[code] OTScanIt logfile created on: 7/10/2008 9:58:05 AM OTScanIt by OldTimer - Version 1.0.16.1 Folder = C:\Documents and Settings\Administrator\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1004.54 Mb Total Physical Memory | 438.38 Mb Available Physical Memory | 43.64% Memory free 2.35 Gb Paging File | 1.74 Gb Available in Paging File | 73.98% Paging File free Paging file location(s): C:\pagefile.sys 1500 3000; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 39.07 Gb Total Space | 16.01 Gb Free Space | 40.98% Space Free | Partition Type: NTFS Drive D: | 39.06 Gb Total Space | 21.30 Gb Free Space | 54.53% Space Free | Partition Type: NTFS Drive E: | 39.06 Gb Total Space | 32.30 Gb Free Space | 82.69% Space Free | Partition Type: NTFS Drive F: | 31.86 Gb Total Space | 13.24 Gb Free Space | 41.55% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ETI-4 Current User Name: Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr = ] mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ] mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr = ] mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ] pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5, 5, 1, 0 | Size = 337800 bytes | Modified Date = 4/10/2008 3:14:26 PM | Attr = ] pctssvc.exe -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.1.9 | Size = 1017224 bytes | Modified Date = 4/17/2008 2:19:02 PM | Attr = ] mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr = ] pctstray.exe -> %ProgramFiles%\Spyware Doctor\pctsTray.exe -> PC Tools [Ver = 5.5.1.1 | Size = 1107848 bytes | Modified Date = 4/10/2008 3:14:30 PM | Attr = ] tsvncache.exe -> %ProgramFiles%\TortoiseSVN\bin\TSVNCache.exe -> www.tortoisesvn.org [Ver = 1, 4, 7, 11792 | Size = 405504 bytes | Modified Date = 1/5/2008 2:03:10 PM | Attr = ] rthdcpl.exe -> %SystemRoot%\RTHDCPL.exe -> Realtek Semiconductor Corp. [Ver = 2.1.9.1 | Size = 16858112 bytes | Modified Date = 2/19/2008 3:34:46 PM | Attr = ] olpsynch.exe -> %ProgramFiles%\Offline Course Player\OlpSynch.exe -> [Ver = | Size = 42288 bytes | Modified Date = 2/19/2008 4:00:02 AM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4279 | Size = 185896 bytes | Modified Date = 6/26/2008 1:08:04 PM | Attr = ] thguard.exe -> %ProgramFiles%\TrojanHunter 5.0\THGuard.exe -> Mischel Internet Security [Ver = 5.0.0.278 | Size = 1047712 bytes | Modified Date = 3/25/2008 7:08:16 PM | Attr = ] googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 7/8/2008 12:13:25 PM | Attr = ] mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 12/5/2007 10:04:10 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.1 | Size = 396800 bytes | Modified Date = 7/5/2008 11:19:06 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,216 | Size = 172032 bytes | Modified Date = 12/27/2005 11:32:12 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] (ExtranetAccess) Contivity VPN Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\WMI VPN\Extranet_serv.exe -> Nortel Networks NA, Inc. [Ver = 05,01,0,100 | Size = 782336 bytes | Modified Date = 10/8/2004 9:48:58 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 7/8/2008 12:13:22 PM | Attr = ] (mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr = ] (McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] (McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 11/7/2007 9:35:40 AM | Attr = ] (McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ] (McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr = ] (McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 12/5/2007 10:04:10 AM | Attr = ] (MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ] (MSOLAP$SQL2005) SQL Server Analysis Services (SQL2005) [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe -s C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\ -> File not found (RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> [Ver = 2.0.2119 | Size = 243056 bytes | Modified Date = 10/16/2007 5:46:08 AM | Attr = ] (sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 5, 5, 1, 0 | Size = 337800 bytes | Modified Date = 4/10/2008 3:14:26 PM | Attr = ] (sdCoreService) PC Tools Security Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 5.5.1.9 | Size = 1017224 bytes | Modified Date = 4/17/2008 2:19:02 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Alcmtr -> %SystemRoot%\Alcmtr.exe [ALCMTR.EXE] -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 6:43:28 PM | Attr = ] ISTray -> %ProgramFiles%\Spyware Doctor\pctsTray.exe ["C:\Program Files\Spyware Doctor\pctsTray.exe"] -> PC Tools [Ver = 5.5.1.1 | Size = 1107848 bytes | Modified Date = 4/10/2008 3:14:30 PM | Attr = ] mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr = ] OLPSYNCH -> %ProgramFiles%\Offline Course Player\OlpSynch.exe [C:\Program Files\Offline Course Player\OlpSynch.exe] -> [Ver = | Size = 42288 bytes | Modified Date = 2/19/2008 4:00:02 AM | Attr = ] RTHDCPL -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.1.9.1 | Size = 16858112 bytes | Modified Date = 2/19/2008 3:34:46 PM | Attr = ] THGuard -> %ProgramFiles%\TrojanHunter 5.0\THGuard.exe ["C:\Program Files\TrojanHunter 5.0\THGuard.exe"] -> Mischel Internet Security [Ver = 5.0.0.278 | Size = 1047712 bytes | Modified Date = 3/25/2008 7:08:16 PM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.4279 | Size = 185896 bytes | Modified Date = 6/26/2008 1:08:04 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 7/8/2008 12:13:25 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\] > -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 7/8/2008 12:13:25 PM | Attr = ] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [Ver = | Size = 38912 bytes | Modified Date = 10/20/2005 12:04:08 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < user Startup Folder > -> C:\Documents and Settings\user\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {01F355AF-524A-4AA1-A2CE-8F2F03D16042} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqPFuRK.dll [] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 3:53:07 PM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/26/2007 9:06:51 AM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500] > -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 6.14.10.4833 | Size = 204800 bytes | Modified Date = 6/15/2007 9:38:13 AM | Attr = R ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500] > -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_DVD_RW_DRU-190A____________________1.62____\6&983f207&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 12/16/2007 2:43:32 PM | Attr = ] < HOSTS File > (807 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 207.171.183.113 s3.amazonaws.com -> -> 67.19.173.157 dashboard.efficience.us -> -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.co.in/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> HKEY_USERS\.DEFAULT\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-18\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\] > -> -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\: Main\\Start Page -> http://www.google.co.in/ -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> wm_efficience.us [http] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\] > -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> wm_efficience.us [http] -> Trusted sites -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\] > -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.522 | Size = 370296 bytes | Modified Date = 6/26/2008 1:08:46 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {a0cb8059-9282-4ca1-b280-5f74abf46044} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nhkzzx.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 103936 bytes | Modified Date = 7/9/2008 12:02:31 PM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 7/8/2008 12:13:21 PM | Attr = R ] {CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [Ver = | Size = 94208 bytes | Modified Date = 11/26/2007 2:35:44 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {947E34E9-1D85-43CB-9CBF-5C492118FDD5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\] > -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {947E34E9-1D85-43CB-9CBF-5C492118FDD5} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 7/8/2008 12:13:21 PM | Attr = R ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 7/8/2008 12:13:21 PM | Attr = R ] WebBrowser\\{3E1201F4-1707-409F-BB45-A5F192381DA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\] > -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 5904 | Size = 2403392 bytes | Modified Date = 7/8/2008 12:13:21 PM | Attr = R ] WebBrowser\\{3E1201F4-1707-409F-BB45-A5F192381DA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E}:Exec -> %ProgramFiles%\Fiddler2\Fiddler.exe [Fiddler2] -> Eric Lawrence [Ver = 2.1.4.4 | Size = 442368 bytes | Modified Date = 3/12/2008 12:01:04 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Fiddler2\Fiddler.exe [Fiddler2] -> Eric Lawrence [Ver = 2.1.4.4 | Size = 442368 bytes | Modified Date = 3/12/2008 12:01:04 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Download all with Free Download Manager -> -> File not found Download selected with Free Download Manager -> -> File not found Download video with Free Download Manager -> -> File not found Download with Free Download Manager -> -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\] > -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 2/22/2008 4:25:19 AM | Attr = ] CmdMapping\\{CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Fiddler2\Fiddler.exe [Fiddler2] -> Eric Lawrence [Ver = 2.1.4.4 | Size = 442368 bytes | Modified Date = 3/12/2008 12:01:04 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\] > -> HKEY_USERS\S-1-5-21-2505351160-2826457082-3675345140-500\Software\Microsoft\Internet Explorer\MenuExt\ -> Download all with Free Download Manager -> -> File not found Download selected with Free Download Manager -> -> File not found Download video with Free Download Manager -> -> File not found Download with Free Download Manager -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {52E6C5BD-0587-4563-83C7-C0CC5373DA5E} -> (1394 Net Adapter) -> {A1BF5BEF-CB47-49E8-BAC3-10A2E8EDAD46} -> 208.67.222.222,208.67.222.220 (Intel(R) 82566DC-2 Gigabit Network Connection) -> {A3FB0AB6-F65C-4D35-BCA1-B0CABEF5CEE9} -> (1394 Net Adapter) -> {C6145094-3735-4954-84BC-D139E07528F4} -> () -> {D168B35A-5969-4D1C-9B16-A2EF1268F401} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {31435657-9980-0010-8000-00AA00389B71}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab[Reg Error: Key does not exist or could not be opened.] -> {474F00F5-3853-492C-AC3A-476512BBC336}[HKEY_LOCAL_MACHINE] -> http://picasaweb.google.com/s/v/27.44/uploader2.cab[UploadListView Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\\.Owner -> {474F00F5-3853-492C-AC3A-476512BBC336} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/UploaderX.dll\\{474F00F5-3853-492C-AC3A-476512BBC336} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableRemoteConnect -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] C:\WINDOWS\system32\cbXOExuS -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:19:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144896 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1064 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> A0 41 AA D7 F2 A0 5B D2 E1 A3 A3 B3 C9 8F 04 D8 63 34 37 39 30 35 35 37 00 FD 07 00 68 43 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 38 FA 10 BA DB 4D 79 AD E4 BD 97 C4 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 4C 47 8A 7B 9C 35 74 1B A1 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 09 89 5E 7B B5 79 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [iissuba] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 1B FB C7 72 E2 A7 AC 4E E0 2D 0C 20 9F 54 DA 2B [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> BA 4A 79 7E 42 E2 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 A0 13 80 5E 3C C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 A0 13 80 5E 3C C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 A0 13 80 5E 3C C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1601 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe -> %ProgramFiles%\CyberLink\PowerDVD\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD] -> CyberLink Corp. [Ver = 7.03.3723 | Size = 1283368 bytes | Modified Date = 1/23/2008 10:54:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 9:54:37 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 3/5/2008 1:01:21 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe -> %ProgramFiles%\CyberLink\PowerDVD\PowerDVD.exe [C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD] -> CyberLink Corp. [Ver = 7.03.3723 | Size = 1283368 bytes | Modified Date = 1/23/2008 10:54:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1533:TCP -> 1533:TCP:192.168.1.3/255.255.255.255,192.168.1.4/255.255.255.255,192.168.1.6/255.255.255.255,192.168.1.7/255.255.255.255,192.168.1.8/255.255.255.255,192.168.1.10/255.255.255.255,192.168.1.11/255.255.255.255:Enabled:Sql Server 2005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\80:TCP -> 80:TCP:192.168.1.2/255.255.255.255,192.168.1.3/255.255.255.255:Enabled:HTTP Port -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 10:09:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 10:09:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] clr -> %SystemDrive%\clr -> [Folder | Created Date = 6/9/2008 5:04:01 PM | Attr = ] CLRProfiler -> %SystemDrive%\CLRProfiler -> [Folder | Created Date = 7/1/2008 7:46:57 PM | Attr = ] CSSTest -> %SystemDrive%\CSSTest -> [Folder | Created Date = 5/23/2008 2:47:44 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 7/9/2008 10:19:08 AM | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 5/31/2008 2:21:43 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1053413376 bytes | Created Date = 7/9/2008 3:18:20 PM | Attr = HS] spoolerlogs -> %SystemDrive%\spoolerlogs -> [Folder | Created Date = 6/25/2008 1:07:23 PM | Attr = ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Created Date = 6/24/2008 11:19:51 AM | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Created Date = 6/24/2008 3:38:16 PM | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Created Date = 6/24/2008 11:19:51 AM | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Created Date = 6/24/2008 3:38:16 PM | Attr = H ] Web.config_BACKUP -> %SystemDrive%\Web.config_BACKUP -> [Ver = | Size = 6619 bytes | Created Date = 6/24/2008 8:39:00 AM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 7/9/2008 2:50:59 PM | Attr = ] ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1039 built by: WinDDK | Size = 42376 bytes | Created Date = 7/8/2008 12:13:37 PM | Attr = ] iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 7/8/2008 12:13:37 PM | Attr = ] iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1031 | Size = 81288 bytes | Created Date = 7/8/2008 12:13:37 PM | Attr = ] kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 7/8/2008 12:13:37 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 7/9/2008 3:28:32 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 7/9/2008 3:28:31 PM | Attr = ] affv208325p1now.sys -> %SystemRoot%\System32\affv208325p1now.sys -> [Ver = | Size = 3082 bytes | Created Date = 6/18/2008 10:31:37 AM | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Created Date = 6/5/2008 5:06:20 PM | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> A_reg.reg -> %SystemRoot%\System32\A_reg.reg -> [Ver = | Size = 14909 bytes | Created Date = 6/17/2008 3:36:40 PM | Attr = ] dkwxskpn.dll -> %SystemRoot%\System32\dkwxskpn.dll -> [Ver = | Size = 103936 bytes | Created Date = 7/9/2008 12:02:30 PM | Attr = ] dpxixyir.ini -> %SystemRoot%\System32\dpxixyir.ini -> [Ver = | Size = 1633473 bytes | Created Date = 7/7/2008 11:57:26 AM | Attr = HS] en-US -> %SystemRoot%\System32\en-US -> [Folder | Created Date = 5/22/2008 2:28:05 PM | Attr = ] ffdshow.ax -> %SystemRoot%\System32\ffdshow.ax -> [Ver = 1.0.3.1023 | Size = 2174976 bytes | Created Date = 6/17/2008 3:36:40 PM | Attr = ] ffdshow.reg -> %SystemRoot%\System32\ffdshow.reg -> [Ver = | Size = 34820 bytes | Created Date = 6/17/2008 3:36:40 PM | Attr = ] fndstqsx.ini -> %SystemRoot%\System32\fndstqsx.ini -> [Ver = | Size = 1688763 bytes | Created Date = 7/1/2008 12:20:18 PM | Attr = HS] gfhotaon.ini -> %SystemRoot%\System32\gfhotaon.ini -> [Ver = | Size = 1689234 bytes | Created Date = 7/2/2008 12:19:53 PM | Attr = HS] hpzids01.dll -> %SystemRoot%\System32\hpzids01.dll -> Hewlett-Packard [Ver = 9,0,0,62 | Size = 267864 bytes | Created Date = 4/21/2008 6:52:32 PM | Attr = R ] hpzll5ha.dll -> %SystemRoot%\System32\hpzll5ha.dll -> Hewlett-Packard Company [Ver = 61.071.244.00 | Size = 117760 bytes | Created Date = 4/21/2008 6:52:30 PM | Attr = ] jnccwhbu.dll -> %SystemRoot%\System32\jnccwhbu.dll -> [Ver = | Size = 49664 bytes | Created Date = 7/9/2008 12:02:27 PM | Attr = ] kscivblv.ini -> %SystemRoot%\System32\kscivblv.ini -> [Ver = | Size = 1610558 bytes | Created Date = 7/4/2008 12:16:40 PM | Attr = HS] ldgldmft.ini -> %SystemRoot%\System32\ldgldmft.ini -> [Ver = | Size = 1732207 bytes | Created Date = 6/27/2008 10:22:22 AM | Attr = HS] libavcodec.dll -> %SystemRoot%\System32\libavcodec.dll -> [Ver = | Size = 3049984 bytes | Created Date = 6/17/2008 3:36:40 PM | Attr = ] libmpeg2_ff.dll -> %SystemRoot%\System32\libmpeg2_ff.dll -> [Ver = | Size = 114688 bytes | Created Date = 6/17/2008 3:36:40 PM | Attr = ] libmplayer.dll -> %SystemRoot%\System32\libmplayer.dll -> [Ver = | Size = 404480 bytes | Created Date = 6/17/2008 3:36:40 PM | Attr = ] mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 27420 bytes | Created Date = 5/22/2008 7:27:00 PM | Attr = H ] mpnderxj.ini -> %SystemRoot%\System32\mpnderxj.ini -> [Ver = | Size = 1706378 bytes | Created Date = 6/26/2008 1:14:38 PM | Attr = HS] nhkzzx.dll -> %SystemRoot%\System32\nhkzzx.dll -> [Ver = | Size = 103936 bytes | Created Date = 7/9/2008 12:02:31 PM | Attr = ] NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Created Date = 6/6/2008 3:59:18 PM | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 6/26/2008 1:08:09 PM | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 6/26/2008 1:08:13 PM | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 6/26/2008 1:08:13 PM | Attr = ] pptasnmu.ini -> %SystemRoot%\System32\pptasnmu.ini -> [Ver = | Size = 1695009 bytes | Created Date = 7/3/2008 12:17:39 PM | Attr = HS] PropListCtrl.ocx -> %SystemRoot%\System32\PropListCtrl.ocx -> Cucusoft Inc. [Ver = 1, 0, 0, 1 | Size = 114688 bytes | Created Date = 6/17/2008 3:36:39 PM | Attr = ] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.3084 | Size = 185944 bytes | Created Date = 6/26/2008 1:08:33 PM | Attr = ] streamhlp.dll -> %SystemRoot%\System32\streamhlp.dll -> [Ver = | Size = 59392 bytes | Created Date = 7/8/2008 3:35:35 PM | Attr = R ] SuxEOXbc.ini -> %SystemRoot%\System32\SuxEOXbc.ini -> [Ver = | Size = 378287 bytes | Created Date = 6/26/2008 1:13:28 PM | Attr = HS] TomsMoComp_ff.dll -> %SystemRoot%\System32\TomsMoComp_ff.dll -> [Ver = | Size = 200704 bytes | Created Date = 6/17/2008 3:36:40 PM | Attr = ] trjdlkme.ini -> %SystemRoot%\System32\trjdlkme.ini -> [Ver = | Size = 1691708 bytes | Created Date = 6/30/2008 11:00:30 AM | Attr = HS] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Created Date = 6/18/2008 1:23:38 PM | Attr = ] xvid.ax -> %SystemRoot%\System32\xvid.ax -> [Ver = | Size = 372736 bytes | Created Date = 6/17/2008 3:36:40 PM | Attr = ] $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Created Date = 5/22/2008 2:26:42 PM | Attr = H ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Created Date = 5/22/2008 2:26:25 PM | Attr = H ] BMb3b6afb6.xml -> %SystemRoot%\BMb3b6afb6.xml -> [Ver = | Size = 110415 bytes | Created Date = 6/30/2008 11:00:13 AM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 7/9/2008 10:19:55 AM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Created Date = 5/22/2008 2:26:56 PM | Attr = H ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Created Date = 6/30/2008 11:00:13 AM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Created Date = 5/22/2008 2:28:06 PM | Attr = ] wcat -> %SystemRoot%\wcat -> [Folder | Created Date = 6/6/2008 11:52:55 AM | Attr = ] User_Feed_Synchronization-{940F17C0-E4A7-4918-A95C-7872C4B2307B}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{940F17C0-E4A7-4918-A95C-7872C4B2307B}.job -> [Ver = | Size = 438 bytes | Created Date = 5/30/2008 3:29:24 PM | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Created Date = 7/8/2008 12:13:27 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 7/9/2008 3:28:31 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 7/8/2008 12:13:49 PM | Attr = ] @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 Apple Computer -> %AppData%\Apple Computer -> [Folder | Created Date = 5/22/2008 6:16:20 PM | Attr = ] Google -> %AppData%\Google -> [Folder | Created Date = 7/8/2008 12:24:07 PM | Attr = ] IsolatedStorage -> %AppData%\IsolatedStorage -> [Folder | Created Date = 6/23/2008 3:44:05 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 7/9/2008 3:28:35 PM | Attr = ] Microsoft FxCop -> %AppData%\Microsoft FxCop -> [Folder | Created Date = 6/10/2008 4:49:04 PM | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Created Date = 7/8/2008 12:13:31 PM | Attr = ] QEngine -> %AppData%\QEngine -> [Folder | Created Date = 6/5/2008 10:33:34 AM | Attr = ] Real -> %AppData%\Real -> [Folder | Created Date = 6/26/2008 1:07:18 PM | Attr = ] TrojanHunter -> %AppData%\TrojanHunter -> [Folder | Created Date = 7/8/2008 3:36:38 PM | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Created Date = 5/22/2008 6:14:36 PM | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Created Date = 5/22/2008 6:16:20 PM | Attr = ] assembly -> %UserProfile%\Local Settings\Application Data\assembly -> [Folder | Created Date = 6/18/2008 4:43:30 PM | Attr = ] Element K -> %UserProfile%\Local Settings\Application Data\Element K -> [Folder | Created Date = 6/25/2008 6:01:43 PM | Attr = ] ACT Projects -> %UserProfile%\My Documents\ACT Projects -> [Folder | Created Date = 6/6/2008 3:49:22 PM | Attr = ] Expresso Projects -> %UserProfile%\My Documents\Expresso Projects -> [Folder | Created Date = 6/2/2008 3:15:11 PM | Attr = ] Fiddler2 -> %UserProfile%\My Documents\Fiddler2 -> [Folder | Created Date = 4/30/2008 4:19:55 PM | Attr = ] Team USA -> %UserProfile%\My Documents\Team USA -> [Folder | Created Date = 4/24/2008 9:40:36 AM | Attr = ] Visual Studio 2008 -> %UserProfile%\My Documents\Visual Studio 2008 -> [Folder | Created Date = 6/18/2008 1:25:03 PM | Attr = ] Accessing Your Offline Course Player.lnk -> %AllUsersProfile%\Desktop\Accessing Your Offline Course Player.lnk -> [Ver = | Size = 657 bytes | Created Date = 6/25/2008 5:59:26 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 7/9/2008 3:28:32 PM | Attr = ] 1.htm -> %UserProfile%\Desktop\1.htm -> [Ver = | Size = 1124 bytes | Created Date = 5/21/2008 7:05:09 PM | Attr = ] 50-Fast-Digital-Camera-Techniques-50-Fast-Techniques-Series.9780764525001.32150.pdf -> %UserProfile%\Desktop\50-Fast-Digital-Camera-Techniques-50-Fast-Techniques-Series.9780764525001.32150.pdf -> [Ver = | Size = 13927911 bytes | Created Date = 7/7/2008 9:33:57 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\50-Fast-Digital-Camera-Techniques-50-Fast-Techniques-Series.9780764525001.32150.pdf:Zone.Identifier Adapting-to-Web-Standards-CSS-and-Ajax-for-Big-Sites-Voices-That-Matter.9780321501820.32140.pdf -> %UserProfile%\Desktop\Adapting-to-Web-Standards-CSS-and-Ajax-for-Big-Sites-Voices-That-Matter.9780321501820.32140.pdf -> [Ver = | Size = 7395780 bytes | Created Date = 7/7/2008 3:02:40 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Adapting-to-Web-Standards-CSS-and-Ajax-for-Big-Sites-Voices-That-Matter.9780321501820.32140.pdf:Zone.Identifier Amazon -> %UserProfile%\Desktop\Amazon -> [Folder | Created Date = 7/4/2008 10:26:03 AM | Attr = ] Amazon Services.doc -> %UserProfile%\Desktop\Amazon Services.doc -> [Ver = | Size = 34816 bytes | Created Date = 7/3/2008 2:59:59 PM | Attr = ] amazon-ecs-2007-07-16-cs-library -> %UserProfile%\Desktop\amazon-ecs-2007-07-16-cs-library -> [Folder | Created Date = 7/3/2008 12:37:30 PM | Attr = ] amazon-ecs-2007-07-16-cs-library.zip -> %UserProfile%\Desktop\amazon-ecs-2007-07-16-cs-library.zip -> [Ver = | Size = 785026 bytes | Created Date = 7/3/2008 12:39:01 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\amazon-ecs-2007-07-16-cs-library.zip:Zone.Identifier amazonsample_vb -> %UserProfile%\Desktop\amazonsample_vb -> [Folder | Created Date = 7/4/2008 5:41:46 PM | Attr = ] amazonsample_vb.zip -> %UserProfile%\Desktop\amazonsample_vb.zip -> [Ver = | Size = 12841 bytes | Created Date = 7/4/2008 5:43:40 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\amazonsample_vb.zip:Zone.Identifier ARB_guide latest.pdf -> %UserProfile%\Desktop\ARB_guide latest.pdf -> [Ver = | Size = 230097 bytes | Created Date = 6/23/2008 9:34:41 AM | Attr = ] AspNetCompiler.exe.lnk -> %UserProfile%\Desktop\AspNetCompiler.exe.lnk -> [Ver = | Size = 528 bytes | Created Date = 6/18/2008 11:12:05 AM | Attr = ] asp_rr -> %UserProfile%\Desktop\asp_rr -> [Folder | Created Date = 6/20/2008 12:52:51 PM | Attr = ] asp_rr.zip -> %UserProfile%\Desktop\asp_rr.zip -> [Ver = | Size = 2762 bytes | Created Date = 6/20/2008 12:52:41 PM | Attr = ] asp_sim -> %UserProfile%\Desktop\asp_sim -> [Folder | Created Date = 6/20/2008 1:01:11 PM | Attr = ] asp_sim.zip -> %UserProfile%\Desktop\asp_sim.zip -> [Ver = | Size = 7165 bytes | Created Date = 6/20/2008 1:02:53 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\asp_sim.zip:Zone.Identifier asp_sp -> %UserProfile%\Desktop\asp_sp -> [Folder | Created Date = 6/20/2008 11:55:29 AM | Attr = ] asp_sp.zip -> %UserProfile%\Desktop\asp_sp.zip -> [Ver = | Size = 1937 bytes | Created Date = 6/20/2008 11:55:02 AM | Attr = ] atg.exe -> %UserProfile%\Desktop\atg.exe -> Bitsoft Development , Inc. [Ver = | Size = 873568 bytes | Created Date = 6/16/2008 12:45:43 PM | Attr = ] beginning-asp-net-2-0-e-commerce-in-c-2005-from-novice-to-professional.9781590594681.21122.pdf -> %UserProfile%\Desktop\beginning-asp-net-2-0-e-commerce-in-c-2005-from-novice-to-professional.9781590594681.21122.pdf -> [Ver = | Size = 21635576 bytes | Created Date = 7/4/2008 5:54:43 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\beginning-asp-net-2-0-e-commerce-in-c-2005-from-novice-to-professional.9781590594681.21122.pdf:Zone.Identifier blobs.gif -> %UserProfile%\Desktop\blobs.gif -> [Ver = | Size = 20477 bytes | Created Date = 5/21/2008 8:36:46 PM | Attr = ] BlogEngine.NET 1.4 (source).zip -> %UserProfile%\Desktop\BlogEngine.NET 1.4 (source).zip -> [Ver = | Size = 1119260 bytes | Created Date = 7/9/2008 8:30:37 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\BlogEngine.NET 