bytes | Modified Date = 6/23/2003 1:11:46 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk -> %CommonProgramFiles%\Intuit\QuickBooks\QBUpdate\qbupdate.exe -> Intuit Inc. [Ver = 18.0 R1 | Size = 972064 bytes | Modified Date = 9/11/2007 9:38:44 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Remocon Driver.lnk -> %ProgramFiles%\Sony\USBSircs\USBsircs.exe -> Sony Corporation [Ver = 5, 5, 00, 03191 | Size = 163840 bytes | Modified Date = 3/19/2003 9:55:32 PM | Attr = ] < Michael Startup Folder > -> C:\Documents and Settings\Michael\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> ckpNotify -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 2:40:46 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_DVD_RW_DW-U50A_____________________1.5d____\4145424438313946_0_0_0_0_0_0_0_0_0_0_0_0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.msn.com/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4593 domain(s) found. -> 41 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4585 domain(s) found. -> 40 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> D:\Program Files D Drive\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2005, 11, 4, 1 | Size = 399352 bytes | Modified Date = 6/7/2006 11:09:22 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 3/25/2008 4:28:01 AM | Attr = ] {7F9DB11C-E358-4ca6-A83D-ACC663939424}:BandCLSID -> %ProgramFiles%\Bonjour\ExplorerPlugin.dll [Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 516096 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> D:\Program Files D Drive\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> D:\Program Files D Drive\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download with &DAP -> Reg Error: Value does not exist or could not be read. -> File not found Download &all with DAP -> Reg Error: Value does not exist or could not be read. -> File not found Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr = ] Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr = ] Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr = ] Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 3, 0 | Size = 552960 bytes | Modified Date = 4/18/2006 8:05:46 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {17B862B6-8450-4D45-8B32-78FC1B919154} -> 209.137.160.7,209.137.171.10 (SiS 900-Based PCI Fast Ethernet Adapter) -> {6ADE8416-86AB-406A-B7FC-F18D5F6D289D} -> (1394 Net Adapter) -> {8FBFBC00-AD0A-4964-B146-228F1D50AC2F} -> (LAN-Express AS IEEE 802.11g miniPCI Adapter) -> {AC05DEDB-A2E0-463D-A9EA-67D2226B877C} -> () -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> intu-help-qb1:{9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} [HKEY_LOCAL_MACHINE] -> D:\Program Files D Drive\Quickbooks PRO2008\HelpAsyncPluggableProtocol.dll[Intuit Help System Async Pluggable Protocol (v1) for QuickBooks] -> TODO: [Ver = 1.0.0.1 | Size = 70944 bytes | Modified Date = 9/11/2007 9:38:02 AM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> {640B39C1-D713-464F-92C3-75BD972B95EE}[HKEY_LOCAL_MACHINE] -> http://www.sidestep.com/get/k42037/sb02a.cab[Reg Error: Key does not exist or could not be opened.] -> {67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://go.divx.com/plugin/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1213760249984[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1214864743571&h=42d73f1f0df1ef585071d481b75a0c05/&filename=jinstall-6u6-windows-i586-jc.cab[Java Plug-in 1.6.0_06] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> ChatSpace Java Client 4.0.0.325[HKEY_LOCAL_MACHINE] -> http://chat.scout.com/ChatSpace/Java/cms40325.cab[Reg Error: Key does not exist or could not be opened.] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ax.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ax.ocx\\.Owner -> {64696FB5-BA15-4920-B789-F35D3FC0A36A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ax.ocx\\{64696FB5-BA15-4920-B789-F35D3FC0A36A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\\.Owner -> {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ieatgpc.dll\\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> -> [Registry - Additional Scans - Non-Microsoft Only] < ActiveX StubPath [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {0291E591-EA41-4c82-8106-3DC6CE7F7664} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [HKLM: YInstStarterUpgrade Class; IsInstalled: 1] -> File not found {03F998B2-0E00-11D3-A498-00104B6EB52E} [HKEY_LOCAL_MACHINE] -> [(default): Viewpoint Media Player; IsInstalled: 01 00 00 00 [binary data]] -> {04d6265d-6b5d-41c3-9e7c-48be15919643} [HKEY_LOCAL_MACHINE] -> [(default): KB890923; IsInstalled: 1] -> {08B0E5C0-4FCB-11CF-AAA5-00401C608500} [HKEY_LOCAL_MACHINE] -> [(default): Microsoft VM; IsInstalled: 01 00 00 00 [binary data]] -> {08B0E5C0-4FCB-11CF-AAA5-00401C608555} [HKEY_LOCAL_MACHINE] -> [(default): Internet Explorer Classes for Java; IsInstalled: 1] -> {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} [HKEY_LOCAL_MACHINE] -> [(default): Security Update for Microsoft .NET Framework 2.0 (KB922770); IsInstalled: 1] -> {10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKEY_LOCAL_MACHINE] -> [(default): Vector Graphics Rendering (VML); IsInstalled: 01 00 00 00 [binary data]] -> {166B1BCA-3F9C-11CF-8075-444553540000} [HKEY_LOCAL_MACHINE] -> [(default): Macromedia Shockwave Director 8.5.1; IsInstalled: 1,01,00,00,00] -> {1B00725B-C455-4DE6-BFB6-AD540AD427CD} [HKEY_LOCAL_MACHINE] -> [(default): Viewpoint Media Player; IsInstalled: 01 00 00 00 [binary data]] -> {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [StubPath] -> [ComponentID: NetShow; IsInstalled: 1] -> {22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> [(default): Microsoft Windows Media Player 6.4; IsInstalled: 1] -> {2337076a-dd0c-43a6-8d85-54070578a42f} [HKEY_LOCAL_MACHINE] -> [(default): KB912812; IsInstalled: 1] -> {233C1507-6A77-46A4-9443-F871F945D258} [HKEY_LOCAL_MACHINE] -> [(default): Adobe Shockwave Director 10.1.3; IsInstalled: 01 00 00 00 [binary data]] -> {283807B5-2C60-11D0-A31D-00AA00B92C03} [HKEY_LOCAL_MACHINE] -> [(default): DirectAnimation; IsInstalled: 1] -> {2A202491-F00D-11cf-87CC-0020AFEECF20} [HKEY_LOCAL_MACHINE] -> [(default): Adobe Shockwave Director 10.1.3; IsInstalled: 01 00 00 00 [binary data]] -> {2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled: 1] -> {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [HKLM: YInstStarter Class; IsInstalled: 1] -> File not found {310BD666-1EA3-4453-AF49-7C65D107030A} [HKEY_LOCAL_MACHINE] -> [(default): Plus Pack Base Component; IsInstalled: 1] -> {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [HKLM: YSearchSetting2 Class; IsInstalled: 1] -> File not found {36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKEY_LOCAL_MACHINE] -> [(default): Dynamic HTML Data Binding for Java; IsInstalled: 1] -> {3af36230-a269-11d1-b5bf-0000f8051515} [HKEY_LOCAL_MACHINE] -> [(default): Offline Browsing Pack; IsInstalled: 1] -> {3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKEY_LOCAL_MACHINE] -> [(default): Uniscribe; IsInstalled: 1] -> {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} [HKEY_LOCAL_MACHINE] -> [(default): KB834707; IsInstalled: 1] -> {4278c270-a269-11d1-b5bf-0000f8051515} [HKEY_LOCAL_MACHINE] -> [(default): Advanced Authoring; IsInstalled: 1] -> {44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [(default): Microsoft Outlook Express 6; IsInstalled: 1] -> {44BBA842-CC51-11CF-AAFA-00AA00B6015B} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default): NetMeeting 3.01; IsInstalled: 01 00 00 00 [binary data]] -> {44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKEY_LOCAL_MACHINE] -> [(default): DirectShow; IsInstalled: 1] -> {44BBA855-CC51-11CF-AAFA-00AA00B6015C} [HKEY_LOCAL_MACHINE] -> [(default): Microsoft DirectX] -> {44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKEY_LOCAL_MACHINE] -> [(default): DirectDrawEx; IsInstalled: 1] -> {45ea75a0-a269-11d1-b5bf-0000f8051515} [HKEY_LOCAL_MACHINE] -> [(default): Internet Explorer Help; IsInstalled: 1] -> {4d64f3ba-f112-4efe-a02e-96680859937c} [HKEY_LOCAL_MACHINE] -> [(default): KB918899; IsInstalled: 1] -> {4EC8E993-32C1-47F5-A07A-5B0574655AD4} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [HKLM: WXcom Class; IsInstalled: 1] -> File not found {4f216970-c90c-11d1-b5c7-0000f8051515} [HKEY_LOCAL_MACHINE] -> [(default): DirectAnimation Java Classes; IsInstalled: 1] -> {4f645220-306d-11d2-995d-00c04f98bbc9} [HKEY_LOCAL_MACHINE] -> [(default): Microsoft Windows Script 5.7; IsInstalled: 