[code] OTScanIt logfile created on: 7/13/2008 11:44:49 AM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Julian\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.53 Mb Total Physical Memory | 196.46 Mb Available Physical Memory | 25.60% Memory free 1.83 Gb Paging File | 1.45 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): c:\pagefile.sys 1152 2304; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 76.32 Gb Total Space | 16.62 Gb Free Space | 21.78% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 114.49 Gb Total Space | 23.30 Gb Free Space | 20.35% Space Free | Partition Type: NTFS Drive G: | 76.66 Gb Total Space | 36.10 Gb Free Space | 47.09% Space Free | Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LOREDOFLORES Current User Name: Julian Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] stylexpservice.exe -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 5/24/2006 1:31:06 PM | Attr = ] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2/18/2008 11:16:30 AM | Attr = ] btntservice.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = | Size = 110592 bytes | Modified Date = 4/6/2005 4:03:28 PM | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] mbackmonitor.exe -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> McAfee [Ver = 1.0.2564.29819 | Size = 71208 bytes | Modified Date = 1/16/2007 1:59:46 PM | Attr = ] mcmscsvc.exe -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr = ] mcnasvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] mcproxy.exe -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ] mcshield.exe -> %ProgramFiles%\McAfee\VirusScan\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr = ] mpfsrv.exe -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ] hpztsb04.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb04.exe -> HP [Ver = 2,80,0,0 | Size = 196608 bytes | Modified Date = 11/6/2001 10:49:17 AM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 12/26/2005 10:18:50 PM | Attr = ] msksrver.exe -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee, Inc. [Ver = 9.1.107.0 | Size = 23880 bytes | Modified Date = 11/26/2007 10:46:14 AM | Attr = ] versioncuetray.exe -> %ProgramFiles%\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe -> Adobe Systems [Ver = 1, 0, 0, 0 | Size = 1732608 bytes | Modified Date = 3/25/2004 12:35:26 PM | Attr = ] watchdog.exe -> %ProgramFiles%\mobile PhoneTools\WatchDog.exe -> [Ver = | Size = 36864 bytes | Modified Date = 8/14/2004 4:42:20 AM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] mcagent.exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr = ] saservice.exe -> %ProgramFiles%\SiteAdvisor\6261\SAService.exe -> [Ver = | Size = 345376 bytes | Modified Date = 6/26/2008 6:15:28 PM | Attr = ] mcafeedatabackup.exe -> %ProgramFiles%\McAfee\MBK\McAfeeDataBackup.exe -> McAfee [Ver = 0.9.2575.40163 | Size = 4838952 bytes | Modified Date = 1/16/2007 1:59:50 PM | Attr = ] sprtsvc.exe -> %ProgramFiles%\twc\medicsp2\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 202280 bytes | Modified Date = 3/7/2007 12:54:06 PM | Attr = ] smsystemanalyzer.exe -> %ProgramFiles%\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe -> [Ver = | Size = 557056 bytes | Modified Date = 12/20/2006 6:47:56 PM | Attr = ] popupblocker.exe -> %ProgramFiles%\iolo\System Mechanic Professional 6\PopupBlocker.exe -> [Ver = | Size = 752640 bytes | Modified Date = 12/20/2006 6:47:44 PM | Attr = ] mcsysmon.exe -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 12/5/2007 10:04:10 AM | Attr = ] siteadv.exe -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.exe -> [Ver = | Size = 36640 bytes | Modified Date = 8/24/2007 4:57:48 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 12/5/2005 2:32:08 PM | Attr = ] (AdobeVersionCue) AdobeVersionCue [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Adobe\Adobe Version Cue\service\VersionCue.exe -> Adobe Sytems [Ver = 1, 0, 0, 1 | Size = 61440 bytes | Modified Date = 3/25/2004 12:35:26 PM | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2/18/2008 11:16:30 AM | Attr = ] (BlueSoleil Hid Service) BlueSoleil Hid Service [Win32_Own | Auto | Running] -> %ProgramFiles%\IVT Corporation\BlueSoleil\BTNtService.exe -> [Ver = | Size = 110592 bytes | Modified Date = 4/6/2005 4:03:28 PM | Attr = ] (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 1:41:10 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.6.1.9 | Size = 504104 bytes | Modified Date = 2/19/2008 1:10:24 PM | Attr = ] (MBackMonitor) MBackMonitor [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MBK\MBackMonitor.exe -> McAfee [Ver = 1.0.2564.29819 | Size = 71208 bytes | Modified Date = 1/16/2007 1:59:46 PM | Attr = ] (mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSC\mcmscsvc.exe -> McAfee, Inc. [Ver = 8,1,159,0 | Size = 767976 bytes | Modified Date = 1/9/2008 4:50:22 PM | Attr = ] (McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] (McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\McAfee\VirusScan\mcods.exe -> McAfee, Inc. [Ver = 12,0,172,0 | Size = 378184 bytes | Modified Date = 11/7/2007 9:35:40 AM | Attr = ] (McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\McAfee\McProxy\McProxy.exe -> McAfee, Inc. [Ver = 2,0,150,0 | Size = 359248 bytes | Modified Date = 8/15/2007 12:36:04 PM | Attr = ] (McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> %SystemDrive%\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe -> McAfee, Inc. [Ver = VSCORE.14.0.0.349.x86 | Size = 144704 bytes | Modified Date = 7/24/2007 12:02:14 PM | Attr = ] (McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee\VirusScan\mcsysmon.exe -> McAfee, Inc. [Ver = 12,1,111,0 | Size = 695624 bytes | Modified Date = 12/5/2007 10:04:10 AM | Attr = ] (MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MPF\MpfSrv.exe -> McAfee, Inc. [Ver = 9.0.136.0 | Size = 856864 bytes | Modified Date = 7/18/2007 3:54:42 PM | Attr = ] (MSK80Service) McAfee Anti-Spam Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\MSK\msksrver.exe -> McAfee, Inc. [Ver = 9.1.107.0 | Size = 23880 bytes | Modified Date = 11/26/2007 10:46:14 AM | Attr = ] (MyWebSearchService) My Web Search Service [Win32_Own | Auto | Stopped] -> %SystemDrive%\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe -> File not found (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 159810 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] (PCLEPCI) PCLEPCI [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\drivers\Pclepci.sys -> Pinnacle Systems GmbH [Ver = 1.06 | Size = 14165 bytes | Modified Date = 2/9/2005 12:59:00 PM | Attr = ] (SiteAdvisor Service) SiteAdvisor Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SiteAdvisor\6261\SAService.exe -> [Ver = | Size = 345376 bytes | Modified Date = 6/26/2008 6:15:28 PM | Attr = ] (sprtsvc_medicsp2) SupportSoft Sprocket Service (medicsp2) [Win32_Own | Auto | Running] -> %ProgramFiles%\twc\medicsp2\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 202280 bytes | Modified Date = 3/7/2007 12:54:06 PM | Attr = ] (StyleXPService) StyleXPService [Win32_Own | Auto | Running] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe -> [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 5/24/2006 1:31:06 PM | Attr = ] (0267971215961996mcinstcleanup) McAfee Application Installer Cleanup (0267971215961996) [Win32_Own | Auto | Stopped] -> %SystemRoot%\Temp\0267971215961996mcinst.exe -> McAfee, Inc. [Ver = 3,0,121,0 | Size = 309096 bytes | Modified Date = 2/23/2008 2:50:32 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AdobeVersionCue -> %ProgramFiles%\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe] -> Adobe Systems [Ver = 1, 0, 0, 0 | Size = 1732608 bytes | Modified Date = 3/25/2004 12:35:26 PM | Attr = ] DAEMON Tools-1033 -> %ProgramFiles%\D-Tools\daemon.exe ["C:\Program Files\D-Tools\daemon.exe" -lang 1033] -> DAEMON'S HOME [Ver = 3.47.0.0 | Size = 81920 bytes | Modified Date = 8/22/2004 6:05:02 PM | Attr = ] HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb04.