1.4 (source).zip:Zone.Identifier ContextMenu -> %UserProfile%\Desktop\ContextMenu -> [Folder | Created Date = 6/27/2008 7:11:38 PM | Attr = ] ContextMenu.zip -> %UserProfile%\Desktop\ContextMenu.zip -> [Ver = | Size = 11290 bytes | Created Date = 6/27/2008 7:11:29 PM | Attr = ] CP_guide.pdf -> %UserProfile%\Desktop\CP_guide.pdf -> [Ver = | Size = 434858 bytes | Created Date = 6/20/2008 4:52:09 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\CP_guide.pdf:Zone.Identifier csharp_aim -> %UserProfile%\Desktop\csharp_aim -> [Folder | Created Date = 6/20/2008 2:43:30 PM | Attr = ] csharp_aim.zip -> %UserProfile%\Desktop\csharp_aim.zip -> [Ver = | Size = 2855 bytes | Created Date = 6/20/2008 2:45:16 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\csharp_aim.zip:Zone.Identifier Cucusoft Ultimate Video Converter.lnk -> %UserProfile%\Desktop\Cucusoft Ultimate Video Converter.lnk -> [Ver = | Size = 1843 bytes | Created Date = 6/17/2008 3:36:41 PM | Attr = ] cucusoft_UltimateConverterReg.exe -> %UserProfile%\Desktop\cucusoft_UltimateConverterReg.exe -> Digital River [Ver = 1.0.0.1 | Size = 128384 bytes | Created Date = 6/17/2008 3:33:27 PM | Attr = ] dasBlog-2.0.7226.0-Source -> %UserProfile%\Desktop\dasBlog-2.0.7226.0-Source -> [Folder | Created Date = 7/9/2008 8:04:03 PM | Attr = ] dasBlog-2.0.7226.0-Source.zip -> %UserProfile%\Desktop\dasBlog-2.0.7226.0-Source.zip -> [Ver = | Size = 4585530 bytes | Created Date = 7/9/2008 8:00:17 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dasBlog-2.0.7226.0-Source.zip:Zone.Identifier dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 7/9/2008 10:15:15 AM | Attr = ] DVT_Diagnosis.pdf -> %UserProfile%\Desktop\DVT_Diagnosis.pdf -> [Ver = | Size = 110046 bytes | Created Date = 6/22/2008 4:49:14 PM | Attr = ] errrrrr.PNG -> %UserProfile%\Desktop\errrrrr.PNG -> [Ver = | Size = 168069 bytes | Created Date = 7/9/2008 3:40:51 PM | Attr = ] erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> Lars Hederer [Ver = | Size = 791393 bytes | Created Date = 7/9/2008 2:44:25 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\erunt-setup.exe:Zone.Identifier ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [Ver = | Size = 592 bytes | Created Date = 7/9/2008 2:45:17 PM | Attr = ] exclamation.gif -> %UserProfile%\Desktop\exclamation.gif -> [Ver = | Size = 3348 bytes | Created Date = 7/8/2008 12:11:16 PM | Attr = ] fix.reg -> %UserProfile%\Desktop\fix.reg -> [Ver = | Size = 127 bytes | Created Date = 7/9/2008 2:48:44 PM | Attr = ] Free GoToMeeting Trial.url -> %UserProfile%\Desktop\Free GoToMeeting Trial.url -> [Ver = | Size = 168 bytes | Created Date = 4/18/2008 7:11:05 PM | Attr = ] Gjo.exe -> %UserProfile%\Desktop\Gjo.exe -> Bitsoft.net Inc. [Ver = | Size = 1010614 bytes | Created Date = 6/16/2008 12:45:24 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 7/8/2008 10:52:42 AM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 7/8/2008 10:54:06 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier ipinkiepromise.lnk -> %UserProfile%\Desktop\ipinkiepromise.lnk -> [Ver = | Size = 669 bytes | Created Date = 4/23/2008 10:09:02 AM | Attr = ] JocysComJavaScriptClasses -> %UserProfile%\Desktop\JocysComJavaScriptClasses -> [Folder | Created Date = 6/20/2008 6:43:35 PM | Attr = ] JocysComJavaScriptClasses.zip -> %UserProfile%\Desktop\JocysComJavaScriptClasses.zip -> [Ver = | Size = 744752 bytes | Created Date = 6/20/2008 6:43:01 PM | Attr = ] jquery-1.2.6.min.js -> %UserProfile%\Desktop\jquery-1.2.6.min.js -> [Ver = | Size = 55774 bytes | Created Date = 6/4/2008 3:41:49 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\jquery-1.2.6.min.js:Zone.Identifier JS Packer.lnk -> %UserProfile%\Desktop\JS Packer.lnk -> [Ver = | Size = 667 bytes | Created Date = 6/4/2008 4:52:00 PM | Attr = ] livemeeting.wmv -> %UserProfile%\Desktop\livemeeting.wmv -> [Ver = | Size = 19485613 bytes | Created Date = 7/3/2008 6:53:02 PM | Attr = ] MarsaX -> %UserProfile%\Desktop\MarsaX -> [Folder | Created Date = 6/27/2008 7:32:36 PM | Attr = ] MarsaX.zip -> %UserProfile%\Desktop\MarsaX.zip -> [Ver = | Size = 611064 bytes | Created Date = 6/27/2008 7:32:14 PM | Attr = ] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes Corporation [Ver = 1.20 | Size = 1774048 bytes | Created Date = 7/9/2008 4:03:33 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier merchant_guide.pdf -> %UserProfile%\Desktop\merchant_guide.pdf -> [Ver = | Size = 588254 bytes | Created Date = 6/20/2008 11:02:36 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\merchant_guide.pdf:Zone.Identifier Microsoft E-Learning Offline Player.lnk -> %UserProfile%\Desktop\Microsoft E-Learning Offline Player.lnk -> [Ver = | Size = 1899 bytes | Created Date = 6/25/2008 6:02:29 PM | Attr = ] microsoft-r-sql-server-2005-unleashed.9780672328244.27532.pdf -> %UserProfile%\Desktop\microsoft-r-sql-server-2005-unleashed.9780672328244.27532.pdf -> [Ver = | Size = 40412775 bytes | Created Date = 4/24/2008 12:05:00 PM | Attr = ] Nintendo-Wii-Flash-Game-Creators-Guide.9780071545259.32129.pdf -> %UserProfile%\Desktop\Nintendo-Wii-Flash-Game-Creators-Guide.9780071545259.32129.pdf -> [Ver = | Size = 7305687 bytes | Created Date = 7/7/2008 9:38:07 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Nintendo-Wii-Flash-Game-Creators-Guide.9780071545259.32129.pdf:Zone.Identifier NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [Ver = | Size = 611 bytes | Created Date = 7/9/2008 2:45:17 PM | Attr = ] optipng-0.5.5-exe -> %UserProfile%\Desktop\optipng-0.5.5-exe -> [Folder | Created Date = 6/16/2008 11:29:50 AM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Created Date = 7/9/2008 2:51:53 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 7/10/2008 9:56:29 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568114 bytes | Created Date = 7/10/2008 9:44:52 AM | Attr = ] Reflector.lnk -> %UserProfile%\Desktop\Reflector.lnk -> [Ver = | Size = 694 bytes | Created Date = 4/26/2008 10:18:31 AM | Attr = ] RMSDK.exe -> %UserProfile%\Desktop\RMSDK.exe -> [Ver = | Size = 3848873 bytes | Created Date = 6/18/2008 10:28:49 AM | Attr = ] SA Recorder.lnk -> %UserProfile%\Desktop\SA Recorder.lnk -> [Ver = | Size = 709 bytes | Created Date = 6/30/2008 1:16:51 PM | Attr = ] Sams-Teach-Yourself-Visual-C-2008-in-24-Hours-Complete-Starter-Kit.9780672329906.32137.pdf -> %UserProfile%\Desktop\Sams-Teach-Yourself-Visual-C-2008-in-24-Hours-Complete-Starter-Kit.9780672329906.32137.pdf -> [Ver = | Size = 12894287 bytes | Created Date = 7/7/2008 10:59:02 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Sams-Teach-Yourself-Visual-C-2008-in-24-Hours-Complete-Starter-Kit.9780672329906.32137.pdf:Zone.Identifier ScaleNet.pdf -> %UserProfile%\Desktop\ScaleNet.pdf -> [Ver = | Size = 8343744 bytes | Created Date = 6/9/2008 3:01:30 PM | Attr = ] screencap_revised.psd -> %UserProfile%\Desktop\screencap_revised.psd -> [Ver = | Size = 1134051 bytes | Created Date = 6/20/2008 9:43:02 AM | Attr = ] SIM_guide.pdf -> %UserProfile%\Desktop\SIM_guide.pdf -> [Ver = | Size = 901344 bytes | Created Date = 6/23/2008 9:34:41 AM | Attr = ] Source -> %UserProfile%\Desktop\Source -> [Folder | Created Date = 4/24/2008 8:45:41 PM | Attr = ] spyware doctor setup.exe -> %UserProfile%\Desktop\spyware doctor setup.exe -> PC Tools [Ver = 5.5.1.322 | Size = 18473000 bytes | Created Date = 7/8/2008 12:10:18 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\spyware doctor setup.exe:Zone.Identifier squidoo.PNG -> %UserProfile%\Desktop\squidoo.PNG -> [Ver = | Size = 66131 bytes | Created Date = 7/8/2008 10:10:32 AM | Attr = ] test-3.jpg -> %UserProfile%\Desktop\test-3.jpg -> [Ver = | Size = 23088 bytes | Created Date = 5/21/2008 7:05:22 PM | Attr = ] TrojanHunter.lnk -> %UserProfile%\Desktop\TrojanHunter.lnk -> [Ver = | Size = 692 bytes | Created Date = 7/8/2008 3:35:42 PM | Attr = ] TrojanHunterSetup.exe -> %UserProfile%\Desktop\TrojanHunterSetup.exe -> Mischel Internet Security [Ver = | Size = 16196952 bytes | Created Date = 7/8/2008 3:09:21 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\TrojanHunterSetup.exe:Zone.Identifier UltimateConverterReg.exe -> %UserProfile%\Desktop\UltimateConverterReg.exe -> Cucusoft, Inc. [Ver = | Size = 6913056 bytes | Created Date = 6/17/2008 3:33:56 PM | Attr = ] WinAVI.exe -> %UserProfile%\Desktop\WinAVI.exe -> [Ver = 1, 0, 0, 1 | Size = 3977452 bytes | Created Date = 6/18/2008 10:28:49 AM | Attr = ] winavirm.zip -> %UserProfile%\Desktop\winavirm.zip -> [Ver = | Size = 7663130 bytes | Created Date = 6/18/2008 10:26:32 AM | Attr = ] WinAVIVideoConverter.lnk -> %UserProfile%\Desktop\WinAVIVideoConverter.lnk -> [Ver = | Size = 678 bytes | Created Date = 6/18/2008 10:31:49 AM | Attr = ] Windows-Presentation-Foundation-Unleashed-WPF.9780672328916.27660.pdf -> %UserProfile%\Desktop\Windows-Presentation-Foundation-Unleashed-WPF.9780672328916.27660.pdf -> [Ver = | Size = 18827274 bytes | Created Date = 6/23/2008 6:15:08 PM | Attr = ] WinVideo-How do I-Load test my web