1] -> {5945c046-1e7d-11d1-bc44-00c04fd912be} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [(default): Windows Messenger 4.7; IsInstalled: 1] -> {5A8D6EE0-3E18-11D0-821E-444553540000} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [ComponentID: ICW; IsInstalled: 1] -> File not found {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} [HKEY_LOCAL_MACHINE] -> [(default): KB918439; IsInstalled: 1] -> {5c9ff2bf-938d-47fe-85d9-9dbab4f65018} [HKEY_LOCAL_MACHINE] -> [(default): KB897715; IsInstalled: 1] -> {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} [HKEY_LOCAL_MACHINE] -> [(default): Microsoft Data Access Components KB870669; IsInstalled: 1] -> {5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKEY_LOCAL_MACHINE] -> [(default): Internet Explorer Setup Tools; IsInstalled: 1] -> {630b1da0-b465-11d1-9948-00c04f98bbc9} [HKEY_LOCAL_MACHINE] -> [(default): Browsing Enhancements; IsInstalled: 1] -> {6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [(default): Microsoft Windows Media Player; IsInstalled: 1] -> {6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKEY_LOCAL_MACHINE] -> [(default): MSN Site Access; IsInstalled: 1] -> {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} [HKEY_LOCAL_MACHINE] -> [(default): .NET Framework] -> {7790769C-0471-11d2-AF11-00C04FA35D02} [StubPath] -> "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [(default): Address Book 6; IsInstalled: 1] -> {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} [HKEY_LOCAL_MACHINE] -> [(default): Security Update for Microsoft .NET Framework 2.0 (KB928365); IsInstalled: 1] -> {839117ee-2132-4bae-a56a-42b50204c9b9} [HKEY_LOCAL_MACHINE] -> [(default): KB889293; IsInstalled: 1] -> {89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n /i:U shell32.dll [(default): Windows Desktop Update; IsInstalled: 1] -> {89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [(default): Internet Explorer; IsInstalled: 1] -> {89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] -> C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS; IsInstalled: 1] -> {9381D8F2-0288-11D0-9501-00AA00B911A5} [HKEY_LOCAL_MACHINE] -> [(default): Dynamic HTML Data Binding; IsInstalled: 1] -> {967B098A-042D-4367-BAC9-8BC11684174F} [HKEY_LOCAL_MACHINE] -> [(default): Security Update for Microsoft .NET Framework 2.0 (KB917283); IsInstalled: 1] -> {ae594d5e-dd07-4e54-8252-daa5aebbd4ec} [HKEY_LOCAL_MACHINE] -> [(default): KB905915; IsInstalled: 1] -> {B12BF068-316D-41C1-08B3-25BCC1804808} [HKEY_LOCAL_MACHINE] -> [(default): Internet Explorer Classes for Java; IsInstalled: 1] -> {C9E9A340-D1F1-11D0-821E-444553540600} [HKEY_LOCAL_MACHINE] -> [(default): Internet Explorer Core Fonts; IsInstalled: 1] -> {CC2A9BA0-3BDD-11D0-821E-444553540000} [HKEY_LOCAL_MACHINE] -> [(default): Task Scheduler; IsInstalled: 1] -> {CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [ComponentID: Windows Movie Maker v2.1; IsInstalled: 01 00 00 00 [binary data]] -> File not found {D27CDB6E-AE6D-11cf-96B8-444553540000} [HKEY_LOCAL_MACHINE] -> [(default): Adobe Flash Player; IsInstalled: 01 00 00 00 [binary data]] -> {dd772a76-bef3-44d7-8b39-502c8504c1f1} [HKEY_LOCAL_MACHINE] -> [(default): KB925486; IsInstalled: 1] -> {de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKEY_LOCAL_MACHINE] -> [(default): HTML Help; IsInstalled: 1] -> {E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKEY_LOCAL_MACHINE] -> [(default): Active Directory Service Interface; IsInstalled: 01 00 00 00 [binary data]] -> {f15ee071-deb7-4cbb-951f-431c98338d8e} [HKEY_LOCAL_MACHINE] -> [(default): KB911567; IsInstalled: 1] -> {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} [HKEY_LOCAL_MACHINE] -> [(default): Q823353; IsInstalled: 1] -> {f54910c7-a2f3-4ca4-81b2-4a43a5e2680a} [HKEY_LOCAL_MACHINE] -> [(default): KB916281; IsInstalled: 1] -> <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [StubPath] -> C:\WINDOWS\system32\ieudinit.exe [(default): IE7 Uninstall Stub; IsInstalled: 1] -> >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> C:\WINDOWS\inf\unregmp2.exe /HideWMP [(default): Windows Media Player; IsInstalled: 1] -> >{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] -> C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [(default): Internet Explorer; IsInstalled: 1] -> >{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Browser Customizations; IsInstalled: 1] -> >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [StubPath] -> %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default): Outlook Express; IsInstalled: 0] -> < ActiveX StubPath [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Active Setup\Installed Components\ -> {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [HKEY_LOCAL_MACHINE] -> [HKLM: Microsoft NetShow Player] -> {22d6f312-b0f6-11d0-94ab-0080c74c7e95} [HKEY_LOCAL_MACHINE] -> [HKLM: Windows Media Player] -> {2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {4b218e3e-bc98-4770-93d3-2731b9329278} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found {5945c046-1e7d-11d1-bc44-00c04fd912be} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {6BF52A52-394A-11d3-B153-00C04F79FAA6} [HKEY_LOCAL_MACHINE] -> [HKLM: Windows Media Player] -> {7790769C-0471-11d2-AF11-00C04FA35D02} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {89820200-ECBD-11cf-8B85-00AA005B4340} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {89820200-ECBD-11cf-8B85-00AA005B4383} [HKEY_LOCAL_MACHINE] -> [(no name)] -> {89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKEY_LOCAL_MACHINE] -> Reg Error: Value does not exist or could not be read. [(no name)] -> File not found <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [HKEY_LOCAL_MACHINE] -> [(no name)] -> >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [HKEY_LOCAL_MACHINE] -> [(no name)] -> >{26923b43-4d38-484f-9b9e-de460746276c} [HKEY_LOCAL_MACHINE] -> [(no name)] -> InitiallyClear [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [(no name)] -> File not found < App Paths [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ -> AcroRd32.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AcroRd32.exe [C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe] -> Adobe Systems Incorporated [Ver = 7.0.8.2006051600 | Size = 71288 bytes | Modified Date = 5/16/2006 11:15:10 PM | Attr = ] AnyDVD.exe -> %ProgramFiles%\SlySoft\AnyDVD\AnyDVD.exe [C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe] -> SlySoft, Inc. [Ver = 3.0.0.6 | Size = 177152 bytes | Modified Date = 11/21/2003 10:10:47 AM | Attr = ] BackItUp.EXE -> %ProgramFiles%\Ahead\Nero BackItUp\BackItUp.exe [C:\Program Files\Ahead\Nero BackItUp\BackItUp.exe] -> Ahead Software AG [Ver = 1, 2, 0, 5 | Size = 4272196 bytes | Modified Date = 3/2/2004 6:22:00 PM | Attr = ] BitComet.exe -> %ProgramFiles%\BitComet\BitComet.exe [C:\Program Files\BitComet\BitComet.exe] -> www.BitComet.com [Ver = 0.70 | Size = 3394048 bytes | Modified Date = 6/23/2006 1:00:33 PM | Attr = ] BJEZPLUS.EXE -> %ProgramFiles%\Canon\Easy-PhotoPrint\BJEZPLUS.EXE [C:\Program Files\Canon\Easy-PhotoPrint\BJEZPLUS.EXE] -> CANON INC. [Ver = 3, 5, 2, 0 | Size = 868352 bytes | Modified Date = 6/5/2006 11:52:00 PM | Attr = ] BJEZPRN.EXE -> %ProgramFiles%\Canon\Easy-PhotoPrint\BJEZPRN.EXE [C:\Program Files\Canon\Easy-PhotoPrint\BJEZPRN.EXE] -> CANON INC. [Ver = 3, 5, 2, 0 | Size = 581632 bytes | Modified Date = 6/5/2006 11:52:00 PM | Attr = ] BJMYPRT.EXE -> %ProgramFiles%\Canon\MyPrinter\BJMYPRT.EXE [C:\Program Files\Canon\MyPrinter\BJMyPrt.exe] -> CANON INC. [Ver = 1, 3, 0, 0 | Size = 1191936 bytes | Modified Date = 3/21/2006 9:30:00 PM | Attr = ] Chessmaster.exe -> d:\Program Files D Drive\ChessMaster9000\Chessmaster.exe [d:\program files d drive\ChessMaster9000\Chessmaster.exe] -> Ubi Soft Entertainment [Ver = v1.0.0 | Size = 2985984 bytes | Modified Date = 7/29/2002 2:00:02 AM | Attr = ] CloneDVD2.exe -> %ProgramFiles%\Elaborate Bytes\CloneDVD2\CloneDVD2.exe [C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2.exe] -> Elaborate Bytes AG [Ver = 2, 0, 9, 4 | Size = 1873920 bytes | Modified Date = 6/8/2004 4:09:26 PM | Attr = ] cmmgr32.exe -> %SystemRoot%\System32\cmmgr32.exe [C:\WINDOWS\System32\cmmgr32.exe] -> File not found combofix.exe -> %UserProfile%\Desktop\ComboFix.exe [C:\Documents and Settings\Michael\Desktop\ComboFix.exe] -> File not found ctodvd-e.exe -> %ProgramFiles%\Sony\click to dvd\ctodvd-e.exe [C:\Program Files\sony\click to dvd\ctodvd-e.exe] -> Sony Corporation [Ver = 1.3.00.06300 | Size = 2052096 bytes | Modified Date = 