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe] -> HP [Ver = 2,80,0,0 | Size = 196608 bytes | Modified Date = 11/6/2001 10:49:17 AM | Attr = ] iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> Apple Inc. [Ver = 7.6.1.9 | Size = 267048 bytes | Modified Date = 2/19/2008 1:10:32 PM | Attr = ] MBkLogOnHook -> %ProgramFiles%\McAfee\MBK\LogonHook.exe [C:\Program Files\McAfee\MBK\LogOnHook.exe] -> McAfee [Ver = 1.0.2563.24415 | Size = 20480 bytes | Modified Date = 1/8/2007 11:22:46 AM | Attr = ] McAfee Backup -> %ProgramFiles%\McAfee\MBK\McAfeeDataBackup.exe [C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe] -> McAfee [Ver = 0.9.2575.40163 | Size = 4838952 bytes | Modified Date = 1/16/2007 1:59:50 PM | Attr = ] mcagent_exe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe [C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey] -> McAfee, Inc. [Ver = 8,0,237,0 | Size = 582992 bytes | Modified Date = 11/1/2007 7:12:38 PM | Attr = ] McENUI -> %ProgramFiles%\McAfee\MHN\McENUI.exe [C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide] -> McAfee, Inc. [Ver = 2,1,106,0 | Size = 1164576 bytes | Modified Date = 11/30/2007 5:42:30 AM | Attr = ] medicsp2 -> %ProgramFiles%\twc\medicsp2\bin\sprtcmd.exe [C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2] -> SupportSoft, Inc. [Ver = 6,9,2018,0 | Size = 198184 bytes | Modified Date = 3/7/2007 12:53:58 PM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 86016 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [Ver = | Size = 1622016 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.4.1 | Size = 385024 bytes | Modified Date = 1/31/2008 11:13:08 PM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3492 | Size = 180269 bytes | Modified Date = 12/26/2005 10:18:50 PM | Attr = ] WatchDog -> %ProgramFiles%\mobile PhoneTools\WatchDog.exe [C:\Program Files\mobile PhoneTools\WatchDog.exe] -> [Ver = | Size = 36864 bytes | Modified Date = 8/14/2004 4:42:20 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> iolo Task Agent -> %ProgramFiles%\iolo\Common\Task Agent\Task_Agent.exe [C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe] -> iolo technologies, LLC [Ver = 3.6.0.0 | Size = 41984 bytes | Modified Date = 10/25/2001 2:20:22 PM | Attr = ] LaunchList -> F:\software\Pinnacle.studio.v11-MAGNiTUDE\LaunchList2.exe [F:\software\Pinnacle.studio.v11-MAGNiTUDE\LaunchList2.exe] -> Pinnacle Systems [Ver = 2, 1, 0, 1 | Size = 145496 bytes | Modified Date = 3/21/2007 3:41:38 PM | Attr = ] SMSystemAnalyzer -> %ProgramFiles%\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe ["C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"] -> [Ver = | Size = 557056 bytes | Modified Date = 12/20/2006 6:47:56 PM | Attr = ] STYLEXP -> %ProgramFiles%\TGTSoft\StyleXP\StyleXP.exe [C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide] -> [Ver = 0, 30, 19, 0 | Size = 1372160 bytes | Modified Date = 5/24/2006 1:31:39 PM | Attr = ] System Mechanic Popup Blocker -> %ProgramFiles%\iolo\System Mechanic Professional 6\PopupBlocker.exe ["C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"] -> [Ver = | Size = 752640 bytes | Modified Date = 12/20/2006 6:47:44 PM | Attr = ] < Run [HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\] > -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> iolo Task Agent -> %ProgramFiles%\iolo\Common\Task Agent\Task_Agent.exe [C:\Program Files\iolo\Common\Task Agent\Task_Agent.exe] -> iolo technologies, LLC [Ver = 3.6.0.0 | Size = 41984 bytes | Modified Date = 10/25/2001 2:20:22 PM | Attr = ] LaunchList -> F:\software\Pinnacle.studio.v11-MAGNiTUDE\LaunchList2.exe [F:\software\Pinnacle.studio.v11-MAGNiTUDE\LaunchList2.exe] -> Pinnacle Systems [Ver = 2, 1, 0, 1 | Size = 145496 bytes | Modified Date = 3/21/2007 3:41:38 PM | Attr = ] SMSystemAnalyzer -> %ProgramFiles%\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe ["C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe"] -> [Ver = | Size = 557056 bytes | Modified Date = 12/20/2006 6:47:56 PM | Attr = ] STYLEXP -> %ProgramFiles%\TGTSoft\StyleXP\StyleXP.exe [C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide] -> [Ver = 0, 30, 19, 0 | Size = 1372160 bytes | Modified Date = 5/24/2006 1:31:39 PM | Attr = ] System Mechanic Popup Blocker -> %ProgramFiles%\iolo\System Mechanic Professional 6\PopupBlocker.exe ["C:\Program Files\iolo\System Mechanic Professional 6\PopupBlocker.exe"] -> [Ver = | Size = 752640 bytes | Modified Date = 12/20/2006 6:47:44 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 110592 bytes | Modified Date = 10/12/2003 8:00:10 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 29696 bytes | Modified Date = 12/14/2004 4:44:06 AM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Julian Startup Folder > -> C:\Documents and Settings\Julian\Start Menu\Programs\Startup -> < Lisa Startup Folder > -> C:\Documents and Settings\Lisa\Start Menu\Programs\Startup -> < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE] -> [WebCheck] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> C:\Program Files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE -> %ProgramFiles%\TGTSoft\StyleXP\Logon\CurrentLogon.EXE -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 2499584 bytes | Modified Date = 7/6/2008 7:59:17 PM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 10:36:51 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003] > -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003] > -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 1:05:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_DVD_RW_DW-U18A_____________________UYS1____\5&c9af3f1&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 3 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomTOSHIBA_DVD-ROM_SD-M1612________________1806____\5&c9af3f1&0&0.1.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\2 -> SCSI\CdRom&Ven_Generic&Prod_DVD-ROM&Rev_1.0\2&12b1de20&0&000 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [SET PATH=C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 95 bytes | Modified Date = 6/28/2008 7:58:17 PM | Attr = ] < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> www.msn.com -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> HKEY_USERS\.DEFAULT\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-18\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\] > -> -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\: Main\\Start Page -> www.msn.com -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3341 domain(s) found. -> www_adobe.com [https] -> Trusted sites -> pch.com .[https] -> Trusted sites -> piratebay.org .