applications.wmv -> %UserProfile%\Desktop\WinVideo-How do I-Load test my web applications.wmv -> [Ver = | Size = 13694901 bytes | Created Date = 6/3/2008 7:29:40 PM | Attr = ] WinVideo-SL-GettingStarted -> %UserProfile%\Desktop\WinVideo-SL-GettingStarted -> [Folder | Created Date = 6/17/2008 2:58:47 PM | Attr = ] You do have a few nasties there.doc -> %UserProfile%\Desktop\You do have a few nasties there.doc -> [Ver = | Size = 34816 bytes | Created Date = 7/9/2008 2:44:49 PM | Attr = ] ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Created Date = 7/9/2008 2:45:39 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 6/17/2008 3:36:29 PM | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Created Date = 6/26/2008 1:08:02 PM | Attr = ] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Created Date = 6/26/2008 1:08:51 PM | Attr = ] 123 GIF&JPG Optimizer -> %ProgramFiles%\123 GIF&JPG Optimizer -> [Folder | Created Date = 6/16/2008 12:46:22 PM | Attr = ] AdventNet -> %ProgramFiles%\AdventNet -> [Folder | Created Date = 6/5/2008 10:07:30 AM | Attr = ] Business Objects -> %ProgramFiles%\Business Objects -> [Folder | Created Date = 6/18/2008 1:42:36 PM | Attr = ] Citrix -> %ProgramFiles%\Citrix -> [Folder | Created Date = 4/18/2008 7:10:56 PM | Attr = ] Core Services -> %ProgramFiles%\Core Services -> [Folder | Created Date = 6/9/2008 7:54:09 PM | Attr = ] Cucusoft -> %ProgramFiles%\Cucusoft -> [Folder | Created Date = 6/17/2008 3:36:38 PM | Attr = ] ERUNT -> %ProgramFiles%\ERUNT -> [Folder | Created Date = 7/9/2008 2:45:16 PM | Attr = ] Fiddler2 -> %ProgramFiles%\Fiddler2 -> [Folder | Created Date = 4/30/2008 4:18:35 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 7/9/2008 3:28:30 PM | Attr = ] Microsoft -> %ProgramFiles%\Microsoft -> [Folder | Created Date = 4/16/2008 10:43:09 AM | Attr = ] Microsoft Device Emulator -> %ProgramFiles%\Microsoft Device Emulator -> [Folder | Created Date = 6/18/2008 1:41:44 PM | Attr = ] Microsoft FxCop 1.36 -> %ProgramFiles%\Microsoft FxCop 1.36 -> [Folder | Created Date = 6/10/2008 4:48:50 PM | Attr = ] Microsoft SDKs -> %ProgramFiles%\Microsoft SDKs -> [Folder | Created Date = 6/18/2008 1:27:22 PM | Attr = ] Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight -> [Folder | Created Date = 6/25/2008 5:35:17 PM | Attr = ] Microsoft SQL Server Compact Edition -> %ProgramFiles%\Microsoft SQL Server Compact Edition -> [Folder | Created Date = 6/18/2008 1:39:45 PM | Attr = ] Microsoft Synchronization Services -> %ProgramFiles%\Microsoft Synchronization Services -> [Folder | Created Date = 6/18/2008 1:39:45 PM | Attr = ] Microsoft Visual Studio 9.0 -> %ProgramFiles%\Microsoft Visual Studio 9.0 -> [Folder | Created Date = 6/18/2008 1:27:21 PM | Attr = ] Microsoft Web Application Stress Tool -> %ProgramFiles%\Microsoft Web Application Stress Tool -> [Folder | Created Date = 6/5/2008 3:31:21 PM | Attr = ] Microsoft Web Designer Tools -> %ProgramFiles%\Microsoft Web Designer Tools -> [Folder | Created Date = 6/18/2008 1:26:01 PM | Attr = ] MultipleIEs -> %ProgramFiles%\MultipleIEs -> [Folder | Created Date = 6/20/2008 10:31:13 AM | Attr = ] Offline Course Player -> %ProgramFiles%\Offline Course Player -> [Folder | Created Date = 6/25/2008 5:59:25 PM | Attr = ] Real -> %ProgramFiles%\Real -> [Folder | Created Date = 6/26/2008 1:08:00 PM | Attr = ] Reference Assemblies -> %ProgramFiles%\Reference Assemblies -> [Folder | Created Date = 6/18/2008 1:23:34 PM | Attr = ] Reflector -> %ProgramFiles%\Reflector -> [Folder | Created Date = 4/26/2008 10:18:13 AM | Attr = ] Safari -> %ProgramFiles%\Safari -> [Folder | Created Date = 5/22/2008 6:15:36 PM | Attr = ] Spyware Doctor -> %ProgramFiles%\Spyware Doctor -> [Folder | Created Date = 7/8/2008 12:13:31 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 7/8/2008 10:52:41 AM | Attr = ] TrojanHunter 5.0 -> %ProgramFiles%\TrojanHunter 5.0 -> [Folder | Created Date = 7/8/2008 3:35:34 PM | Attr = ] Ultrapico -> %ProgramFiles%\Ultrapico -> [Folder | Created Date = 6/2/2008 3:14:12 PM | Attr = ] WinAVIVideoConverter -> %ProgramFiles%\WinAVIVideoConverter -> [Folder | Created Date = 6/18/2008 10:31:48 AM | Attr = ] Windows Mobile 5.0 SDK R2 -> %ProgramFiles%\Windows Mobile 5.0 SDK R2 -> [Folder | Created Date = 6/18/2008 1:40:42 PM | Attr = ] [Files/Folders - Modified Within 90 days] Adobe Photoshop CS3 -> %SystemDrive%\Adobe Photoshop CS3 -> [Folder | Modified Date = 7/4/2008 2:02:52 PM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 5/21/2008 10:36:36 AM | Attr = RHS] clr -> %SystemDrive%\clr -> [Folder | Modified Date = 7/1/2008 7:59:10 PM | Attr = ] CLRProfiler -> %SystemDrive%\CLRProfiler -> [Folder | Modified Date = 7/2/2008 6:42:02 PM | Attr = ] CSSTest -> %SystemDrive%\CSSTest -> [Folder | Modified Date = 7/4/2008 4:34:43 PM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 7/9/2008 10:19:08 AM | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 6/17/2008 2:13:07 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1053413376 bytes | Modified Date = 7/10/2008 9:37:38 AM | Attr = HS] mcafee_mcpr -> %SystemDrive%\mcafee_mcpr -> [Folder | Modified Date = 6/6/2008 1:40:30 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7/9/2008 3:28:30 PM | Attr = R ] spoolerlogs -> %SystemDrive%\spoolerlogs -> [Folder | Modified Date = 6/25/2008 1:07:23 PM | Attr = ] sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/24/2008 11:19:51 AM | Attr = H ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 268 bytes | Modified Date = 6/24/2008 3:38:16 PM | Attr = H ] sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/24/2008 11:19:51 AM | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/24/2008 3:38:16 PM | Attr = H ] Web.config_BACKUP -> %SystemDrive%\Web.config_BACKUP -> [Ver = | Size = 6619 bytes | Modified Date = 6/24/2008 8:39:00 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 7/10/2008 9:38:52 AM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 7/9/2008 2:50:59 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 7/7/2008 5:35:30 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 7/7/2008 5:35:36 PM | Attr = ] 1033 -> %SystemRoot%\System32\1033 -> [Folder | Modified Date = 6/18/2008 1:29:04 PM | Attr = ] 3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> affv208325p1now.sys -> %SystemRoot%\System32\affv208325p1now.sys -> [Ver = | Size = 3082 bytes | Modified Date = 6/18/2008 10:31:37 AM | Attr = ] appmgmt -> %SystemRoot%\System32\appmgmt -> [Folder | Modified Date = 6/5/2008 5:06:20 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 5/22/2008 2:26:08 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 7/9/2008 5:42:17 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 5/22/2008 2:28:11 PM | Attr = ] Config.MPF -> %SystemRoot%\System32\Config.MPF -> [Ver = | Size = 22690 bytes | Modified Date = 7/10/2008 9:39:09 AM | Attr = ] dkwxskpn.dll -> %SystemRoot%\System32\dkwxskpn.dll -> [Ver = | Size = 103936 bytes | Modified Date = 7/9/2008 12:02:31 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 7/3/2008 10:52:46 AM | Attr = RHS] dpxixyir.ini -> %SystemRoot%\System32\dpxixyir.ini -> [Ver = | Size = 1633473 bytes | Modified Date = 7/8/2008 12:27:43 PM | Attr = HS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 7/10/2008 9:38:50 AM | Attr = ] en-US -> %SystemRoot%\System32\en-US -> [Folder | Modified Date = 6/18/2008 1:23:40 PM | Attr = ] fndstqsx.ini -> %SystemRoot%\System32\fndstqsx.ini -> [Ver = | Size = 1688763 bytes | Modified Date = 7/2/2008 9:36:22 AM | Attr = HS] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 156360 bytes | Modified Date = 6/19/2008 9:31:10 AM | Attr = ] gfhotaon.ini -> %SystemRoot%\System32\gfhotaon.ini -> [Ver = | Size = 1689234 bytes | Modified Date = 7/3/2008 9:36:16 AM | Attr = HS] inetsrv -> %SystemRoot%\System32\inetsrv -> [Folder | Modified Date = 7/10/2008 9:41:47 AM | Attr = ] jnccwhbu.dll -> %SystemRoot%\System32\jnccwhbu.dll -> [Ver = | Size = 49664 bytes | Modified Date = 7/9/2008 12:02:27 PM | Attr = ] kscivblv.ini -> %SystemRoot%\System32\kscivblv.ini -> [Ver = | Size = 1610558 bytes | Modified Date = 7/7/2008 9:26:12 AM | Attr = HS] ldgldmft.ini -> %SystemRoot%\System32\ldgldmft.ini -> [Ver = | Size = 1732207 bytes | Modified Date = 6/30/2008 9:34:55 AM | Attr = HS] mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 27420 bytes | Modified Date = 7/2/2008 2:11:45 PM | Attr = H ] mpnderxj.ini -> %SystemRoot%\System32\mpnderxj.ini -> [Ver = | Size = 1706378 bytes | Modified Date = 6/27/2008 9:29:55 AM | Attr = HS] nhkzzx.dll -> %SystemRoot%\System32\nhkzzx.dll -> [Ver = | Size = 103936 bytes | Modified Date = 7/9/2008 12:02:31 PM | Attr = ] NtmsData -> %SystemRoot%\System32\NtmsData -> [Folder | Modified Date = 6/6/2008 3:59:19 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 144084 bytes | Modified Date = 7/8/2008 12:16:07 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 640002 bytes | Modified Date = 7/8/2008 12:16:07 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 