6/30/2003 3:29:30 PM | Attr = ] DragDrop.exe -> %ProgramFiles%\drag'n drop cd+dvd\BinFiles\DragDrop.exe [C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe] -> [Ver = 3, 0, 0, 0 | Size = 1171456 bytes | Modified Date = 6/23/2003 3:33:00 PM | Attr = ] Easy-WebPrint -> [C:\Program Files\Canon\Easy-WebPrint\Easy-WebPrint] -> File not found eMusic.exe -> %ProgramFiles%\eMusic Download Manager\EMusic.exe [C:\Program Files\eMusic Download Manager\eMusic.exe] -> eMusic, Inc. [Ver = 3, 0, 0, 13 | Size = 983154 bytes | Modified Date = 10/19/2006 3:13:32 PM | Attr = ] firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe] -> Mozilla Corporation [Ver = 1.9 | Size = 307712 bytes | Modified Date = 5/29/2008 4:08:56 PM | Attr = ] GS4.exe -> D:\Program Files D Drive\ubi.com\GS4.exe [D:\Program Files D Drive\ubi.com\GS4.exe] -> File not found gvr.exe -> %ProgramFiles%\Sony\giga pocket\gvr.exe [C:\Program Files\sony\giga pocket\gvr.exe] -> Sony Corporation [Ver = 5.5.03.08050 | Size = 442368 bytes | Modified Date = 8/5/2003 9:07:10 PM | Attr = ] halsv.exe -> %ProgramFiles%\Sony\giga pocket\halsv.exe [C:\Program Files\sony\giga pocket\halsv.exe] -> Sony Corporation [Ver = 5.5.03.05270 | Size = 118784 bytes | Modified Date = 6/11/2003 2:35:42 PM | Attr = ] HijackThis.exe -> D:\Program Files D Drive\HijackThis.exe [D:\PROGRA~1\hijackthis.exe] -> Trend Micro Inc. [Ver = 2.00.0002 | Size = 396288 bytes | Modified Date = 6/23/2008 11:15:11 PM | Attr = ] HKServ.exe -> %ProgramFiles%\Sony\HotKey Utility\HKServ.exe [C:\Program Files\Sony\HotKey Utility\HKServ.exe] -> Sony Corporation [Ver = 3.3.0.6260 | Size = 90112 bytes | Modified Date = 6/26/2003 7:00:00 PM | Attr = ] ImageDrive.exe -> %ProgramFiles%\Ahead\ImageDrive\ImageDrive.exe [C:\Program Files\Ahead\ImageDrive\ImageDrive.exe] -> Ahead Software AG [Ver = 2, 27, 0, 0 | Size = 774223 bytes | Modified Date = 3/3/2004 9:49:32 PM | Attr = ] install.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found InstallHelper.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 6/2/2008 11:13:18 AM | Attr = ] IZArc -> D:\Program Files D Drive\IZArc\IZArc.exe [D:\Program Files D Drive\IZArc\IZArc.exe] -> IZSoftware [Ver = 3.8.1.1550 | Size = 750080 bytes | Modified Date = 6/14/2007 1:57:08 AM | Attr = ] javaws.exe -> %ProgramFiles%\Java\jre1.6.0_06\bin\javaws.exe [C:\Program Files\Java\jre1.6.0_06\bin\javaws.exe] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Modified Date = 3/25/2008 2:37:01 AM | Attr = ] mbam.exe -> %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe] -> File not found mpn30.exe -> %ProgramFiles%\Canon\MP Navigator 3.0\mpn30.exe [C:\Program Files\Canon\MP Navigator 3.0\mpn30.exe] -> CANON INC. [Ver = 3, 0, 1, 0 | Size = 5263360 bytes | Modified Date = 6/6/2006 3:48:10 PM | Attr = ] MSFmt.exe -> %ProgramFiles%\Sony\Memory Stick Formatter\MSFmt.exe [C:\Program Files\Sony\Memory Stick Formatter\MSFmt.exe] -> Sony Corporation [Ver = 2.1.0.06190 | Size = 61440 bytes | Modified Date = 6/19/2003 5:13:58 PM | Attr = ] MsoHtmEd.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found msworks.exe -> %ProgramFiles%\Microsoft Works\msworks.exe [C:\Program Files\Microsoft Works\msworks.exe] -> Microsoft® Corporation [Ver = 7.02.0620.0 | Size = 94276 bytes | Modified Date = 6/20/2002 4:22:24 AM | Attr = ] NCoverEd.exe -> %ProgramFiles%\Ahead\CoverDesigner\CoverDes.exe [C:\Program Files\Ahead\CoverDesigner\CoverDes.exe] -> Ahead Software AG [Ver = 2, 3, 0, 5 | Size = 2215936 bytes | Modified Date = 2/5/2004 8:51:34 PM | Attr = ] nero.exe -> %ProgramFiles%\Ahead\Nero\nero.exe [C:\Program Files\Ahead\nero\nero.exe] -> Ahead Software AG [Ver = 6, 3, 1, 6 | Size = 13983802 bytes | Modified Date = 3/16/2004 6:52:14 PM | Attr = ] NeroStartSmart.exe -> %ProgramFiles%\Ahead\Nero StartSmart\NeroStartSmart.exe [C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe] -> Ahead Software AG [Ver = 1, 0, 1, 8 | Size = 2592845 bytes | Modified Date = 3/12/2004 3:55:48 PM | Attr = ] Netscp.exe -> %ProgramFiles%\Netscape\Netscape\Netscp.exe [C:\Program Files\Netscape\Netscape\Netscp.exe] -> Mozilla, Netscape [Ver = 7.0.2 | Size = 481264 bytes | Modified Date = 2/8/2003 12:50:00 PM | Attr = ] Netscp6.exe -> %ProgramFiles%\Netscape\Netscape\Netscp.exe [C:\Program Files\Netscape\Netscape\Netscp.exe] -> Mozilla, Netscape [Ver = 7.0.2 | Size = 481264 bytes | Modified Date = 2/8/2003 12:50:00 PM | Attr = ] Omgbkup.exe -> %ProgramFiles%\Sony\SonicStage\Omgbkup.exe [C:\Program Files\Sony\SonicStage\Omgbkup.exe] -> Sony Corporation [Ver = 2.6.60.06240 | Size = 528454 bytes | Modified Date = 6/24/2003 3:58:38 AM | Attr = ] Omgexset.exe -> %ProgramFiles%\Sony\SonicStage\Omgexset.exe [C:\Program Files\Sony\SonicStage\Omgexset.exe] -> Sony Corporation [Ver = 2.6.60.06240 | Size = 110592 bytes | Modified Date = 6/24/2003 3:47:20 AM | Attr = ] Omgjbox.exe -> %ProgramFiles%\Sony\SonicStage\Omgjbox.exe [C:\Program Files\Sony\SonicStage\Omgjbox.exe] -> Sony Corporation [Ver = 2.6.60.06240 | Size = 3076166 bytes | Modified Date = 6/24/2003 4:26:12 AM | Attr = ] OmgStartup.Exe -> %CommonProgramFiles%\Sony Shared\OpenMG\OmgStartup.exe [C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.Exe] -> Sony Corporation [Ver = 3.2.00.12242 | Size = 24576 bytes | Modified Date = 12/24/2002 1:56:40 PM | Attr = ] OOOggDump.exe -> %ProgramFiles%\illiminable\oggcodecs\OOOggDump.exe [C:\Program Files\illiminable\oggcodecs\OOOggDump.exe] -> [Ver = | Size = 7680 bytes | Modified Date = 2/23/2006 12:36:34 PM | Attr = ] ORUN32.EXE -> %SystemRoot%\ORUN32.EXE [C:\WINDOWS\ORUN32.EXE] -> File not found pbrush.exe -> %SystemRoot%\system32\mspaint.exe [%SystemRoot%\system32\mspaint.exe] -> File not found PC_Info.exe -> %CommonProgramFiles%\Sony Shared\PC_Info\PC_INFO.exe [C:\Program Files\Common Files\Sony Shared\PC_Info\pc_info.exe] -> Sony Corporation [Ver = 2.00.00.03150 | Size = 36864 bytes | Modified Date = 3/15/2000 9:22:12 PM | Attr = ] PcfMgr.exe -> %ProgramFiles%\PowerPanel\Program\PcfMgr.exe [C:\Program Files\PowerPanel\Program\PcfMgr.exe] -> Phoenix Technologies Ltd. [Ver = 5.3.1.1 | Size = 872448 bytes | Modified Date = 6/23/2003 1:11:46 PM | Attr = ] PhotoStudio.exe -> %ProgramFiles%\ArcSoft\PhotoStudio 5.5\PhotoStudio.exe [C:\Program Files\ArcSoft\PhotoStudio 5.5\PhotoStudio.exe] -> ArcSoft, Inc. [Ver = 5.5.0.72 | Size = 876544 bytes | Modified Date = 8/25/2005 10:29:00 AM | Attr = ] PictureViewer.exe -> %ProgramFiles%\QuickTime\PictureViewer.exe [C:\Program Files\QuickTime\PictureViewer.exe] -> Apple Inc. [Ver = 7.5 (861) | Size = 548864 bytes | Modified Date = 5/27/2008 10:50:24 AM | Attr = ] PowerPnt.exe -> %ProgramFiles%\Microsoft Office\Office\POWERPNT.EXE [C:\PROGRA~1\MICROS~2\Office\POWERPNT.EXE] -> [Ver = | Size = 4325428 bytes | Modified Date = 3/16/1999 2:41:22 PM | Attr = R ] QBLaunch.exe -> %CommonProgramFiles%\Intuit\QuickBooks\QBLaunch.exe [C:\Program Files\Common Files\Intuit\QuickBooks\QBLaunch.exe] -> Intuit Inc. [Ver = 18.0D R1 | Size = 1201440 bytes | Modified Date = 9/11/2007 9:37:46 AM | Attr = ] QuickTimePlayer.exe -> %ProgramFiles%\QuickTime\QuickTimePlayer.exe [C:\Program Files\QuickTime\QuickTimePlayer.exe] -> Apple Inc. [Ver = 7.5 (861) | Size = 7677232 bytes | Modified Date = 5/27/2008 10:50:48 AM | Attr = ] RegAnyDVD -> %ProgramFiles%\SlySoft\AnyDVD\RegAnyDVD.exe [C:\Program Files\SlySoft\AnyDVD\RegAnyDVD.exe] -> SlySoft, Inc. [Ver = 2, 0, 0, 5 | Size = 53248 bytes | Modified Date = 10/2/2003 6:23:56 AM | Attr = ] RegCloneDVD2.exe -> %ProgramFiles%\Elaborate Bytes\CloneDVD2\RegCloneDVD2.exe [C:\Program Files\Elaborate Bytes\CloneDVD2\RegCloneDVD2.exe] -> File not found setup.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found SNSetup.exe -> %ProgramFiles%\Sony\Sony Notebook Setup\SNSetup.exe [C:\Program Files\SONY\Sony Notebook Setup\SNSetup.exe] -> Sony Corporation [Ver = 3.4.0.7080 | Size = 290816 bytes | Modified Date = 7/8/2003 7:00:00 PM | Attr = ] SnyUtils.dll -> %CommonProgramFiles%\Sony Shared\Sony Utilities\SnyUtils.dll [C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll] -> Sony Corporation [Ver = 3, 5, 0, 7020 | Size = 86016 bytes | Modified Date = 7/4/2003 1:09:50 PM | Attr = ] Sony MPEG Decoder Library -> [C:\Program Files\Sony Corporation\Sony MPEG Decoder Library\Sony MPEG Decoder Library] -> File not found Sony Shared Library for XP -> [C:\Program Files\Sony Corporation\Sony Shared Library for XP\Sony Shared Library for XP] -> File not found Sony Video Shared Library -> [C:\Program Files\Common Files\Sony Shared\VideoLib\Sony Video Shared Library] -> File not found table30.