[https] -> Trusted sites -> www_wix.com [https] -> Trusted sites -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 17 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 17 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 17 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 17 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 17 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\] > -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3341 domain(s) found. -> www_adobe.com [https] -> Trusted sites -> pch.com .[https] -> Trusted sites -> piratebay.org .[https] -> Trusted sites -> www_wix.com [https] -> Trusted sites -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\] > -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 17 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {089FD14D-132B-48FC-8861-0048AE113215} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll [Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 5/16/2008 11:49:40 AM | Attr = ] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.1.6.14.dll [BitComet Helper] -> BitComet [Ver = 20070614 | Size = 443968 bytes | Modified Date = 6/14/2007 8:07:56 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ] {E5A1691B-D188-4419-AD02-90002030B8EE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\FlashFXP\IEFlash.dll [FlashFXP Helper for Internet Explorer] -> IniCom Networks, Inc. [Ver = 3.0.0.1015 | Size = 191096 bytes | Modified Date = 5/4/2005 12:46:46 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\] > -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll [McAfee SiteAdvisor] -> [Ver = | Size = 927008 bytes | Modified Date = 5/16/2008 11:49:40 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2E608F70-C430-4BC5-96F6-608E02EBA5B2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2E608F70-C430-4BC5-96F6-608E02EBA5B2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\] > -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2E608F70-C430-4BC5-96F6-608E02EBA5B2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found ShellBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{2E608F70-C430-4BC5-96F6-608E02EBA5B2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:41 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:41 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.90 | Size = 5977152 bytes | Modified Date = 6/19/2007 2:03:38 AM | Attr = ] &D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.90 | Size = 5977152 bytes | Modified Date = 6/19/2007 2:03:38 AM | Attr = ] &D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.90 | Size = 5977152 bytes | Modified Date = 6/19/2007 2:03:38 AM | Attr = ] &Search -> Reg Error: Value does not exist or could not be read. -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:41 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:41 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\] > -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:41 AM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\] > -> HKEY_USERS\S-1-5-21-790525478-776561741-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> &D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.90 | Size = 5977152 bytes | Modified Date = 6/19/2007 2:03:38 AM | Attr = ] &D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.90 | Size = 5977152 bytes | Modified Date = 6/19/2007 2:03:38 AM | Attr = ] &D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 0.90 | Size = 5977152 bytes | Modified Date = 6/19/2007 2:03:38 AM | Attr = ] &Search -> Reg Error: Value does not exist or could not be read. -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {45E91317-E172-438B-A3E0-1BC8FB20598E} -> () -> {47C56DA8-E388-4EF5-88D9-9F56D9A76F97} -> () -> {76CF95E2-1B44-4302-8788-B113A67F8FF5} -> 192.168.1.1,4.2.2.2 (Intel(R) PRO/100 VE Network Connection) -> {7C50E419-7120-4669-A1CF-F9926FE3CCA0} -> () -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Inc. [Ver = 1,0,4,12 | Size = 147456 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> File not found msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value siteadvisor:{3A5DC592-7723-4EAA-9EE6-AF4222BCF879} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SiteAdvisor\6261\SiteAdv.dll[Reg Error: Value does not exist or could not be read.] -> [Ver = | Size = 927008 bytes | Modified Date = 5/16/2008 11:49:40 AM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {138E6DC9-722B-4F4B-B09D-95D191869696}[HKEY_LOCAL_MACHINE] -> http://www.bebo.com/files/BeboUploader.5.1.4.cab[Bebo Uploader Control] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc3.cab[Office Update Installation Engine] -> {48DD0448-9209-4F81-9F6D-D83562940134}[HKEY_LOCAL_MACHINE] -> http://lads.myspace.com/upload/MySpaceUploader1006.cab[MySpace Uploader Control] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://by18fd.bay18.hotmail.msn.com/resources/MsnPUpld.cab[MSN Photo Upload Tool] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133303056875[WUWebControl Class] -> {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}[HKEY_LOCAL_MACHINE] -> http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab[System Requirements Lab Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143396802549[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> {BB383206-6DA1-4E80-B62A-3DF950FCC697}[HKEY_LOCAL_MACHINE] -> http://ak.imgag.com/imgag/cp/install/AxCtp2.cab[Create & Print ActiveX Plug-in] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab[Java Plug-in 1.5.0_10] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {EB387D2F-E27B-4D36-979E-847D1036C65D}[HKEY_LOCAL_MACHINE] -> http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326[QDiagHUpdateObj Class] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Samsung/Samsung PC Studio 3/UNICOWS.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Samsung/Samsung PC Studio 3/UNICOWS.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Samsung/Samsung PC Studio 3/UNICOWS.DLL\\{48DD0448-9209-4F81-9F6D-D83562940134} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Samsung/Samsung PC Studio 3/UNICOWS.DLL\\{138E6DC9-722B-4F4B-B09D-95D191869696} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BeboUploader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BeboUploader.ocx\\.Owner -> {138E6DC9-722B-4F4B-B09D-95D191869696} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BeboUploader.ocx\\{138E6DC9-722B-4F4B-B09D-95D191869696} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\.Owner -> {48DD0448-9209-4F81-9F6D-D83562940134} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MySpaceUploader.ocx\\{48DD0448-9209-4F81-9F6D-D83562940134} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PerfomanceOptimizerPre_Installer.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PerfomanceOptimizerPre_Installer.exe\\.Owner -> {3585526B-10F8-07A3-55D1-B5777145E1E6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PerfomanceOptimizerPre_Installer.exe\\{3585526B-10F8-07A3-55D1-B5777145E1E6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\\.Owner -> {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/sysreqlab2.dll\\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/AxCtp2.