802640 bytes | Modified Date = 7/8/2008 12:16:07 PM | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 6/26/2008 1:08:09 PM | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 6/26/2008 1:08:13 PM | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 6/26/2008 1:08:13 PM | Attr = ] pptasnmu.ini -> %SystemRoot%\System32\pptasnmu.ini -> [Ver = | Size = 1695009 bytes | Modified Date = 7/4/2008 9:43:11 AM | Attr = HS] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.3084 | Size = 185944 bytes | Modified Date = 6/26/2008 1:08:33 PM | Attr = ] streamhlp.dll -> %SystemRoot%\System32\streamhlp.dll -> [Ver = | Size = 59392 bytes | Modified Date = 7/8/2008 3:35:45 PM | Attr = R ] SuxEOXbc.ini -> %SystemRoot%\System32\SuxEOXbc.ini -> [Ver = | Size = 378287 bytes | Modified Date = 7/9/2008 2:54:36 PM | Attr = HS] trjdlkme.ini -> %SystemRoot%\System32\trjdlkme.ini -> [Ver = | Size = 1691708 bytes | Modified Date = 7/1/2008 9:44:04 AM | Attr = HS] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 7/7/2008 9:24:43 AM | Attr = ] XPSViewer -> %SystemRoot%\System32\XPSViewer -> [Folder | Modified Date = 6/18/2008 1:23:38 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 5/22/2008 10:37:45 AM | Attr = H ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstallIDNMitigationAPIs$ -> %SystemRoot%\$NtServicePackUninstallIDNMitigationAPIs$ -> [Folder | Modified Date = 5/22/2008 2:26:42 PM | Attr = H ] $NtServicePackUninstallNLSDownlevelMapping$ -> %SystemRoot%\$NtServicePackUninstallNLSDownlevelMapping$ -> [Folder | Modified Date = 5/22/2008 2:26:25 PM | Attr = H ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 6/18/2008 4:21:02 PM | Attr = R S] BMb3b6afb6.xml -> %SystemRoot%\BMb3b6afb6.xml -> [Ver = | Size = 110415 bytes | Modified Date = 7/9/2008 11:59:32 AM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/10/2008 9:37:39 AM | Attr = S] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 6/11/2008 10:01:46 AM | Attr = HS] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 7/9/2008 5:42:23 PM | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 7/9/2008 2:56:58 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 6/18/2008 1:41:35 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/22/2008 2:30:02 PM | Attr = ] ie7 -> %SystemRoot%\ie7 -> [Folder | Modified Date = 5/22/2008 2:27:50 PM | Attr = H ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 5/22/2008 2:28:15 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 6/18/2008 1:23:20 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 7/8/2008 12:13:31 PM | Attr = HS] Media -> %SystemRoot%\Media -> [Folder | Modified Date = 5/22/2008 2:28:01 PM | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 6/18/2008 4:21:25 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 49 bytes | Modified Date = 6/22/2008 3:55:21 PM | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 1122 bytes | Modified Date = 6/18/2008 1:43:08 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 7/10/2008 9:56:32 AM | Attr = ] pskt.ini -> %SystemRoot%\pskt.ini -> [Ver = | Size = 22 bytes | Modified Date = 7/9/2008 3:18:40 PM | Attr = ] pss -> %SystemRoot%\pss -> [Folder | Modified Date = 5/21/2008 10:36:34 AM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 7/9/2008 4:06:47 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 5/22/2008 2:33:02 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 5/21/2008 10:36:36 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 7/9/2008 3:41:56 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 6/5/2008 5:13:53 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 7/10/2008 9:54:51 AM | Attr = ] WBEM -> %SystemRoot%\WBEM -> [Folder | Modified Date = 5/22/2008 2:28:06 PM | Attr = ] wcat -> %SystemRoot%\wcat -> [Folder | Modified Date = 6/6/2008 11:52:55 AM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 742 bytes | Modified Date = 7/4/2008 3:43:50 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 6/18/2008 1:34:45 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/10/2008 9:37:41 AM | Attr = H ] User_Feed_Synchronization-{940F17C0-E4A7-4918-A95C-7872C4B2307B}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{940F17C0-E4A7-4918-A95C-7872C4B2307B}.job -> [Ver = | Size = 438 bytes | Modified Date = 7/9/2008 11:44:07 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 12/16/2007 3:55:48 PM | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 33371 bytes | Modified Date = 3/26/2008 4:15:00 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 12/21/2007 10:18:42 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 8162 bytes | Modified Date = 5/21/2008 9:41:55 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 8162 bytes | Modified Date = 5/21/2008 9:41:55 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 6/18/2008 1:26:32 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 12/16/2007 3:49:33 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11114 bytes | Modified Date = 12/20/2007 4:01:17 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\8.0\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\8.0 -> [Folder | Modified Date = 12/16/2007 4:08:46 PM | Attr = ] vs000223.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\8.0\vs000223.dat -> [Ver = | Size = 677178 bytes | Modified Date = 1/2/2008 4:32:06 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\9.0\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\9.0 -> [Folder | Modified Date = 6/18/2008 1:36:42 PM | Attr = ] vs000223.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\9.0\vs000223.dat -> [Ver = | Size = 677178 bytes | Modified Date = 6/18/2008 2:40:36 PM | Attr = H ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 7/10/2008 9:56:34 AM | Attr = ] Perflib_Perfdata_2dc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2dc.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/9/2008 3:42:18 PM | Attr = ] Perflib_Perfdata_300.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_300.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/9/2008 9:49:45 AM | Attr = ] C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [Folder | Modified Date = 7/9/2008 2:57:14 PM | Attr = HS] index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/9/2008 3:19:36 PM | Attr = HS] C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 7/9/2008 2:57:15 PM | Attr = HS] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [Ver = | Size = 16384 bytes | Modified Date = 7/9/2008 3:19:36 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 7/9/2008 2:57:14 PM | Attr = HS] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [Ver = | Size = 32768 bytes | Modified Date = 7/9/2008 3:19:36 PM | Attr = HS] C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 7/9/2008 2:57:15 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 145 bytes | Modified Date = 7/9/2008 2:57:15 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 7/9/2008 2:57:14 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 7/9/2008 2:57:14 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\E4I9KXG0\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\E4I9KXG0 -> [Folder | Modified Date = 7/9/2008 2:57:14 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\E4I9KXG0\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 7/9/2008 2:57:14 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H4N9QX1T\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H4N9QX1T -> [Folder | Modified Date = 7/9/2008 2:57:14 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\H4N9QX1T\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 7/9/2008 2:57:14 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ION5345N\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ION5345N -> [Folder | Modified Date = 7/9/2008 2:57:14 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ION5345N\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 7/9/2008 2:57:14 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YU7IY92L\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YU7IY92L -> [Folder | Modified Date = 7/9/2008 2:57:14 PM | Attr = HS] desktop.ini -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\YU7IY92L\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 7/9/2008 2:57:14 PM | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Google -> %AllUsersProfile%\Application Data\Google -> [Folder | Modified Date = 7/8/2008 12:13:27 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 7/9/2008 3:28:31 PM | Attr = ] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 6/18/2008 3:04:01 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 7/10/2008 9:52:09 AM | Attr = ] @Alternate Data Stream - 115 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 6/5/2008 5:19:09 PM | Attr = ] AnkhSVN -> %AppData%\AnkhSVN -> [Folder | Modified Date = 4/23/2008 10:09:26 AM | Attr = ] Apple Computer -> %AppData%\Apple Computer -> [Folder | Modified Date = 5/22/2008 6:16:20 PM | Attr = ] Free Download