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found UILib.DLL -> %CommonProgramFiles%\Sony Shared\UILibrary\UILib.dll [C:\Program Files\Common Files\Sony Shared\UILibrary\UILib.DLL] -> Sony Corporation [Ver = 2.4.01.04080 | Size = 1515520 bytes | Modified Date = 4/8/2003 10:01:14 PM | Attr = ] USBSircs.exe -> %ProgramFiles%\Sony\USBSircs\USBsircs.exe [C:\Program Files\Sony\USBSircs\USBSircs.exe] -> Sony Corporation [Ver = 5, 5, 00, 03191 | Size = 163840 bytes | Modified Date = 3/19/2003 9:55:32 PM | Attr = ] VAIO Media Installer -> [C:\Program Files\Sony\VAIO Media Installer 2.6\VAIO Media Installer] -> File not found Vc -> %ProgramFiles%\Sony\VAIO Media 2.6\Vc [C:\Program Files\Sony\VAIO Media 2.6\Vc] -> File not found WinDVD.exe -> %ProgramFiles%\InterVideo\WinDVD4\WinDVD.exe [C:\Program Files\InterVideo\WinDVD4\WinDVD.exe] -> InterVideo Inc. [Ver = 4.0.11.88 | Size = 106496 bytes | Modified Date = 3/19/2003 5:15:30 PM | Attr = ] winnt32.exe -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found WKSAB.EXE -> %ProgramFiles%\Microsoft Works\wksab.exe [C:\Program Files\Microsoft Works\WKSAB.exe] -> Microsoft® Corporation [Ver = 7.02.0620.0 | Size = 20555 bytes | Modified Date = 6/20/2002 4:27:16 AM | Attr = ] wkscal.exe -> %CommonProgramFiles%\Microsoft Shared\Works Shared\wkscal.exe [C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkscal.exe] -> Microsoft® Corporation [Ver = 7.02.0620.0 | Size = 102467 bytes | Modified Date = 6/20/2002 4:21:26 AM | Attr = ] wksdb.exe -> %ProgramFiles%\Microsoft Works\wksdb.exe [C:\Program Files\Microsoft Works\wksdb.exe] -> Microsoft® Corporation [Ver = 7.02.0628.0 | Size = 2228282 bytes | Modified Date = 6/28/2002 12:03:04 PM | Attr = ] WKSPROJ.EXE -> %ProgramFiles%\Microsoft Works\WksProj.exe [C:\Program Files\Microsoft Works\WksProj.exe] -> Microsoft® Corporation [Ver = 7.02.0624.0 | Size = 114688 bytes | Modified Date = 6/24/2002 9:15:26 PM | Attr = ] WKSSB.EXE -> %ProgramFiles%\Microsoft Works\wkssb.exe [C:\Program Files\Microsoft Works\WKSSB.exe] -> Microsoft® Corporation [Ver = 7.02.0620.0 | Size = 725046 bytes | Modified Date = 6/20/2002 4:28:26 AM | Attr = ] wksss.exe -> %ProgramFiles%\Microsoft Works\wksss.exe [C:\Program Files\Microsoft Works\wksss.exe] -> Microsoft® Corporation [Ver = 7.02.0628.0 | Size = 1863740 bytes | Modified Date = 6/28/2002 11:53:54 AM | Attr = ] wkswp.exe -> %ProgramFiles%\Microsoft Works\WksWP.exe [C:\Program Files\Microsoft Works\wkswp.exe] -> Microsoft® Corporation [Ver = 7.02.0620.0 | Size = 106556 bytes | Modified Date = 6/20/2002 4:13:14 AM | Attr = ] WKWCESTP.EXE -> %ProgramFiles%\Microsoft Works\wkwcestp.exe [C:\Program Files\Microsoft Works\wkwcestp.exe] -> [Ver = | Size = 45056 bytes | Modified Date = 6/20/2002 4:37:52 AM | Attr = ] WMPBurn.exe -> %ProgramFiles%\Ahead\WMPBurn\WMPBurn.exe [C:\Program Files\Ahead\WMPBurn\WMPBurn.exe] -> Ahead Software AG [Ver = 1, 2, 0, 1 | Size = 1265664 bytes | Modified Date = 1/8/2004 5:19:24 PM | Attr = ] WORDPAD.EXE -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found WRITE.EXE -> Reg Error: Value does not exist or could not be read. [Reg Error: Value does not exist or could not be read.] -> File not found yourapp.Exe -> %ProgramFiles%\CheckPoint\SecuRemote\yourapp.Exe [C:\Program Files\CheckPoint\SecuRemote\yourapp.Exe] -> File not found ZX -> [C:\Program Files\Common Files\Sony Shared\ImageStation\ZX] -> File not found < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 8:12:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 8:11:56 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 8:12:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 8:12:08 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 748 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 8:12:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> EB 22 16 9B 34 EA FC D0 A4 F2 B5 65 4E FC A9 A1 37 30 30 38 31 62 33 62 00 00 00 00 01 00 00 00 C0 01 00 00 C4 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 71 66 09 6D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> F9 92 5A 7B A3 EB B7 FB CE [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 60 B3 B0 F6 0A 15 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 47 52 97 AF AE 23 E8 FD 67 29 CA 4E A8 12 3C EB [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> EE 5F 11 9E 45 D9 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11657 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.2.9 | Size = 20638504 bytes | Modified Date = 6/2/2008 11:13:18 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{19A8DED2-8315-4CD1-9B0E-065AE3352C3E} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{153804AD-5FD5-43DA-B482-206977CEFE6F} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{6ADE8416-86AB-406A-B7FC-F18D5F6D289D} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{8FBFBC00-AD0A-4964-B146-228F1D50AC2F} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{E062FB31-E0E2-4C83-A033-E6296F141499} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 8:12:11 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] Boot.bak -> %SystemDrive%\Boot.bak -> [Ver = | Size = 211 bytes | Created Date = 6/28/2008 11:37:40 PM | Attr = ] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 6/28/2008 11:36:58 PM | Attr = ] cmldr -> %SystemDrive%\cmldr -> [Ver = | Size = 260272 bytes | Created Date = 6/28/2008 11:37:11 PM | Attr = ] Combo Fix Table of Contents.doc -> %SystemDrive%\Combo Fix Table of Contents.doc -> [Ver = | Size = 661504 bytes | Created Date = 6/28/2008 12:56:42 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 6/28/2008 12:21:57 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534298624 bytes | Created Date = 6/19/2008 7:23:30 AM | Attr = HS] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 6/28/2008 1:29:24 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 7/1/2008 6:09:59 PM | Attr = HS] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Created Date = 6/22/2008 10:39:53 AM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 6/29/2008 2:12:03 AM | Attr = ] atnt40k.sys -> %SystemRoot%\System32\drivers\atnt40k.sys -> [Ver = | Size = 51304 bytes | Created Date = 6/11/2008 6:46:15 PM | Attr = ] hdaudbus.sys -> %SystemRoot%\System32\drivers\hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 144384 bytes | Created Date = 6/14/2008 12:06:49 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 6/22/2008 11:34:07 AM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 6/22/2008 11:34:07 AM | Attr = ] usbaapl.sys -> %SystemRoot%\System32\drivers\usbaapl.sys -> Apple, Inc. [Ver = 1, 25, 0, 0 | Size = 30464 bytes | Created Date = 6/15/2008 11:00:56 PM | Attr = ] 404Fix.exe -> %SystemRoot%\System32\404Fix.exe -> S!Ri.URZ [Ver = | Size = 81920 bytes | Created Date = 6/29/2008 11:08:44 PM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Created Date = 6/15/2008 11:00:56 PM | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> dumphive.exe -> %SystemRoot%\System32\dumphive.exe -> [Ver = | Size = 51200 bytes | Created Date = 6/29/2008 11:08:43 PM | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Created Date = 6/14/2008 12:44:07 AM | Attr = ] en-us -> %SystemRoot%\System32\en-us -> [Folder | Created Date = 6/14/2008 12:44:17 AM | Attr = ] IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Created Date = 6/29/2008 11:08:44 PM | Attr = ] IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver = | Size = 82944 bytes | Created Date = 6/29/2008 11:08:44 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 6/30/2008 6:27:07 PM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Created Date = 6/30/2008 6:27:08 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 6/30/2008 6:27:07 PM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Created Date = 6/30/2008 6:27:08 PM | Attr = ] mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 34520 bytes | Created Date = 6/18/2008 11:45:26 PM | Attr = H ] pid.inf -> %SystemRoot%\System32\pid.inf -> [Ver = | Size = 1261 bytes | Created Date = 6/14/2008 12:06:54 AM | Attr = ] Process.exe -> %SystemRoot%\System32\Process.exe -> http://www.beyondlogic.org [Ver = 2, 0, 0, 0 | Size = 53248 bytes | Created Date = 6/29/2008 11:08:43 PM | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Created Date = 6/14/2008 12:44:15 AM | Attr = ] SrchSTS.exe -> %SystemRoot%\System32\SrchSTS.exe -> S!Ri [Ver = | Size = 288417 bytes | Created Date = 6/29/2008 11:08:43 PM | Attr = ] swreg.exe -> %SystemRoot%\System32\swreg.exe -> SteelWerX [Ver = 2.0.1.0 | Size = 135168 bytes | Created Date = 6/29/2008 11:08:43 PM | Attr = ] swsc.exe -> %SystemRoot%\System32\swsc.exe -> [Ver = | Size = 40960 bytes | Created Date = 6/29/2008 11:08:43 PM | Attr = ] swxcacls.exe -> %SystemRoot%\System32\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 79360 bytes | Created Date = 6/29/2008 11:08:43 PM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 2706 bytes | Created Date = 6/29/2008 11:09:44 PM | Attr = ] VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver = | Size = 86528 bytes | Created Date = 6/29/2008 11:08:44 PM | Attr = ] VCCLSID.exe -> %SystemRoot%\System32\VCCLSID.exe -> S!Ri [Ver = | Size = 289144 bytes | Created Date = 6/29/2008 11:08:44 PM | Attr = ] WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe -> [Ver = | Size = 25600 bytes | Created Date = 6/29/2008 11:08:44 PM | Attr = ] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Created Date = 6/13/2008 9:08:16 PM | Attr = H ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 6/18/2008 12:21:25 AM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 6/18/2008 12:20:16 AM | Attr = H ] EHome -> %SystemRoot%\EHome -> [Folder | Created Date = 6/13/2008 9:08:10 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 6/28/2008 12:22:28 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 6/28/2008 1:29:23 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 6/28/2008 1:29:23 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 6/18/2008 12:21:56 AM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Created Date = 6/18/2008 12:28:19 AM | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Created Date = 6/14/2008 12:44:08 AM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Created Date = 6/14/2008 12:35:16 AM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 6/28/2008 11:43:54 PM | Attr = ] peernet -> %SystemRoot%\peernet -> [Folder | Created Date = 6/13/2008 9:21:57 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 6/14/2008 12:58:37 AM | Attr = ] provisioning -> %SystemRoot%\provisioning -> [Folder | Created Date = 6/13/2008 9:21:53 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Created Date = 6/14/2008 8:55:55 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 6/14/2008 1:03:47 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 6/14/2008 1:03:47 AM | Attr = H ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 6/28/2008 1:29:23 PM | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Created Date = 6/13/2008 9:17:42 PM | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 6/30/2008 6:27:34 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 6/28/2008 1:29:23 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 6/28/2008 1:29:23 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 6/28/2008 1:29:23 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 6/28/2008 1:29:23 PM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 6/18/2008 12:25:09 AM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 6/28/2008 1:29:23 PM | Attr = ] Disk Cleanup.job -> %SystemRoot%\tasks\Disk Cleanup.job -> [Ver = | Size = 264 bytes | Created Date = 6/16/2008 1:33:25 AM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Apple -> %AllUsersProfile%\Application Data\Apple -> [Folder | Created Date = 6/15/2008 10:53:32 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 6/22/2008 11:34:09 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 6/22/2008 12:11:09 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 6/8/2008 7:34:47 PM | Attr = ] @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 ArcSoft -> %AppData%\ArcSoft -> [Folder | Created Date = 6/29/2008 9:57:48 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 6/22/2008 11:34:24 AM | Attr = ] Sun -> %AppData%\Sun -> [Folder | Created Date = 6/30/2008 6:27:34 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 6/22/2008 12:10:35 PM | Attr = ] Template -> %AppData%\Template -> [Folder | Created Date = 6/18/2008 1:13:18 AM | Attr = ] Destinydischarge.doc -> %UserProfile%\My Documents\Destinydischarge.doc -> [Ver = | Size = 37376 bytes | Created Date = 6/23/2008 10:39:38 AM | Attr = ] JustinDischarge_Summary[1].doc -> %UserProfile%\My Documents\JustinDischarge_Summary[1].doc -> [Ver = | Size = 36352 bytes | Created Date = 6/20/2008 9:18:26 AM | Attr = ] meredith_0082[1].jpg -> %UserProfile%\My Documents\meredith_0082[1].jpg -> [Ver = | Size = 7846 bytes | Created Date = 7/2/2008 1:25:32 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\meredith_0082[1].jpg:Zone.Identifier meredith_0163[1].jpg -> %UserProfile%\My Documents\meredith_0163[1].jpg -> [Ver = | Size = 10651 bytes | Created Date = 7/2/2008 1:30:38 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\meredith_0163[1].jpg:Zone.Identifier My Albums -> %UserProfile%\My Documents\My Albums -> [Folder | Created Date = 6/29/2008 9:57:51 PM | Attr = ] 7 C:\Documents and Settings\Michael\My Documents\*.tmp files -> C:\Documents and Settings\Michael\My Documents\*.tmp -> product_1[1].gif -> %UserProfile%\My Documents\product_1[1].gif -> [Ver = | Size = 4070 bytes | Created Date = 7/2/2008 12:23:03 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\product_1[1].gif:Zone.Identifier Racheldischarge.doc -> %UserProfile%\My Documents\Racheldischarge.doc -> [Ver = | Size = 33792 bytes | Created Date = 6/20/2008 10:17:20 AM | Attr = ] RTC-Day Discharge Summary.doc -> %UserProfile%\My Documents\RTC-Day Discharge Summary.doc -> [Ver = | Size = 34816 bytes | Created Date = 6/20/2008 10:16:57 AM | Attr = ] spyware.doc -> %UserProfile%\My Documents\spyware.doc -> [Ver = | Size = 19968 bytes | Created Date = 6/11/2008 7:14:21 PM | Attr = ] ~$cheldischarge.doc -> %UserProfile%\My Documents\~$cheldischarge.doc -> [Ver = | Size = 162 bytes | Created Date = 6/25/2008 10:10:13 AM | Attr = H ] ~$stinDischarge_Summary[1].doc -> %UserProfile%\My Documents\~$stinDischarge_Summary[1].doc -> [Ver = | Size = 162 bytes | Created Date = 6/25/2008 10:16:06 AM | Attr = H ] ~$stinydischarge.doc -> %UserProfile%\My Documents\~$stinydischarge.doc -> [Ver = | Size = 162 bytes | Created Date = 6/25/2008 10:03:31 AM | Attr = H ] Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [Ver = | Size = 527 bytes | Created Date = 6/19/2008 12:11:42 AM | Attr = ] Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [Ver = | Size = 527 bytes | Created Date = 6/19/2008 12:11:42 AM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Created Date = 6/15/2008 11:35:50 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 6/22/2008 11:34:10 AM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Created Date = 6/24/2008 6:13:22 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Created Date = 6/15/2008 11:10:12 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Created Date = 6/22/2008 12:10:41 PM | Attr = ] Advanced Visa Verification.jpg -> %UserProfile%\Desktop\Advanced Visa Verification.jpg -> [Ver = | Size = 315528 bytes | Created Date = 6/29/2008 10:04:34 PM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 7/1/2008 6:07:22 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier avz4 -> %UserProfile%\Desktop\avz4 -> [Folder | Created Date = 6/30/2008 12:09:07 AM | Attr = ] cureit.exe -> %UserProfile%\Desktop\cureit.exe -> Doctor Web, Ltd. [Ver = 4, 44, 0, 0 | Size = 10749720 bytes | Created Date = 6/29/2008 12:15:47 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\cureit.exe:Zone.Identifier DrWeb.csv -> %UserProfile%\Desktop\DrWeb.csv -> [Ver = | Size = 3635 bytes | Created Date = 6/29/2008 4:06:07 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 6/28/2008 12:21:07 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 611 bytes | Created Date = 6/23/2008 11:15:11 PM | Attr = ] install_flash_player.exe -> %UserProfile%\Desktop\install_flash_player.exe -> Adobe Systems Incorporated [Ver = 1.0.20 | Size = 1495112 bytes | Created Date = 7/2/2008 11:31:31 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\install_flash_player.exe:Zone.Identifier Internet Explorer.lnk -> %UserProfile%\Desktop\Internet Explorer.lnk -> [Ver = | Size = 803 bytes | Created Date = 6/26/2008 6:12:28 PM | Attr = ] kasperky 30.06.2008 -> %UserProfile%\Desktop\kasperky 30.06.2008 -> [Ver = | Size = 1050 bytes | Created Date = 6/30/2008 10:10:38 PM | Attr = ] meredith_0082[1].jpg -> %UserProfile%\Desktop\meredith_0082[1].jpg -> [Ver = | Size = 7846 bytes | Created Date = 7/2/2008 1:23:42 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\meredith_0082[1].jpg:Zone.Identifier