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/AxCtp2.dll\\.Owner -> {BB383206-6DA1-4E80-B62A-3DF950FCC697} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/AxCtp2.dll\\{BB383206-6DA1-4E80-B62A-3DF950FCC697} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI.VXD\\{EB387D2F-E27B-4D36-979E-847D1036C65D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI2.sys\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI2.sys\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DDMI2.sys\\{EB387D2F-E27B-4D36-979E-847D1036C65D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.sys\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.sys\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.sys\\{EB387D2F-E27B-4D36-979E-847D1036C65D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.VXD\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.VXD\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/DLPT2.VXD\\{EB387D2F-E27B-4D36-979E-847D1036C65D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/qdiagh.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/qdiagh.ocx\\.Owner -> {EB387D2F-E27B-4D36-979E-847D1036C65D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/qdiagh.ocx\\{EB387D2F-E27B-4D36-979E-847D1036C65D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> {00020000-0000-1011-8004-0000C06B5161} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\WIBU-SYSTEMS\System\WibuShellExt.dll [WIBU-SYSTEMS Shell Extension] -> WIBU-SYSTEMS AG [Ver = Version 1.01 of 2001-Nov-28 | Size = 335872 bytes | Modified Date = 12/27/2001 12:02:12 PM | Attr = ] {1CDB2949-8F65-4355-8456-263E7C208A5D} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nvshell.dll [Desktop Explorer] -> [Ver = | Size = 466944 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] {1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nvshell.dll [Desktop Explorer Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] {1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nvshell.dll [nView Desktop Context Menu] -> [Ver = | Size = 466944 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] {32020A01-506E-484D-A2A8-BE3CF17601C3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [AlcoholShellEx] -> File not found {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Media Band] -> File not found {42071714-76d4-11d1-8b24-00a0c9068ff3} [HKEY_LOCAL_MACHINE] -> [Display Panning CPL Extension] -> File not found {506F4668-F13E-4AA1-BB04-B43203AB3CC0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft Office\Visio11\VISSHE.DLL [{506F4668-F13E-4AA1-BB04-B43203AB3CC0}] -> [Ver = | Size = 785464 bytes | Modified Date = 8/16/2003 7:29:34 AM | Attr = ] {52B87208-9CCF-42C9-B88E-069281105805} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Trojan Remover Shell Extension] -> File not found {72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Groove GFS Browser Helper] -> File not found {764BF0E1-F219-11ce-972D-00AA00A14F56} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Shell extensions for file compression] -> File not found {79BC0345-1015-11D2-A299-006008312725} [HKEY_LOCAL_MACHINE] -> F:\software\Pinnacle.studio.v11-MAGNiTUDE\programs\BlueShellExt.dll [blue.shell] -> [Ver = | Size = 253952 bytes | Modified Date = 4/6/2007 1:18:54 PM | Attr = ] {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Encryption Context Menu] -> File not found {88895560-9AA2-1069-930E-00AA0030EBC8} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ] {906b0e6e-61ce-11d3-8ee2-0060080a7242} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QuickSFV\QSFVShll.dll [QuickSFV Shell Extension] -> Mercedes [Ver = 2, 3, 4, 0 | Size = 106496 bytes | Modified Date = 7/15/2007 12:56:46 AM | Attr = ] {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [PowerISO] -> File not found {A70C977A-BF00-412C-90B7-034C51DA2439} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 128512 bytes | Modified Date = 5/22/2007 10:59:22 AM | Attr = ] {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Inc. [Ver = 7.6.1.9 | Size = 132392 bytes | Modified Date = 2/19/2008 1:10:32 PM | Attr = ] {D66DC78C-4F61-447F-942B-3FB6980118CF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft Office\Visio11\VISSHE.DLL [{D66DC78C-4F61-447F-942B-3FB6980118CF}] -> [Ver = | Size = 785464 bytes | Modified Date = 8/16/2003 7:29:34 AM | Attr = ] {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE] -> [WebCheck] -> File not found {EBDF1F20-C829-11D1-8233-FF20AF3E97A9} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [TrojanHunter Menu Shell Extension] -> File not found {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealOne Player\rpshell.dll [Shell Extensions for RealOne Player] -> RealNetworks, Inc. [Ver = 1.0.1.2219 | Size = 49198 bytes | Modified Date = 12/26/2005 10:19:03 PM | Attr = ] {f39a0dc0-9cc8-11d0-a599-00c04fd64433} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Channel File] -> File not found {f3aa0dc0-9cc8-11d0-a599-00c04fd64434} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Channel Shortcut] -> File not found {f3ba0dc0-9cc8-11d0-a599-00c04fd64435} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Channel Handler Object] -> File not found {f3da0dc0-9cc8-11d0-a599-00c04fd64437} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Channel Menu] -> File not found {f3ea0dc0-9cc8-11d0-a599-00c04fd64438} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Channel Properties] -> File not found {FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.9371 | Size = 7700480 bytes | Modified Date = 10/22/2006 12:22:00 PM | Attr = ] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1124 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 00 CC 09 5F 11 89 59 98 9C 78 53 AC C5 6E 0F F7 61 65 35 33 66 31 31 66 00 68 07 00 01 00 00 00 D8 00 00 00 DC 00 00 00 48 FA 06 00 D6 48 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 D2 E2 FA 09 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 89 1C C6 31 E9 F0 6A D3 E3 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 1E 70 8E 9A 24 D5 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 3/31/2003 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 20 5C E8 9F A7 D6 6C DA 48 7B A7 31 07 8A 92 CA [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 18 24 3F 5B 52 E4 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 9E B7 33 F0 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 36 F3 D1 E7 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 9E B7 33 F0 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11477 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\FlashFXP\flashfxp.exe -> %ProgramFiles%\FlashFXP\flashfxp.exe [C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3] -> IniCom Networks, Inc. [Ver = 3.2.0.1080 | Size = 2380896 bytes | Modified Date = 5/5/2005 2:59:20 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 1:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe -> %ProgramFiles%\BitComet\BitComet.exe [C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> www.BitComet.com [Ver = 0.90 | Size = 5977152 bytes | Modified Date = 6/19/2007 2:03:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\fxsclnt.exe -> %SystemRoot%\system32\fxsclnt.exe [C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console] -> Microsoft Corporation [Ver = 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143360 bytes | Modified Date = 8/4/2004 