Manager -> %AppData%\Free Download Manager -> [Folder | Modified Date = 7/10/2008 9:55:21 AM | Attr = ] Google -> %AppData%\Google -> [Folder | Modified Date = 7/8/2008 6:53:36 PM | Attr = ] IsolatedStorage -> %AppData%\IsolatedStorage -> [Folder | Modified Date = 6/23/2008 3:44:05 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 7/9/2008 3:28:35 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 5/20/2008 6:45:42 PM | Attr = S] Microsoft FxCop -> %AppData%\Microsoft FxCop -> [Folder | Modified Date = 6/10/2008 4:49:04 PM | Attr = ] PC Tools -> %AppData%\PC Tools -> [Folder | Modified Date = 7/8/2008 12:13:31 PM | Attr = ] QEngine -> %AppData%\QEngine -> [Folder | Modified Date = 6/5/2008 10:33:34 AM | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 6/26/2008 2:33:36 PM | Attr = ] TrojanHunter -> %AppData%\TrojanHunter -> [Folder | Modified Date = 7/8/2008 3:36:38 PM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 6/26/2008 2:35:43 PM | Attr = ] Apple -> %UserProfile%\Local Settings\Application Data\Apple -> [Folder | Modified Date = 5/22/2008 6:14:36 PM | Attr = ] Apple Computer -> %UserProfile%\Local Settings\Application Data\Apple Computer -> [Folder | Modified Date = 5/22/2008 6:16:20 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 7/3/2008 12:40:54 PM | Attr = ] assembly -> %UserProfile%\Local Settings\Application Data\assembly -> [Folder | Modified Date = 6/18/2008 4:43:30 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 20480 bytes | Modified Date = 6/18/2008 4:10:25 PM | Attr = ] Element K -> %UserProfile%\Local Settings\Application Data\Element K -> [Folder | Modified Date = 6/25/2008 6:01:43 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 29544 bytes | Modified Date = 6/18/2008 2:36:03 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 7/8/2008 12:24:07 PM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 6/25/2008 5:35:20 PM | Attr = ] TSVNCache -> %UserProfile%\Local Settings\Application Data\TSVNCache -> [Folder | Modified Date = 7/9/2008 3:42:46 PM | Attr = ] ACT Projects -> %UserProfile%\My Documents\ACT Projects -> [Folder | Modified Date = 6/6/2008 3:49:22 PM | Attr = ] Default.rdp -> %UserProfile%\My Documents\Default.rdp -> [Ver = | Size = 1160 bytes | Modified Date = 6/26/2008 8:05:17 PM | Attr = H ] desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [Ver = | Size = 84 bytes | Modified Date = 5/22/2008 2:30:20 PM | Attr = HS] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 6/26/2008 2:51:30 PM | Attr = ] Expresso Projects -> %UserProfile%\My Documents\Expresso Projects -> [Folder | Modified Date = 6/2/2008 4:01:58 PM | Attr = ] Fiddler2 -> %UserProfile%\My Documents\Fiddler2 -> [Folder | Modified Date = 4/30/2008 4:21:45 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 5/22/2008 2:30:20 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 7/8/2008 10:10:30 AM | Attr = R ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 594 bytes | Modified Date = 7/9/2008 5:31:57 PM | Attr = ] SQL Server Management Studio -> %UserProfile%\My Documents\SQL Server Management Studio -> [Folder | Modified Date = 7/2/2008 7:53:05 PM | Attr = ] Team USA -> %UserProfile%\My Documents\Team USA -> [Folder | Modified Date = 4/24/2008 9:41:42 AM | Attr = ] Visual Studio 2005 -> %UserProfile%\My Documents\Visual Studio 2005 -> [Folder | Modified Date = 7/1/2008 8:09:50 PM | Attr = ] Visual Studio 2008 -> %UserProfile%\My Documents\Visual Studio 2008 -> [Folder | Modified Date = 7/7/2008 11:38:34 AM | Attr = ] Accessing Your Offline Course Player.lnk -> %AllUsersProfile%\Desktop\Accessing Your Offline Course Player.lnk -> [Ver = | Size = 657 bytes | Modified Date = 6/25/2008 5:59:26 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 7/9/2008 3:28:32 PM | Attr = ] 1.htm -> %UserProfile%\Desktop\1.htm -> [Ver = | Size = 1124 bytes | Modified Date = 5/21/2008 8:20:13 PM | Attr = ] 50-Fast-Digital-Camera-Techniques-50-Fast-Techniques-Series.9780764525001.32150.pdf -> %UserProfile%\Desktop\50-Fast-Digital-Camera-Techniques-50-Fast-Techniques-Series.9780764525001.32150.pdf -> [Ver = | Size = 13927911 bytes | Modified Date = 7/7/2008 9:34:10 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\50-Fast-Digital-Camera-Techniques-50-Fast-Techniques-Series.9780764525001.32150.pdf:Zone.Identifier Adapting-to-Web-Standards-CSS-and-Ajax-for-Big-Sites-Voices-That-Matter.9780321501820.32140.pdf -> %UserProfile%\Desktop\Adapting-to-Web-Standards-CSS-and-Ajax-for-Big-Sites-Voices-That-Matter.9780321501820.32140.pdf -> [Ver = | Size = 7395780 bytes | Modified Date = 7/7/2008 3:04:22 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Adapting-to-Web-Standards-CSS-and-Ajax-for-Big-Sites-Voices-That-Matter.9780321501820.32140.pdf:Zone.Identifier Amazon -> %UserProfile%\Desktop\Amazon -> [Folder | Modified Date = 7/4/2008 10:26:04 AM | Attr = ] Amazon Services.doc -> %UserProfile%\Desktop\Amazon Services.doc -> [Ver = | Size = 34816 bytes | Modified Date = 7/3/2008 4:41:03 PM | Attr = ] amazon-ecs-2007-07-16-cs-library -> %UserProfile%\Desktop\amazon-ecs-2007-07-16-cs-library -> [Folder | Modified Date = 7/3/2008 12:37:30 PM | Attr = ] amazon-ecs-2007-07-16-cs-library.zip -> %UserProfile%\Desktop\amazon-ecs-2007-07-16-cs-library.zip -> [Ver = | Size = 785026 bytes | Modified Date = 7/3/2008 12:37:14 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\amazon-ecs-2007-07-16-cs-library.zip:Zone.Identifier amazonsample_vb -> %UserProfile%\Desktop\amazonsample_vb -> [Folder | Modified Date = 7/4/2008 5:41:47 PM | Attr = ] amazonsample_vb.zip -> %UserProfile%\Desktop\amazonsample_vb.zip -> [Ver = | Size = 12841 bytes | Modified Date = 7/4/2008 5:41:39 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\amazonsample_vb.zip:Zone.Identifier ARB_guide latest.pdf -> %UserProfile%\Desktop\ARB_guide latest.pdf -> [Ver = | Size = 230097 bytes | Modified Date = 6/20/2008 11:13:58 AM | Attr = ] AspNetCompiler.exe.lnk -> %UserProfile%\Desktop\AspNetCompiler.exe.lnk -> [Ver = | Size = 528 bytes | Modified Date = 6/18/2008 11:12:05 AM | Attr = ] asp_rr -> %UserProfile%\Desktop\asp_rr -> [Folder | Modified Date = 6/20/2008 12:52:51 PM | Attr = ] asp_rr.zip -> %UserProfile%\Desktop\asp_rr.zip -> [Ver = | Size = 2762 bytes | Modified Date = 6/20/2008 12:52:43 PM | Attr = ] asp_sim -> %UserProfile%\Desktop\asp_sim -> [Folder | Modified Date = 6/26/2008 4:28:27 PM | Attr = ] asp_sim.zip -> %UserProfile%\Desktop\asp_sim.zip -> [Ver = | Size = 7165 bytes | Modified Date = 6/20/2008 1:01:01 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\asp_sim.zip:Zone.Identifier asp_sp -> %UserProfile%\Desktop\asp_sp -> [Folder | Modified Date = 6/20/2008 11:55:29 AM | Attr = ] asp_sp.zip -> %UserProfile%\Desktop\asp_sp.zip -> [Ver = | Size = 1937 bytes | Modified Date = 6/20/2008 11:55:04 AM | Attr = ] atg.exe -> %UserProfile%\Desktop\atg.exe -> Bitsoft Development , Inc. [Ver = | Size = 873568 bytes | Modified Date = 6/16/2008 12:45:50 PM | Attr = ] beginning-asp-net-2-0-e-commerce-in-c-2005-from-novice-to-professional.9781590594681.21122.pdf -> %UserProfile%\Desktop\beginning-asp-net-2-0-e-commerce-in-c-2005-from-novice-to-professional.9781590594681.21122.pdf -> [Ver = | Size = 21635576 bytes | Modified Date = 7/4/2008 5:58:52 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\beginning-asp-net-2-0-e-commerce-in-c-2005-from-novice-to-professional.9781590594681.21122.pdf:Zone.Identifier blobs.gif -> %UserProfile%\Desktop\blobs.gif -> [Ver = | Size = 20477 bytes | Modified Date = 5/21/2008 8:36:46 PM | Attr = ] BlogEngine.NET 1.4 (source).zip -> %UserProfile%\Desktop\BlogEngine.NET 1.4 (source).zip -> [Ver = | Size = 1119260 bytes | Modified Date = 7/9/2008 8:28:55 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\BlogEngine.NET 1.4 (source).zip:Zone.Identifier ContextMenu -> %UserProfile%\Desktop\ContextMenu -> [Folder | Modified Date = 6/24/2008 9:38:40 AM | Attr = ] ContextMenu.zip -> %UserProfile%\Desktop\ContextMenu.zip -> [Ver = | Size = 11290 bytes | Modified Date = 6/27/2008 7:11:31 PM | Attr = ] CP_guide.pdf -> %UserProfile%\Desktop\CP_guide.pdf -> [Ver = | Size = 434858 bytes | Modified Date = 6/20/2008 4:50:25 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\CP_guide.pdf:Zone.Identifier csharp_aim -> %UserProfile%\Desktop\csharp_aim -> [Folder | Modified Date = 6/20/2008 2:43:30 PM | Attr = ] csharp_aim.zip -> %UserProfile%\Desktop\csharp_aim.zip -> [Ver = | Size = 2855 bytes | Modified Date = 6/20/2008 2:43:24 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\csharp_aim.zip:Zone.Identifier Cucusoft Ultimate Video Converter.lnk -> %UserProfile%\Desktop\Cucusoft Ultimate Video Converter.lnk -> [Ver = | Size = 1843 bytes | Modified Date = 6/17/2008 3:36:41 PM | Attr = ] cucusoft_UltimateConverterReg.exe -> %UserProfile%\Desktop\cucusoft_UltimateConverterReg.exe -> Digital River [Ver = 1.0.0.1 | Size = 128384 bytes | Modified Date = 6/17/2008 3:33:30 PM | Attr = ] dasBlog-2.0.7226.0-Source -> %UserProfile%\Desktop\dasBlog-2.0.7226.0-Source -> [Folder | Modified Date = 7/9/2008 8:04:15 PM | Attr = ] dasBlog-2.0.7226.0-Source.zip -> %UserProfile%\Desktop\dasBlog-2.0.7226.0-Source.zip -> [Ver = | Size = 4585530 bytes | Modified Date = 7/9/2008 7:59:17 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dasBlog-2.0.7226.0-Source.zip:Zone.Identifier dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 7/9/2008 10:15:57 AM | Attr = ] DVT_Diagnosis.pdf -> %UserProfile%\Desktop\DVT_Diagnosis.pdf -> [Ver = | Size = 110046 bytes | Modified Date = 6/22/2008 4:35:02 PM | Attr = ] errrrrr.PNG -> %UserProfile%\Desktop\errrrrr.PNG -> [Ver = | Size = 168069 bytes | Modified Date = 7/9/2008 3:40:52 PM | Attr = ] erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> Lars Hederer [Ver = | Size = 791393 bytes | Modified Date = 7/9/2008 2:43:07 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\erunt-setup.exe:Zone.Identifier ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [Ver = | Size = 592 bytes | Modified Date = 7/9/2008 2:45:17 PM | Attr = ] exclamation.gif -> %UserProfile%\Desktop\exclamation.gif -> [Ver = | Size = 3348 bytes | Modified Date = 7/8/2008 12:11:16 PM | Attr = ] Expenses.xls -> %UserProfile%\Desktop\Expenses.xls -> [Ver = | Size = 14336 bytes | Modified Date = 7/9/2008 4:37:27 PM | Attr = ] fix.reg -> %UserProfile%\Desktop\fix.reg -> [Ver = | Size = 127 bytes | Modified Date = 7/9/2008 2:48:44 PM | Attr = ] Free GoToMeeting Trial.url -> %UserProfile%\Desktop\Free GoToMeeting Trial.url -> [Ver = | Size = 168 bytes | Modified Date = 4/18/2008 7:11:05 PM | Attr = ] Gjo.exe -> %UserProfile%\Desktop\Gjo.exe -> Bitsoft.net Inc. [Ver = | Size = 1010614 bytes | Modified Date = 6/16/2008 12:45:32 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 7/8/2008 10:52:42 AM | Attr = ] HJTInstall.exe -> %UserProfile%\Desktop\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 7/8/2008 10:52:29 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier ipinkiepromise.lnk -> %UserProfile%\Desktop\ipinkiepromise.lnk -> [Ver = | Size = 669 bytes | Modified Date = 4/23/2008 10:09:02 AM | Attr = ] JocysComJavaScriptClasses -> %UserProfile%\Desktop\JocysComJavaScriptClasses -> [Folder | Modified Date = 6/20/2008 6:43:37 PM | Attr = ] JocysComJavaScriptClasses.zip -> %UserProfile%\Desktop\JocysComJavaScriptClasses.zip -> [Ver = | Size = 744752 bytes | Modified Date = 6/20/2008 6:43:27 PM | Attr = ] jquery-1.2.6.min.js -> %UserProfile%\Desktop\jquery-1.2.6.min.js -> [Ver = | Size = 55774 bytes | Modified Date = 6/4/2008 3:40:10 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\jquery-1.2.6.min.js:Zone.Identifier JS Packer.lnk -> %UserProfile%\Desktop\JS Packer.lnk -> [Ver = | Size = 667 bytes | Modified Date = 6/4/2008 4:52:00 PM | Attr = ] livemeeting.wmv -> %UserProfile%\Desktop\livemeeting.wmv -> [Ver = | Size = 19485613 bytes | Modified Date = 7/3/2008 5:14:06 AM | Attr = ] MarsaX -> %UserProfile%\Desktop\MarsaX -> [Folder | Modified Date = 6/27/2008 7:32:36 PM | Attr = ] MarsaX.zip -> %UserProfile%\Desktop\MarsaX.zip -> [Ver = | Size = 611064 bytes | Modified Date = 6/27/2008 7:32:31 PM | Attr = ] mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> Malwarebytes Corporation [Ver = 1.20 | Size = 1774048 bytes | Modified Date = 7/9/2008 3:27:07 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\mbam-setup.exe:Zone.Identifier merchant_guide.pdf -> %UserProfile%\Desktop\merchant_guide.pdf -> [Ver = | Size = 588254 bytes | Modified Date = 6/20/2008 11:02:50 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\merchant_guide.pdf:Zone.Identifier Microsoft E-Learning Offline Player.lnk -> %UserProfile%\Desktop\Microsoft E-Learning Offline Player.lnk -> [Ver = | Size = 1899 bytes | Modified Date = 6/25/2008 6:02:29 PM | Attr = ] microsoft-r-sql-server-2005-unleashed.9780672328244.27532.pdf -> %UserProfile%\Desktop\microsoft-r-sql-server-2005-unleashed.9780672328244.27532.pdf -> [Ver = | Size = 40412775 bytes | Modified Date = 4/24/2008 12:04:38 PM | Attr = ] Nintendo-Wii-Flash-Game-Creators-Guide.9780071545259.32129.pdf -> %UserProfile%\Desktop\Nintendo-Wii-Flash-Game-Creators-Guide.9780071545259.32129.pdf -> [Ver = | Size = 7305687 bytes | Modified Date = 7/7/2008 9:37:21 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Nintendo-Wii-Flash-Game-Creators-Guide.9780071545259.32129.pdf:Zone.Identifier NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [Ver = | Size = 611 bytes | Modified Date = 7/9/2008 2:45:17 PM | Attr = ] optipng-0.5.5-exe -> %UserProfile%\Desktop\optipng-0.5.5-exe -> [Folder | Modified Date = 6/19/2008 4:10:47 PM | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Modified Date = 7/9/2008 2:49:55 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 7/10/2008 9:56:30 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568114 bytes | Modified Date = 7/10/2008 9:44:56 AM | Attr = ] Reflector.lnk -> %UserProfile%\Desktop\Reflector.lnk -> [Ver = | Size = 694 bytes | Modified Date = 4/26/2008 10:18:31 AM | Attr = ] SA Recorder.lnk -> %UserProfile%\Desktop\SA Recorder.lnk -> [Ver = | Size = 709 bytes | Modified Date = 6/30/2008 1:16:51 PM | Attr = ] Sams-Teach-Yourself-Visual-C-2008-in-24-Hours-Complete-Starter-Kit.9780672329906.32137.pdf -> %UserProfile%\Desktop\Sams-Teach-Yourself-Visual-C-2008-in-24-Hours-Complete-Starter-Kit.9780672329906.32137.pdf -> [Ver = | Size = 12894287 bytes | Modified Date = 7/7/2008 10:59:19 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\Sams-Teach-Yourself-Visual-C-2008-in-24-Hours-Complete-Starter-Kit.9780672329906.32137.pdf:Zone.Identifier ScaleNet.pdf -> %UserProfile%\Desktop\ScaleNet.pdf -> [Ver = | Size = 8343744 bytes | Modified Date = 6/9/2008 3:02:12 PM | Attr = ] screencap_revised.psd -> %UserProfile%\Desktop\screencap_revised.psd -> [Ver = | Size = 1134051 bytes | Modified Date = 6/20/2008 9:43:19 AM | Attr = ] SIM_guide.pdf -> %UserProfile%\Desktop\SIM_guide.pdf -> [Ver = | Size = 901344 bytes | Modified Date = 5/8/2008 12:22:21 PM | Attr = ] Source -> %UserProfile%\Desktop\Source -> [Folder | Modified Date = 4/24/2008 8:45:50 PM | Attr = ] spyware doctor setup.exe -> %UserProfile%\Desktop\spyware doctor setup.exe -> PC Tools [Ver = 5.5.1.322 | Size = 18473000 bytes | Modified Date = 7/8/2008 12:12:24 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\spyware doctor setup.exe:Zone.Identifier squidoo.PNG -> %UserProfile%\Desktop\squidoo.PNG -> [Ver = | Size = 66131 bytes | Modified Date = 7/8/2008 10:10:32 AM | Attr = ] test-3.jpg -> %UserProfile%\Desktop\test-3.jpg -> [Ver = | Size = 23088 bytes | Modified Date = 5/21/2008 7:05:22 PM | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 32256 bytes | Modified Date = 5/21/2008 2:49:28 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable TrojanHunter.lnk -> %UserProfile%\Desktop\TrojanHunter.lnk -> [Ver = | Size = 692 bytes | Modified Date = 7/8/2008 3:35:42 PM | Attr = ] TrojanHunterSetup.exe -> %UserProfile%\Desktop\TrojanHunterSetup.exe -> Mischel Internet Security [Ver = | Size = 16196952 bytes | Modified Date = 7/8/2008 3:12:47 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\TrojanHunterSetup.exe:Zone.Identifier UltimateConverterReg.exe -> %UserProfile%\Desktop\UltimateConverterReg.exe -> Cucusoft, Inc. [Ver = | Size = 6913056 bytes | Modified Date = 6/17/2008 3:36:26 PM | Attr = ] winavirm.zip -> %UserProfile%\Desktop\winavirm.zip -> [Ver = | Size = 7663130 bytes | Modified Date = 6/18/2008 10:27:07 AM | Attr = ] WinAVIVideoConverter.lnk -> %UserProfile%\Desktop\WinAVIVideoConverter.lnk -> [Ver = | Size = 678 bytes | Modified Date = 6/18/2008 10:31:49 AM | Attr = ] Windows-Presentation-Foundation-Unleashed-WPF.9780672328916.27660.pdf -> %UserProfile%\Desktop\Windows-Presentation-Foundation-Unleashed-WPF.9780672328916.27660.pdf -> [Ver = | Size = 18827274 bytes | Modified Date = 6/23/2008 6:16:50 PM | Attr = ] WinVideo-SL-GettingStarted -> %UserProfile%\Desktop\WinVideo-SL-GettingStarted -> [Folder | Modified Date = 7/1/2008 12:14:17 PM | Attr = ] You do have a few nasties there.doc -> %UserProfile%\Desktop\You do have a few nasties there.doc -> [Ver = | Size = 34816 bytes | Modified Date = 7/9/2008 2:44:49 PM | Attr = ] ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [Ver = | Size = 767 bytes | Modified Date = 7/9/2008 2:45:39 PM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 6/5/2008 5:30:15 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 6/17/2008 3:36:29 PM | Attr = ] McAfee -> %CommonProgramFiles%\McAfee -> [Folder | Modified Date = 6/6/2008 4:45:25 PM | Attr = ] Merge Modules -> %CommonProgramFiles%\Merge Modules -> [Folder | Modified Date = 6/18/2008 1:33:23 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 6/18/2008 1:33:12 PM | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Modified Date = 6/26/2008 1:08:41 PM | Attr = ] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Modified Date = 6/26/2008 1:08:51 PM | Attr = ] < End of report > [/code]