meredith_0163[1].jpg -> %UserProfile%\Desktop\meredith_0163[1].jpg -> [Ver = | Size = 10651 bytes | Created Date = 7/2/2008 1:30:00 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\meredith_0163[1].jpg:Zone.Identifier OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Created Date = 6/29/2008 2:10:10 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 7/1/2008 6:14:05 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568544 bytes | Created Date = 7/1/2008 6:12:51 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier product_1[1].gif -> %UserProfile%\Desktop\product_1[1].gif -> [Ver = | Size = 4070 bytes | Created Date = 7/2/2008 12:22:13 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\product_1[1].gif:Zone.Identifier SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [Folder | Created Date = 6/29/2008 11:08:29 PM | Attr = ] SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> [Ver = | Size = 1477906 bytes | Created Date = 6/29/2008 11:07:53 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SmitfraudFix.exe:Zone.Identifier Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 833 bytes | Created Date = 6/19/2008 12:40:40 AM | Attr = ] Apple -> %CommonProgramFiles%\Apple -> [Folder | Created Date = 6/15/2008 10:59:57 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 6/22/2008 11:33:06 AM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 6/30/2008 6:25:06 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 6/19/2008 12:10:13 AM | Attr = ] Bonjour -> %ProgramFiles%\Bonjour -> [Folder | Created Date = 6/18/2008 6:30:22 PM | Attr = ] Java -> %ProgramFiles%\Java -> [Folder | Created Date = 6/30/2008 6:25:30 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 6/22/2008 11:34:05 AM | Attr = ] Microsoft CAPICOM 2.1.0.2 -> %ProgramFiles%\Microsoft CAPICOM 2.1.0.2 -> [Folder | Created Date = 6/17/2008 11:40:40 PM | Attr = ] msn -> %ProgramFiles%\msn -> [Folder | Created Date = 6/14/2008 12:44:07 AM | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 6/22/2008 11:44:25 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 6/22/2008 12:10:35 PM | Attr = ] WebEx -> %ProgramFiles%\WebEx -> [Folder | Created Date = 6/18/2008 7:42:03 PM | Attr = ] [Files/Folders - Modified Within 30 days] Boot.bak -> %SystemDrive%\Boot.bak -> [Ver = | Size = 211 bytes | Modified Date = 6/14/2008 9:20:45 AM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 281 bytes | Modified Date = 6/28/2008 11:37:41 PM | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 6/28/2008 11:37:38 PM | Attr = ] Combo Fix Table of Contents.doc -> %SystemDrive%\Combo Fix Table of Contents.doc -> [Ver = | Size = 661504 bytes | Modified Date = 6/28/2008 12:56:43 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 6/28/2008 12:21:57 PM | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 6/18/2008 6:54:21 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534298624 bytes | Modified Date = 7/2/2008 11:33:25 PM | Attr = HS] NTDETECT.COM -> %SystemDrive%\NTDETECT.COM -> [Ver = | Size = 47564 bytes | Modified Date = 6/13/2008 9:13:43 PM | Attr = RHS] ntldr -> %SystemDrive%\ntldr -> [Ver = | Size = 250048 bytes | Modified Date = 6/14/2008 12:34:44 AM | Attr = RHS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 6/30/2008 6:25:30 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 6/29/2008 12:01:41 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 7/1/2008 6:09:59 PM | Attr = HS] rollback.ini -> %SystemDrive%\rollback.ini -> [Ver = | Size = 805 bytes | Modified Date = 7/2/2008 11:01:27 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 6/14/2008 12:57:20 AM | Attr = HS] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 6/29/2008 10:04:53 PM | Attr = ] VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [Folder | Modified Date = 6/22/2008 10:39:53 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 6/30/2008 6:27:34 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 6/29/2008 2:12:03 AM | Attr = ] atnt40k.sys -> %SystemRoot%\System32\drivers\atnt40k.sys -> [Ver = | Size = 51304 bytes | Modified Date = 6/11/2008 6:46:15 PM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 6/28/2008 11:51:44 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 6/28/2008 11:51:44 PM | Attr = ] hosts.20080611-193922.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080611-193922.backup -> [Ver = | Size = 249516 bytes | Modified Date = 6/8/2008 7:58:08 PM | Attr = R ] hosts.20080611-201213.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080611-201213.backup -> [Ver = | Size = 249879 bytes | Modified Date = 6/11/2008 7:39:22 PM | Attr = R ] hosts.20080611-201612.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080611-201612.backup -> [Ver = | Size = 249879 bytes | Modified Date = 6/11/2008 8:12:13 PM | Attr = R ] hosts.20080611-201634.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080611-201634.backup -> [Ver = | Size = 249879 bytes | Modified Date = 6/11/2008 8:16:12 PM | Attr = R ] hosts.20080611-201650.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080611-201650.backup -> [Ver = | Size = 249879 bytes | Modified Date = 6/11/2008 8:16:34 PM | Attr = R ] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 34433312 bytes | Modified Date = 7/2/2008 11:32:24 PM | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 464696 bytes | Modified Date = 7/2/2008 11:32:24 PM | Attr = HS] fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 1040416 bytes | Modified Date = 7/2/2008 11:32:24 PM | Attr = HS] fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 99032 bytes | Modified Date = 7/2/2008 11:32:24 PM | Attr = HS] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 6/28/2008 2:16:36 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 6/28/2008 2:16:40 PM | Attr = ] bits -> %SystemRoot%\System32\bits -> [Folder | Modified Date = 6/14/2008 12:44:07 AM | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 6/15/2008 12:19:14 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 7/2/2008 11:47:01 PM | Attr = ] Com -> %SystemRoot%\System32\Com -> [Folder | Modified Date = 6/14/2008 12:38:31 AM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 6/28/2008 1:35:15 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 6/19/2008 8:49:44 PM | Attr = ] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 6/30/2008 1:06:40 AM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 6/15/2008 11:00:56 PM | Attr = ] en -> %SystemRoot%\System32\en -> [Folder | Modified Date = 6/14/2008 12:44:07 AM | Attr = ] en-us -> %SystemRoot%\System32\en-us -> [Folder | Modified Date = 6/18/2008 12:29:08 AM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 177856 bytes | Modified Date = 6/14/2008 12:57:16 AM | Attr = ] IEDFix.C.exe -> %SystemRoot%\System32\IEDFix.C.exe -> S!Ri.URZ [Ver = | Size = 82432 bytes | Modified Date = 6/23/2008 11:34:46 PM | Attr = ] mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 34520 bytes | Modified Date = 6/18/2008 11:45:26 PM | Attr = H ] mui -> %SystemRoot%\System32\mui -> [Folder | Modified Date = 6/13/2008 9:22:40 PM | Attr = ] npp -> %SystemRoot%\System32\npp -> [Folder | Modified Date = 6/14/2008 12:38:39 AM | Attr = ] oobe -> %SystemRoot%\System32\oobe -> [Folder | Modified Date = 6/14/2008 12:37:54 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 58794 bytes | Modified Date = 6/18/2008 8:54:01 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 392534 bytes | Modified Date = 6/18/2008 8:54:01 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 457590 bytes | Modified Date = 6/18/2008 8:54:01 PM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 6/15/2008 11:01:11 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 6/14/2008 12:38:39 AM | Attr = ] scripting -> %SystemRoot%\System32\scripting -> [Folder | Modified Date = 6/14/2008 12:44:16 AM | Attr = ] Setup -> %SystemRoot%\System32\Setup -> [Folder | Modified Date = 6/14/2008 12:57:06 AM | Attr = ] tmp.reg -> %SystemRoot%\System32\tmp.reg -> [Ver = | Size = 2706 bytes | Modified Date = 6/29/2008 11:09:44 PM | Attr = ] usmt -> %SystemRoot%\System32\usmt -> [Folder | Modified Date = 6/14/2008 12:44:17 AM | Attr = ] vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [Ver = | Size = 352809 bytes | Modified Date = 7/2/2008 11:36:22 PM | Attr = H ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 6/14/2008 12:59:44 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 6/22/2008 9:22:36 AM | Attr = ] zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 6/14/2008 1:08:04 AM | Attr = H ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 6/19/2008 8:48:39 PM | Attr = H ] 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 6/14/2008 12:31:55 AM | Attr = H ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 6/18/2008 12:21:25 AM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 6/18/2008 12:20:16 AM | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 6/14/2008 12:57:03 AM | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 6/14/2008 10:02:27 AM | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/2/2008 11:33:36 PM | Attr = S] Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 6/18/2008 8:53:30 PM | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 6/14/2008 1:02:37 AM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 6/30/2008 6:27:30 PM | Attr = S] EHome -> %SystemRoot%\EHome -> [Folder | Modified Date = 6/14/2008 12:25:45 AM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 6/28/2008 1:34:27 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 6/14/2008 12:57:06 AM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6/18/2008 8:53:38 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 6/18/2008 12:24:21 AM | Attr = H ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 6/18/2008 12:56:22 AM | Attr = ] ime -> %SystemRoot%\ime -> [Folder | Modified Date = 6/14/2008 12:44:45 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 4566 bytes | Modified Date = 6/18/2008 8:54:17 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/22/2008 11:44:25 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 6/30/2008 6:27:28 PM | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 7/2/2008 11:44:52 PM | Attr = ] l2schemas -> %SystemRoot%\l2schemas -> [Folder | Modified Date = 6/14/2008 12:44:09 AM | Attr = ] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 6/18/2008 12:24:37 AM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 6/14/2008 10:02:31 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 6/22/2008 12:13:38 PM | Attr = ] msagent -> %SystemRoot%\msagent -> [Folder | Modified Date = 6/14/2008 12:38:37 AM | Attr = ] network diagnostic -> %SystemRoot%\network diagnostic -> [Folder | Modified Date = 6/14/2008 12:44:46 AM | Attr = ] peernet -> %SystemRoot%\peernet -> [Folder | Modified Date = 6/14/2008 12:44:06 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 7/2/2008 11:50:22 PM | Attr = ] provisioning -> %SystemRoot%\provisioning -> [Folder | Modified Date = 6/13/2008 9:21:53 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 6/14/2008 9:20:34 AM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 6/14/2008 1:03:47 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/15/2008 10:49:17 PM | Attr = H ] security -> %SystemRoot%\security -> [Folder | Modified Date = 6/14/2008 12:55:19 AM | Attr = ] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [Folder | Modified Date = 6/14/2008 12:44:52 AM | Attr = ] srchasst -> %SystemRoot%\srchasst -> [Folder | Modified Date = 6/14/2008 12:38:35 AM | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 6/30/2008 6:27:34 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 6/14/2008 12:37:50 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 6/28/2008 11:52:10 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 6/30/2008 6:27:08 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/16/2008 1:33:25 AM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 7/2/2008 11:36:13 PM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 6/18/2008 12:25:09 AM | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 6/13/2008 9:14:07 PM | Attr = R ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 579 bytes | Modified Date = 6/14/2008 9:20:45 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 6/24/2008 9:08:17 PM | Attr = ] WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 6/14/2008 1:05:13 AM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 6/17/2008 5:07:06 PM | Attr = ] Disk Cleanup.job -> %SystemRoot%\tasks\Disk Cleanup.job -> [Ver = | Size = 264 bytes | Modified Date = 6/16/2008 1:33:25 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/2/2008 11:34:02 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 6/28/2008 1:38:19 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4096 bytes | Modified Date = 6/28/2008 1:38:19 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4096 bytes | Modified Date = 6/28/2008 1:38:19 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 6/18/2008 1:12:24 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 6/18/2008 1:12:18 AM | Attr = ] wklntnts.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntnts.dat -> [Ver = | Size = 515952 bytes | Modified Date = 6/18/2008 1:12:13 AM | Attr = ] wklntsk.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk.dat -> [Ver = | Size = 515952 bytes | Modified Date = 6/18/2008 1:12:13 AM | Attr = ] C:\Documents and Settings\Michael\Local Settings\Temp\ -> C:\Documents and Settings\Michael\Local Settings\Temp -> [Folder | Modified Date = 7/2/2008 11:50:25 PM | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\Michael\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1030 | Size = 143360 bytes | Modified Date = 2/17/2006 3:55:46 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Apple -> %AllUsersProfile%\Application Data\Apple -> [Folder | Modified Date = 6/15/2008 10:53:32 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 6/22/2008 11:34:09 AM | Attr = ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 6/14/2008 12:58:13 AM | Attr = S] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 6/19/2008 7:28:10 AM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 6/22/2008 12:11:09 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 6/8/2008 11:29:34 PM | Attr = ] @Alternate Data Stream - 106 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 7/2/2008 11:49:01 AM | Attr = ] Apple Computer -> %AppData%\Apple Computer -> [Folder | Modified Date = 6/18/2008 6:34:58 PM | Attr = ] ArcSoft -> %AppData%\ArcSoft -> [Folder | Modified Date = 6/29/2008 9:57:48 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 6/22/2008 11:34:24 AM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 6/14/2008 1:14:10 AM | Attr = S] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 6/24/2008 6:13:36 PM | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 6/13/2008 11:36:18 PM | Attr = ] Sun -> %AppData%\Sun -> [Folder | Modified Date = 6/30/2008 6:27:34 PM | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 6/22/2008 12:10:35 PM | Attr = ] Template -> %AppData%\Template -> [Folder | Modified Date = 6/18/2008 1:13:18 AM | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Modified Date = 6/18/2008 6:34:58 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 187904 bytes | Modified Date = 6/11/2008 6:04:33 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 40424 bytes | Modified Date = 6/13/2008 10:52:02 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 3229104 bytes | Modified Date = 7/2/2008 11:11:05 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 6/18/2008 6:59:17 PM | Attr = ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 78 bytes | Modified Date = 6/18/2008 12:34:47 AM | Attr = HS] Destinydischarge.doc -> %UserProfile%\My Documents\Destinydischarge.doc -> [Ver = | Size = 37376 bytes | Modified Date = 6/25/2008 10:03:31 AM | Attr = ] JustinDischarge_Summary[1].doc -> %UserProfile%\My Documents\JustinDischarge_Summary[1].doc -> [Ver = | Size = 36352 bytes | Modified Date = 6/25/2008 10:16:06 AM | Attr = ] meredith_0082[1].jpg -> %UserProfile%\My Documents\meredith_0082[1].jpg -> [Ver = | Size = 7846 bytes | Modified Date = 7/2/2008 1:23:43 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\meredith_0082[1].jpg:Zone.Identifier meredith_0163[1].jpg -> %UserProfile%\My Documents\meredith_0163[1].jpg -> [Ver = | Size = 10651 bytes | Modified Date = 7/2/2008 1:30:01 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\meredith_0163[1].jpg:Zone.Identifier My Albums -> %UserProfile%\My Documents\My Albums -> [Folder | Modified Date = 6/29/2008 9:57:52 PM | Attr = ] 7 C:\Documents and Settings\Michael\My Documents\*.tmp files -> C:\Documents and Settings\Michael\My Documents\*.tmp -> My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 6/18/2008 12:34:49 AM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 6/23/2008 2:40:30 PM | Attr = R ] product_1[1].gif -> %UserProfile%\My Documents\product_1[1].gif -> [Ver = | Size = 4070 bytes | Modified Date = 7/2/2008 12:22:14 