1:56:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe -> %ProgramFiles%\Ahead\Nero ShowTime\ShowTime.exe [C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime] -> Nero AG [Ver = 2, 0, 1, 9 | Size = 3661824 bytes | Modified Date = 10/19/2005 1:38:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 625664 bytes | Modified Date = 4/22/2008 2:40:18 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe -> %ProgramFiles%\IVT Corporation\BlueSoleil\BlueSoleil.exe [C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil] -> IVT Corporation [Ver = 2, 3, 0, 0 | Size = 626176 bytes | Modified Date = 7/16/2006 5:33:36 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6014.5000 | Size = 12812664 bytes | Modified Date = 3/23/2007 12:17:52 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> %ProgramFiles%\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 10/27/2006 3:37:44 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> %ProgramFiles%\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 10/27/2006 3:03:04 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Inc. [Ver = 1,0,4,12 | Size = 229376 bytes | Modified Date = 7/24/2007 3:17:08 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.6.1.9 | Size = 19897640 bytes | Modified Date = 2/19/2008 1:10:26 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FlashFXP\flashfxp.exe -> %ProgramFiles%\FlashFXP\flashfxp.exe [C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3] -> IniCom Networks, Inc. [Ver = 3.2.0.1080 | Size = 2380896 bytes | Modified Date = 5/5/2005 2:59:20 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> %CommonProgramFiles%\McAfee\MNA\McNASvc.exe [C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent] -> McAfee, Inc. [Ver = 2,1,143,0 | Size = 2458128 bytes | Modified Date = 1/25/2008 1:38:12 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\software\Pinnacle.studio.v11-MAGNiTUDE\programs\RM.exe -> F:\software\Pinnacle.studio.v11-MAGNiTUDE\programs\RM.exe [F:\software\Pinnacle.studio.v11-MAGNiTUDE\programs\RM.exe:*:Enabled:Render Manager] -> Pinnacle Systems [Ver = 7.1.1.5082 | Size = 73728 bytes | Modified Date = 4/6/2007 1:17:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\software\Pinnacle.studio.v11-MAGNiTUDE\programs\Studio.exe -> F:\software\Pinnacle.studio.v11-MAGNiTUDE\programs\Studio.exe [F:\software\Pinnacle.studio.v11-MAGNiTUDE\programs\Studio.exe:*:Enabled:Studio] -> Pinnacle Systems [Ver = 11.0.0.5082 | Size = 5505024 bytes | Modified Date = 4/6/2007 1:40:20 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\software\Pinnacle.studio.v11-MAGNiTUDE\programs\PMSRegisterFile.exe -> F:\software\Pinnacle.studio.v11-MAGNiTUDE\programs\PMSRegisterFile.exe [F:\software\Pinnacle.studio.v11-MAGNiTUDE\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile] -> [Ver = 1.0.2090.28238 | Size = 24576 bytes | Modified Date = 11/21/2006 5:05:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\F:\software\Pinnacle.studio.v11-MAGNiTUDE\programs\umi.exe -> F:\software\Pinnacle.studio.v11-MAGNiTUDE\programs\umi.exe [F:\software\Pinnacle.studio.v11-MAGNiTUDE\programs\umi.exe:*:Enabled:umi] -> Pinnacle Systems [Ver = 7.1.1.5082 | Size = 81920 bytes | Modified Date = 4/6/2007 1:16:44 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 11:24:37 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\60004:TCP -> 60004:TCP:*:Enabled:BitComet 60004 TCP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\60004:UDP -> 60004:UDP:*:Enabled:BitComet 60004 UDP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 1:56:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> -> File not found .cmd [@ = cmdfile] -> -> File not found .com [@ = ComFile] -> -> File not found .exe [@ = exefile] -> -> File not found .pif [@ = piffile] -> -> File not found .scr [@ = scrfile] -> -> File not found [Files/Folders - Created Within 90 days] BOOT.BKK -> %SystemDrive%\BOOT.BKK -> [Ver = | Size = 267 bytes | Created Date = 7/6/2008 6:42:41 PM | Attr = HS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 7/9/2008 5:06:37 PM | Attr = ] cmldr -> %SystemDrive%\cmldr -> [Ver = | Size = 260272 bytes | Created Date = 7/9/2008 5:06:47 PM | Attr = ] Logs -> %SystemDrive%\Logs -> [Folder | Created Date = 5/12/2008 2:27:52 PM | Attr = ] NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Created Date = 6/29/2008 8:53:36 PM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 7/12/2008 1:54:24 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 7/12/2008 8:25:51 PM | Attr = HS] TEST.XML -> %SystemDrive%\TEST.XML -> [Ver = | Size = 45 bytes | Created Date = 7/8/2008 11:49:23 PM | Attr = ] MarvinBus.sys -> %SystemRoot%\System32\drivers\MarvinBus.sys -> Pinnacle Systems GmbH [Ver = 2.1.29.0 | Size = 171520 bytes | Created Date = 6/28/2008 7:53:01 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 6/25/2008 4:07:39 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 6/25/2008 4:07:40 PM | Attr = ] mfeavfk.sys -> %SystemRoot%\System32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 79304 bytes | Created Date = 6/25/2008 6:08:59 PM | Attr = ] mfebopk.sys -> %SystemRoot%\System32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 35240 bytes | Created Date = 6/25/2008 6:08:59 PM | Attr = ] mfehidk.sys -> %SystemRoot%\System32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 201320 bytes | Created Date = 6/25/2008 6:08:59 PM | Attr = ] mferkdk.sys -> %SystemRoot%\System32\drivers\mferkdk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.291.x86 | Size = 33832 bytes | Created Date = 6/25/2008 6:09:05 PM | Attr = ] mfesmfk.sys -> %SystemRoot%\System32\drivers\mfesmfk.sys -> McAfee, Inc. [Ver = SYSCORE.14.0.0.284.x86 | Size = 40488 bytes | Created Date = 6/25/2008 6:09:00 PM | Attr = ] Mpfp.sys -> %SystemRoot%\System32\drivers\Mpfp.sys -> McAfee, Inc. [Ver = 9.0.114.0 | Size = 113952 bytes | Created Date = 6/25/2008 6:08:46 PM | Attr = ] RkPavProc.sys -> %SystemRoot%\System32\drivers\RkPavProc.sys -> Panda Security, S.L. [Ver = 1, 0, 1, 0 | Size = 15024 bytes | Created Date = 6/24/2008 9:34:56 PM | Attr = ] AddiTunes.exe -> %SystemRoot%\System32\AddiTunes.exe -> [Ver = | Size = 86016 bytes | Created Date = 7/4/2008 12:43:04 PM | Attr = ] apex3gp.exe -> %SystemRoot%\System32\apex3gp.exe -> [Ver = | Size = 109568 bytes | Created Date = 7/4/2008 12:43:07 PM | Attr = ] apexchanger.exe -> %SystemRoot%\System32\apexchanger.exe -> [Ver = | Size = 120320 bytes | Created Date = 7/4/2008 12:43:07 PM | Attr = ] apexconverter.exe -> %SystemRoot%\System32\apexconverter.exe -> [Ver = | Size = 4755968 bytes | Created Date = 7/4/2008 12:43:06 PM | Attr = ] apexconverter.exe.stackdump -> %SystemRoot%\System32\apexconverter.exe.stackdump -> [Ver = | Size = 1017 bytes | Created Date = 7/4/2008 1:15:39 PM | Attr = ] AVIPrAx.dll -> %SystemRoot%\System32\AVIPrAx.dll -> Pinnacle Systems GmbH [Ver = 4.3.134 | Size = 126976 bytes | Created Date = 6/28/2008 8:05:46 PM | Attr = ] cacheX.dll -> %SystemRoot%\System32\cacheX.dll -> Pinnacle Systems GmbH [Ver = 7.0.250.00 | Size = 41984 bytes | Created Date = 6/28/2008 8:05:46 PM | Attr = ] Config.MPF -> %SystemRoot%\System32\Config.MPF -> [Ver = | Size = 14691 bytes | Created Date = 6/25/2008 6:15:09 PM | Attr = ] cygwin1.dll -> %SystemRoot%\System32\cygwin1.dll -> Red Hat [Ver = 1.5.18 | Size = 1295582 