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\product_1[1].gif:Zone.Identifier Quicken -> %UserProfile%\My Documents\Quicken -> [Folder | Modified Date = 6/13/2008 8:52:17 PM | Attr = ] Racheldischarge.doc -> %UserProfile%\My Documents\Racheldischarge.doc -> [Ver = | Size = 33792 bytes | Modified Date = 6/25/2008 10:16:34 AM | Attr = ] RTC-Day Discharge Summary.doc -> %UserProfile%\My Documents\RTC-Day Discharge Summary.doc -> [Ver = | Size = 34816 bytes | Modified Date = 6/20/2008 10:16:58 AM | Attr = ] spyware.doc -> %UserProfile%\My Documents\spyware.doc -> [Ver = | Size = 19968 bytes | Modified Date = 6/11/2008 7:14:22 PM | Attr = ] ~$cheldischarge.doc -> %UserProfile%\My Documents\~$cheldischarge.doc -> [Ver = | Size = 162 bytes | Modified Date = 6/25/2008 10:10:13 AM | Attr = H ] ~$stinDischarge_Summary[1].doc -> %UserProfile%\My Documents\~$stinDischarge_Summary[1].doc -> [Ver = | Size = 162 bytes | Modified Date = 6/25/2008 10:16:06 AM | Attr = H ] ~$stinydischarge.doc -> %UserProfile%\My Documents\~$stinydischarge.doc -> [Ver = | Size = 162 bytes | Modified Date = 6/25/2008 10:03:31 AM | Attr = H ] Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [Ver = | Size = 527 bytes | Modified Date = 6/19/2008 12:11:42 AM | Attr = ] Ad-Watch.lnk -> %AllUsersProfile%\Desktop\Ad-Watch.lnk -> [Ver = | Size = 527 bytes | Modified Date = 6/19/2008 12:11:42 AM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 6/15/2008 11:42:52 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 6/22/2008 11:34:10 AM | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Modified Date = 6/24/2008 6:13:22 PM | Attr = ] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [Ver = | Size = 1604 bytes | Modified Date = 6/15/2008 11:10:12 PM | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 780 bytes | Modified Date = 6/22/2008 12:10:41 PM | Attr = ] Advanced Visa Verification.jpg -> %UserProfile%\Desktop\Advanced Visa Verification.jpg -> [Ver = | Size = 315528 bytes | Modified Date = 6/29/2008 10:33:18 PM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 7/1/2008 6:07:23 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier avz4 -> %UserProfile%\Desktop\avz4 -> [Folder | Modified Date = 6/30/2008 12:44:15 AM | Attr = ] cureit.exe -> %UserProfile%\Desktop\cureit.exe -> Doctor Web, Ltd. [Ver = 4, 44, 0, 0 | Size = 10749720 bytes | Modified Date = 6/29/2008 12:15:48 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\cureit.exe:Zone.Identifier DrWeb.csv -> %UserProfile%\Desktop\DrWeb.csv -> [Ver = | Size = 3635 bytes | Modified Date = 6/29/2008 4:06:07 PM | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 6/28/2008 12:21:09 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 611 bytes | Modified Date = 6/23/2008 11:15:11 PM | Attr = ] install_flash_player.exe -> %UserProfile%\Desktop\install_flash_player.exe -> Adobe Systems Incorporated [Ver = 1.0.20 | Size = 1495112 bytes | Modified Date = 7/2/2008 11:31:44 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\install_flash_player.exe:Zone.Identifier Internet Explorer.lnk -> %UserProfile%\Desktop\Internet Explorer.lnk -> [Ver = | Size = 803 bytes | Modified Date = 6/26/2008 6:12:28 PM | Attr = ] kasperky 30.06.2008 -> %UserProfile%\Desktop\kasperky 30.06.2008 -> [Ver = | Size = 1050 bytes | Modified Date = 6/30/2008 10:10:38 PM | Attr = ] meredith_0082[1].jpg -> %UserProfile%\Desktop\meredith_0082[1].jpg -> [Ver = | Size = 7846 bytes | Modified Date = 7/2/2008 1:23:43 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\meredith_0082[1].jpg:Zone.Identifier meredith_0163[1].jpg -> %UserProfile%\Desktop\meredith_0163[1].jpg -> [Ver = | Size = 10651 bytes | Modified Date = 7/2/2008 1:30:01 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\meredith_0163[1].jpg:Zone.Identifier MindBodyOnline.url -> %UserProfile%\Desktop\MindBodyOnline.url -> [Ver = | Size = 204 bytes | Modified Date = 6/18/2008 6:15:41 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\MindBodyOnline.url:Zone.Identifier OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Modified Date = 6/29/2008 2:10:12 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 7/2/2008 11:10:51 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568544 bytes | Modified Date = 7/1/2008 6:12:52 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier product_1[1].gif -> %UserProfile%\Desktop\product_1[1].gif -> [Ver = | Size = 4070 bytes | Modified Date = 7/2/2008 12:22:14 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\product_1[1].gif:Zone.Identifier SmitfraudFix -> %UserProfile%\Desktop\SmitfraudFix -> [Folder | Modified Date = 6/29/2008 11:12:25 PM | Attr = ] SmitfraudFix.exe -> %UserProfile%\Desktop\SmitfraudFix.exe -> [Ver = | Size = 1477906 bytes | Modified Date = 6/29/2008 11:07:54 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SmitfraudFix.exe:Zone.Identifier Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 833 bytes | Modified Date = 6/19/2008 12:40:40 AM | Attr = ] Windows Explorer.lnk -> %UserProfile%\Desktop\Windows Explorer.lnk -> [Ver = | Size = 1475 bytes | Modified Date = 6/14/2008 1:24:25 AM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 6/13/2008 11:41:53 PM | Attr = ] Apple -> %CommonProgramFiles%\Apple -> [Folder | Modified Date = 6/15/2008 10:59:57 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 6/22/2008 11:33:06 AM | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 6/30/2008 6:25:06 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 6/18/2008 6:58:20 PM | Attr = ] Motive -> %CommonProgramFiles%\Motive -> [Folder | Modified Date = 6/29/2008 4:05:18 PM | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Modified Date = 6/13/2008 11:36:36 PM | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 6/18/2008 7:05:47 PM | Attr = ] System -> %CommonProgramFiles%\System -> [Folder | Modified Date = 6/14/2008 12:38:17 AM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 6/22/2008 12:08:08 PM | Attr = ] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... C:\WINDOWS\SONYSYS\ICONS\Thumbs.db:encryptable 0 bytes scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 1 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 106 bytes C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Michael\Desktop\KODAK EASYSHARE Gallery Upload Software, V2.1.exe:SummaryInformation 88 bytes C:\Documents and Settings\Michael\Desktop\KODAK EASYSHARE Gallery Upload Software, V2.1.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Michael\Favorites\Michael's\Sports\Basketball Recruiting\Rivals - ACC Channel.url:favicon 1150 bytes C:\Documents and Settings\Michael\Favorites\Michael's\Sports\Basketball Recruiting\College Football Rivals.com.url:favicon 1150 bytes C:\Documents and Settings\Michael\Favorites\Michael's\Sports\JUST PERFECT Norina - FreeOnes Bulletin Board.url:favicon 4710 bytes C:\Documents and Settings\Michael\Favorites\Michael's\Sports\YouPorn.com Lite (BETA) - Amateur Couple - Free Porn Videos.url:favicon 3638 bytes C:\Documents and Settings\Michael\Favorites\Michael's\Sports\ESPN.com (mjgiuliani, bryant).url:favicon 2862 bytes C:\Documents and Settings\Michael\Favorites\Internet Security\Free antivirus - Avira AntiVir.url:favicon 10230 bytes C:\Documents and Settings\Michael\Favorites\Internet Security\Free Software and Online Scans - WebProWorld.url:favicon 10134 bytes C:\Documents and Settings\Michael\Favorites\Internet Security\How-to remove Winfixer, Virtumonde, Msevents, Trojan.vundo, ATLDistrib - Geeks to Go!.url:favicon 22486 bytes C:\Documents and Settings\Michael\Favorites\Internet Security\Jason Levine's Toolbox Browser Security Tests.url:favicon 766 bytes C:\Documents and Settings\Michael\Favorites\Internet Security\You Must Read This Before Posting A Hijackthis Log - Geeks to Go!.url:favicon 22486 bytes C:\Documents and Settings\Michael\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_3222d326\Setup.exe:SummaryInformation 88 bytes C:\Documents and Settings\Michael\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_3222d326\Setup.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Michael\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_6420d\Setup.exe:SummaryInformation 88 bytes C:\Documents and Settings\Michael\Local Settings\Application Data\KodakGallery\EasyShareSetup\$SETUP_140007_6420d\Setup.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes C:\Documents and Settings\Michael\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Michael\Recent\Thumbs.db:encryptable 0 bytes scan completed successfully hidden files: 36 < End of report > [/code]