bytes | Created Date = 7/4/2008 12:43:04 PM | Attr = ] cygz.dll -> %SystemRoot%\System32\cygz.dll -> [Ver = | Size = 61440 bytes | Created Date = 7/4/2008 12:43:04 PM | Attr = ] DiskIO.dll -> %SystemRoot%\System32\DiskIO.dll -> Pinnacle Systems GmbH [Ver = 7.0.422 | Size = 233472 bytes | Created Date = 6/28/2008 8:05:47 PM | Attr = ] dunzip32.dll -> %SystemRoot%\System32\dunzip32.dll -> Inner Media, Inc. [Ver = 5.00.06 | Size = 143360 bytes | Created Date = 6/25/2008 6:12:17 PM | Attr = ] INI_Add_mfra.ini -> %SystemRoot%\System32\INI_Add_mfra.ini -> [Ver = | Size = 36 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] INI_Pro_3GP2_AAC.ini -> %SystemRoot%\System32\INI_Pro_3GP2_AAC.ini -> [Ver = | Size = 5028 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] INI_Pro_3GP_AAC.ini -> %SystemRoot%\System32\INI_Pro_3GP_AAC.ini -> [Ver = | Size = 7196 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] INI_Pro_3GP_AMR.ini -> %SystemRoot%\System32\INI_Pro_3GP_AMR.ini -> [Ver = | Size = 2910 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] INI_Pro_iPod.ini -> %SystemRoot%\System32\INI_Pro_iPod.ini -> [Ver = | Size = 3045 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] INI_Pro_PMP.ini -> %SystemRoot%\System32\INI_Pro_PMP.ini -> [Ver = | Size = 2956 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] INI_Pro_PPC.ini -> %SystemRoot%\System32\INI_Pro_PPC.ini -> [Ver = | Size = 2516 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] INI_Pro_PSP.ini -> %SystemRoot%\System32\INI_Pro_PSP.ini -> [Ver = | Size = 6490 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] INI_Pro_Xbox.ini -> %SystemRoot%\System32\INI_Pro_Xbox.ini -> [Ver = | Size = 1814 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] INI_QT_3GPP2_QCIF_AAC.ini -> %SystemRoot%\System32\INI_QT_3GPP2_QCIF_AAC.ini -> [Ver = | Size = 1964 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] INI_QT_3GPP2_QVGA_AAC.ini -> %SystemRoot%\System32\INI_QT_3GPP2_QVGA_AAC.ini -> [Ver = | Size = 1964 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] INI_QT_3GPP_QCIF_AAC.ini -> %SystemRoot%\System32\INI_QT_3GPP_QCIF_AAC.ini -> [Ver = | Size = 1814 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] INI_QT_3GPP_QCIF_AMR.ini -> %SystemRoot%\System32\INI_QT_3GPP_QCIF_AMR.ini -> [Ver = | Size = 1814 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] INI_QT_3GPP_QVGA_AAC.ini -> %SystemRoot%\System32\INI_QT_3GPP_QVGA_AAC.ini -> [Ver = | Size = 1814 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] INI_QT_3GPP_QVGA_AMR.ini -> %SystemRoot%\System32\INI_QT_3GPP_QVGA_AMR.ini -> [Ver = | Size = 1814 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] lfbmp13s.dll -> %SystemRoot%\System32\lfbmp13s.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.053 | Size = 70144 bytes | Created Date = 6/28/2008 8:05:19 PM | Attr = ] LFCMP13s.DLL -> %SystemRoot%\System32\LFCMP13s.DLL -> LEAD Technologies, Inc. [Ver = 13.0.0.053 | Size = 409600 bytes | Created Date = 6/28/2008 8:05:20 PM | Attr = ] lfpsd13s.dll -> %SystemRoot%\System32\lfpsd13s.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.053 | Size = 110080 bytes | Created Date = 6/28/2008 8:05:20 PM | Attr = ] lftga13n.dll -> %SystemRoot%\System32\lftga13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 24576 bytes | Created Date = 6/28/2008 8:05:20 PM | Attr = ] lftga13s.dll -> %SystemRoot%\System32\lftga13s.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.053 | Size = 64512 bytes | Created Date = 6/28/2008 8:05:20 PM | Attr = ] LMLRes.dll -> %SystemRoot%\System32\LMLRes.dll -> Fellowes, Inc. [Ver = 4,0,0,114 | Size = 12288 bytes | Created Date = 6/28/2008 8:05:20 PM | Attr = ] LMUIRes.dll -> %SystemRoot%\System32\LMUIRes.dll -> Fellowes, Inc. [Ver = 4,0,0,114 | Size = 884736 bytes | Created Date = 6/28/2008 8:05:20 PM | Attr = ] LTCLR13n.dll -> %SystemRoot%\System32\LTCLR13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.084 | Size = 1693696 bytes | Created Date = 6/28/2008 8:05:20 PM | Attr = ] LTCLR13s.dll -> %SystemRoot%\System32\LTCLR13s.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.038 | Size = 2079232 bytes | Created Date = 6/28/2008 8:05:21 PM | Attr = ] Ltr13n.dll -> %SystemRoot%\System32\Ltr13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.053 | Size = 930992 bytes | Created Date = 6/28/2008 8:05:21 PM | Attr = ] Ltrio13n.dll -> %SystemRoot%\System32\Ltrio13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.053 | Size = 306352 bytes | Created Date = 6/28/2008 8:05:21 PM | Attr = ] Ltwvc13n.dll -> %SystemRoot%\System32\Ltwvc13n.dll -> LEAD Technologies, Inc. [Ver = 13.0.0.035 | Size = 1013248 bytes | Created Date = 6/28/2008 8:05:21 PM | Attr = ] ma32.dll -> %SystemRoot%\System32\ma32.dll -> [Ver = | Size = 27648 bytes | Created Date = 6/28/2008 7:58:16 PM | Attr = ] macd32.dll -> %SystemRoot%\System32\macd32.dll -> [Ver = 1, 0, 0, 1 | Size = 196096 bytes | Created Date = 6/28/2008 7:58:16 PM | Attr = ] mamc32.dll -> %SystemRoot%\System32\mamc32.dll -> [Ver = 1, 0, 0, 1 | Size = 136192 bytes | Created Date = 6/28/2008 7:58:16 PM | Attr = ] masd32.dll -> %SystemRoot%\System32\masd32.dll -> [Ver = | Size = 57856 bytes | Created Date = 6/28/2008 7:58:16 PM | Attr = ] mase32.dll -> %SystemRoot%\System32\mase32.dll -> [Ver = | Size = 138752 bytes | Created Date = 6/28/2008 7:58:16 PM | Attr = ] MLPagAx.dll -> %SystemRoot%\System32\MLPagAx.dll -> Pinnacle Systems GmbH [Ver = 1.2.113 | Size = 32768 bytes | Created Date = 6/28/2008 8:05:46 PM | Attr = ] MMAviAx.dll -> %SystemRoot%\System32\MMAviAx.dll -> Pinnacle Systems GmbH [Ver = 4.3.83 | Size = 73728 bytes | Created Date = 6/28/2008 8:05:46 PM | Attr = ] mpgfiltr.ax -> %SystemRoot%\System32\mpgfiltr.ax -> Essien Research & Development [Ver = 2.51 | Size = 856064 bytes | Created Date = 7/4/2008 12:42:47 PM | Attr = ] NCTAudioCompress2.dll -> %SystemRoot%\System32\NCTAudioCompress2.dll -> Online Media Technologies Ltd. [Ver = 2,6,4,245 | Size = 778240 bytes | Created Date = 7/4/2008 12:42:55 PM | Attr = ] NCTAudioCompress3.dll -> %SystemRoot%\System32\NCTAudioCompress3.dll -> Online Media Technologies Ltd. [Ver = 1,1,3,694 | Size = 2846720 bytes | Created Date = 7/4/2008 12:42:57 PM | Attr = ] NCTAudioFormatSettings3.dll -> %SystemRoot%\System32\NCTAudioFormatSettings3.dll -> Online Media Technologies Ltd. [Ver = 1,1,1,123 | Size = 90112 bytes | Created Date = 7/4/2008 12:42:58 PM | Attr = ] NCTAVIFile.dll -> %SystemRoot%\System32\NCTAVIFile.dll -> NCT Company Ltd. [Ver = 1,6,2,441 | Size = 382464 bytes | Created Date = 7/4/2008 12:42:59 PM | Attr = ] NCTImageFile.dll -> %SystemRoot%\System32\NCTImageFile.dll -> Online Media Technologies Ltd. [Ver = 1,9,3,493 | Size = 626688 bytes | Created Date = 7/4/2008 12:43:03 PM | Attr = ] NCTQuickTimeFile.dll -> %SystemRoot%\System32\NCTQuickTimeFile.dll -> Online Media Technologies Company Ltd. [Ver = 1,6,3,1829 | Size = 249856 bytes | Created Date = 7/4/2008 12:43:02 PM | Attr = ] NCTRMFile.dll -> %SystemRoot%\System32\NCTRMFile.dll -> NCT Company Ltd. [Ver = 1,6,2,346 | Size = 764416 bytes | Created Date = 7/4/2008 12:43:01 PM | Attr = ] NCTVideoCompress.dll -> %SystemRoot%\System32\NCTVideoCompress.dll -> NCT Company Ltd. [Ver = 1,6,2,1384 | Size = 780288 bytes | Created Date = 7/4/2008 12:42:58 PM | Attr = ] NCTVideoCoreM.dll -> %SystemRoot%\System32\NCTVideoCoreM.dll -> NCT Company Ltd. [Ver = 1,6,2,1268 | Size = 495104 bytes | Created Date = 7/4/2008 12:43:00 PM | Attr = ] NCTVideoFile.dll -> %SystemRoot%\System32\NCTVideoFile.dll -> NCT Company Ltd. [Ver = 1,6,2,115 | Size = 188416 bytes | Created Date = 7/4/2008 12:42:56 PM | Attr = ] NCTVideoView.dll -> %SystemRoot%\System32\NCTVideoView.dll -> Online Media Technologies Ltd. [Ver = 1,6,1,163 | Size = 312320 bytes | Created Date = 7/4/2008 12:42:56 PM | Attr = ] NCTWMVFile.dll -> %SystemRoot%\System32\NCTWMVFile.dll -> NCT Company Ltd. [Ver = 1,4,1,140 | Size = 215552 bytes | Created Date = 7/4/2008 12:42:54 PM | Attr = ] NVUNINST.EXE -> %SystemRoot%\System32\NVUNINST.EXE -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 55 | Size = 208896 bytes | Created Date = 6/29/2008 8:54:23 PM | Attr = ] PCLEGetGuid.dll -> %SystemRoot%\System32\PCLEGetGuid.dll -> Pinnacle Systems [Ver = 2, 0, 0, 2 | Size = 49152 bytes | Created Date = 6/28/2008 7:51:58 PM | Attr = ] pvmjpg30.dll -> %SystemRoot%\System32\pvmjpg30.dll -> Pegasus Imaging Corporation [Ver = 3.0.0.12 | Size = 401408 bytes | Created Date = 6/28/2008 8:07:14 PM | Attr = ] RALMain.dll -> %SystemRoot%\System32\RALMain.dll -> Pinnacle Systems GmbH [Ver = 2.0.282 | Size = 184320 bytes | Created Date = 6/28/2008 8:05:46 PM | Attr = ] RealMediaSplitter.ax -> %SystemRoot%\System32\RealMediaSplitter.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 421888 bytes | Created Date = 7/4/2008 12:42:47 PM | Attr = ] RMBin -> %SystemRoot%\System32\RMBin -> [Folder | Created Date = 7/4/2008 12:42:47 PM | Attr = ] vfw_32.reg -> %SystemRoot%\System32\vfw_32.reg -> [Ver = | Size = 28 bytes | Created Date = 7/10/2008 6:29:25 PM | Attr = ] VideoEdit.ocx -> %SystemRoot%\System32\VideoEdit.ocx -> Viscom Software www.viscomsoft.com [Ver = 1.0 | Size = 208896 bytes | Created Date = 7/4/2008 12:42:47 PM | Attr = ] viscomqtde.dll -> %SystemRoot%\System32\viscomqtde.dll -> Viscom Software www.viscomsoft.com [Ver = 1.0 | Size = 139264 bytes | Created Date = 7/4/2008 12:42:47 PM | Attr = ] viscomqtenc.dll -> %SystemRoot%\System32\viscomqtenc.dll -> Viscom Software www.viscomsoft.com [Ver = 1.0 | Size = 147456 bytes | Created Date = 7/4/2008 12:42:46 PM | Attr = ] viscomwave.dll -> %SystemRoot%\System32\viscomwave.dll -> Viscom Software [Ver = | Size = 81920 bytes | Created Date = 7/4/2008 12:42:46 PM | Attr = ] avisplitter.INI -> %SystemRoot%\avisplitter.INI -> [Ver = | Size = 38 bytes | Created Date = 5/24/2008 12:55:05 AM | Attr = ] BMeb586c94.xml -> %SystemRoot%\BMeb586c94.xml -> [Ver = | Size = 110339 bytes | Created Date = 6/25/2008 3:41:13 PM | Attr = ] dallas.jpg -> %SystemRoot%\dallas.jpg -> [Ver = | Size = 177924 bytes | Created Date = 7/6/2008 6:40:03 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 7/12/2008 1:54:58 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 7/12/2008 1:54:20 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 7/12/2008 1:54:20 PM | Attr = ] icons -> %SystemRoot%\icons -> [Folder | Created Date = 7/6/2008 6:27:52 PM | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 7/13/2008 10:13:03 AM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 7/12/2008 1:54:20 PM | Attr = ] RSETPATH.exe -> %SystemRoot%\RSETPATH.exe -> Pinnacle Systems [Ver = 1.40 | Size = 41219 bytes | Created Date = 6/28/2008 7:52:59 PM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 7/12/2008 1:54:20 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 7/12/2008 1:54:20 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 7/12/2008 1:54:19 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 7/12/2008 1:54:19 PM | Attr = ] valhal99.fnt -> %SystemRoot%\valhal99.fnt -> [Ver = | Size = 15612 bytes | Created Date = 7/10/2008 6:29:25 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 7/12/2008 1:54:19 PM | Attr = ] WMPrfAra.prx -> %SystemRoot%\WMPrfAra.prx -> [Ver = | Size = 25269 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] WMPrfCHS.prx -> %SystemRoot%\WMPrfCHS.prx -> [Ver = | Size = 83 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] WMPrfCHT.prx -> %SystemRoot%\WMPrfCHT.prx -> [Ver = | Size = 77 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] wmprfcsy.prx -> %SystemRoot%\wmprfcsy.prx -> [Ver = | Size = 18878 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] wmprfdan.prx -> %SystemRoot%\wmprfdan.prx -> [Ver = | Size = 15903 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] WMPrfDeu.prx -> %SystemRoot%\WMPrfDeu.prx -> [Ver = | Size = 17025 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] wmprfell.prx -> %SystemRoot%\wmprfell.prx -> [Ver = | Size = 27807 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] wmprfesp.prx -> %SystemRoot%\wmprfesp.prx -> [Ver = | Size = 17953 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] wmprffin.prx -> %SystemRoot%\wmprffin.prx -> [Ver = | Size = 16265 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] wmprffra.prx -> %SystemRoot%\wmprffra.prx -> [Ver = | Size = 19437 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] wmprfheb.prx -> %SystemRoot%\wmprfheb.prx -> [Ver = | Size = 20481 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] wmprfhun.prx -> %SystemRoot%\wmprfhun.prx -> [Ver = | Size = 19751 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] wmprfita.prx -> %SystemRoot%\wmprfita.prx -> [Ver = | Size = 17830 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] WMPrfJpn.prx -> %SystemRoot%\WMPrfJpn.prx -> [Ver = | Size = 20704 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] WMPrfKor.prx -> %SystemRoot%\WMPrfKor.prx -> [Ver = | Size = 17903 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] wmprfnld.prx -> %SystemRoot%\wmprfnld.prx -> [Ver = | Size = 16398 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] wmprfnor.prx -> %SystemRoot%\wmprfnor.prx -> [Ver = | Size = 16446 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] wmprfplk.prx -> %SystemRoot%\wmprfplk.prx -> [Ver = | Size = 18536 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] wmprfptb.prx -> %SystemRoot%\wmprfptb.prx -> [Ver = | Size = 17199 bytes | Created Date = 6/28/2008 7:52:01 PM | Attr = ] wmprfptg.prx -> %SystemRoot%\wmprfptg.prx -> [Ver = | Size = 18422 bytes | Created Date = 6/28/2008 7:52:02 PM | Attr = ] wmprfrus.prx -> %SystemRoot%\wmprfrus.prx -> [Ver = | Size = 635 bytes | Created Date = 6/28/2008 7:52:02 PM | Attr = ] wmprfsky.prx -> %SystemRoot%\wmprfsky.prx -> [Ver = | Size = 20055 bytes | Created Date = 6/28/2008 7:52:02 PM | Attr = ] wmprfslv.prx -> %SystemRoot%\wmprfslv.prx -> [Ver = | Size = 16814 bytes | Created Date = 6/28/2008 7:52:02 PM | Attr = ] wmprfsve.prx -> %SystemRoot%\wmprfsve.prx -> [Ver = | Size = 17019 bytes | Created Date = 6/28/2008 7:52:02 PM | Attr = ] wmprftrk.prx -> %SystemRoot%\wmprftrk.prx -> [Ver = | Size = 16822 bytes | Created Date = 6/28/2008 7:52:02 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 7/12/2008 1:54:20 PM | Attr = ] McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 342 bytes | Created Date = 6/25/2008 6:08:15 PM | Attr = ] McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 334 bytes | Created Date = 6/25/2008 6:08:14 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Created Date = 6/24/2008 10:51:23 PM | Attr = ] FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet -> [Folder | Created Date = 6/24/2008 6:52:56 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 6/25/2008 4:07:40 PM | Attr = ] MSN6 -> %AllUsersProfile%\Application Data\MSN6 -> [Folder | Created Date = 6/8/2008 5:21:44 PM | Attr = ] Pinnacle Studio -> %AllUsersProfile%\Application Data\Pinnacle Studio -> [Folder | Created Date = 6/28/2008 7:48:51 PM | Attr = ] SiteAdvisor -> %AllUsersProfile%\Application Data\SiteAdvisor -> [Folder | Created Date = 6/25/2008 6:13:49 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Created Date = 7/6/2008 1:45:06 PM | Attr = ] FileSubmit -> %AppData%\FileSubmit -> [Folder | Created Date = 7/6/2008 6:54:03 PM | Attr = ] iPod Copy Expert -> %AppData%\iPod Copy Expert -> [Folder | Created Date = 5/12/2008 3:07:01 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 6/25/2008 4:16:21 PM | Attr = ] McAfee -> %AppData%\McAfee -> [Folder | Created Date = 6/25/2008 6:23:41 PM | Attr = ] MSN6 -> %AppData%\MSN6 -> [Folder | Created Date = 6/8/2008 5:21:43 PM | Attr = ] SiteAdvisor -> %AppData%\SiteAdvisor -> [Folder | Created Date = 6/25/2008 6:13:49 PM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Created Date = 6/24/2008 5:43:15 PM | Attr = ] My Projects -> %AllUsersProfile%\Documents\My Projects -> [Folder | Created Date = 6/28/2008 7:58:07 PM | Attr = ] Pinnacle -> %AllUsersProfile%\Documents\Pinnacle -> [Folder | Created Date = 6/28/2008 7:48:51 PM | Attr = ] Pinnacle Studio -> %AllUsersProfile%\Documents\Pinnacle Studio -> [Folder | Created Date = 6/28/2008 7:48:51 PM | Attr = ] apex-free-3gp-converter.exe -> %UserProfile%\My Documents\apex-free-3gp-converter.exe -> Apex Corporation [Ver = 6.33 | Size = 14835728 bytes | Created Date = 7/4/2008 12:42:08 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\apex-free-3gp-converter.exe:Zone.Identifier codes.doc -> %UserProfile%\My Documents\codes.doc -> [Ver = | Size = 38912 bytes | Created Date = 7/8/2008 8:43:47 PM | Attr = ] corphome_13910_en-us_12m_r1.exe -> %UserProfile%\My Documents\corphome_13910_en-us_12m_r1.exe -> [Ver = | Size = 37694488 bytes | Created Date = 6/25/2008 5:49:28 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\corphome_13910_en-us_12m_r1.exe:Zone.Identifier Dallas_skyline_night.jpg -> %UserProfile%\My Documents\Dallas_skyline_night.jpg -> [Ver = | Size = 54659 bytes | Created Date = 7/6/2008 5:14:48 PM | Attr = ] dlhb.pdf -> %UserProfile%\My Documents\dlhb.pdf -> [Ver = | Size = 3838366 bytes | Created Date = 5/27/2008 7:46:39 PM | Attr = ] dt -> %UserProfile%\My Documents\dt -> [Folder | Created Date = 6/20/2008 7:10:42 AM | Attr = ] IEFix.exe -> %UserProfile%\My Documents\IEFix.exe -> [Ver = 1.06 | Size = 15360 bytes | Created Date = 6/24/2008 11:51:25 PM | Attr = ] Instant DVD Recorder.lnk -> %UserProfile%\My Documents\Instant DVD Recorder.lnk -> [Ver = | Size = 531 bytes | Created Date = 6/28/2008 8:09:28 PM | Attr = ] JAMES MYSPACE.doc -> %UserProfile%\My Documents\JAMES MYSPACE.doc -> [Ver = | Size = 1481216 bytes | Created Date = 7/1/2008 11:24:20 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %UserProfile%\My Documents\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 559 bytes | Created Date = 6/25/2008 4:07:40 PM | Attr = ] mbam-setup.exe -> %UserProfile%\My Documents\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1665344 bytes | Created Date = 6/25/2008 3:41:33 PM | Attr = ] McAfee EasyNetwork.lnk -> %UserProfile%\My Documents\McAfee EasyNetwork.lnk -> [Ver = | Size = 666 bytes | Created Date = 6/25/2008 6:14:43 PM | Attr = ] McAfee Security Center.lnk -> %UserProfile%\My Documents\McAfee Security Center.lnk -> [Ver = | Size = 671 bytes | Created Date = 6/25/2008 6:14:42 PM | Attr = ] McAfee Total Protection 2008-Retail -> %UserProfile%\My Documents\McAfee Total Protection 2008-Retail -> [Folder | Created Date = 6/25/2008 5:57:28 PM | Attr = ] msvbvm60.zip -> %UserProfile%\My Documents\msvbvm60.zip -> [Ver = | Size = 694679 bytes | Created Date = 6/25/2008 4:13:38 PM | Attr = ] My Art -> %UserProfile%\My Documents\My Art -> [Folder | Created Date = 4/29/2008 8:33:23 PM | Attr = ] My Projects -> %UserProfile%\My Documents\My Projects -> [Folder | Created Date = 6/28/2008 8:00:20 PM | Attr = ] PB190017.JPG -> %UserProfile%\My Documents\PB190017.JPG -> [Ver = | Size = 84440 bytes | Created Date = 4/27/2008 11:48:16 AM | Attr = ] Pinnacle Studio -> %UserProfile%\My Documents\Pinnacle Studio -> [Folder | Created Date = 6/28/2008 8:27:40 PM | Attr = ] Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 13824 bytes | Created Date = 7/6/2008 5:15:42 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable Updater5 -> %UserProfile%\My Documents\Updater5 -> [Folder | Created Date = 6/24/2008 6:58:51 PM | Attr = ] Wavepad Master Edition + Serial -> %UserProfile%\My Documents\Wavepad Master Edition + Serial -> [Folder | Created Date = 7/10/2008 7:05:02 PM | Attr = ] Xbins -> %UserProfile%\My Documents\Xbins -> [Folder | Created Date = 6/18/2008 9:18:57 PM | Attr = ] Express Burn.lnk -> %AllUsersProfile%\Desktop\Express Burn.lnk -> [Ver = | Size = 826 bytes | Created Date = 7/10/2008 7:09:39 PM | Attr = ] Express Rip.lnk -> %AllUsersProfile%\Desktop\Express Rip.lnk -> [Ver = | Size = 814 bytes | Created Date = 7/10/2008 7:09:43 PM | Attr = ] FileSubmit Downloads.lnk -> %AllUsersProfile%\Desktop\FileSubmit Downloads.lnk -> [Ver = | Size = 525 bytes | Created Date = 7/6/2008 6:28:17 PM | Attr = ] Studio.lnk -> %AllUsersProfile%\Desktop\Studio.lnk -> [Ver = | Size = 743 bytes | Created Date = 6/28/2008 8:09:28 PM | Attr = ] Switch.lnk -> %AllUsersProfile%\Desktop\Switch.lnk -> [Ver = | Size = 760 bytes | Created Date = 7/10/2008 7:09:52 PM | Attr = ] WavePad.lnk -> %AllUsersProfile%\Desktop\WavePad.lnk -> [Ver = | Size = 742 bytes | Created Date = 7/10/2008 7:09:00 PM | Attr = ] Apex Free 3GP Video Converter.lnk -> %UserProfile%\Desktop\Apex Free 3GP Video Converter.lnk -> [Ver = | Size = 877 bytes | Created Date = 7/4/2008 12:43:08 PM | Attr = ] avz4 -> %UserProfile%\Desktop\avz4 -> [Folder | Created Date = 7/12/2008 10:04:53 AM | Attr = ] avz4.zip -> %UserProfile%\Desktop\avz4.zip -> [Ver = | Size = 3639856 bytes | Created Date = 7/12/2008 10:03:59 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avz4.zip:Zone.Identifier cell phne ringtones -> %UserProfile%\Desktop\cell phne ringtones -> [Folder | Created Date = 7/10/2008 6:23:54 PM | Attr = ] fix computer -> %UserProfile%\Desktop\fix computer -> [Folder | Created Date = 7/10/2008 7:11:56 PM | Attr = ] FlashFXP.lnk -> %UserProfile%\Desktop\FlashFXP.lnk -> [Ver = | Size = 682 bytes | Created Date = 6/18/2008 9:23:32 PM | Attr = ] jadmaker -> %UserProfile%\Desktop\jadmaker -> [Folder | Created Date = 7/10/2008 5:39:35 PM | Attr = ] layout backgrounds.doc -> %UserProfile%\Desktop\layout backgrounds.doc -> [Ver = | Size = 29696 bytes | Created Date = 6/25/2008 11:45:02 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 7/13/2008 11:42:35 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 7/13/2008 11:41:16 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier samsung videos -> %UserProfile%\Desktop\samsung videos -> [Folder | Created Date = 7/4/2008 12:55:23 PM | Attr = ] Shortcut to ComboFix.exe.lnk -> %UserProfile%\Desktop\Shortcut to ComboFix.exe.lnk -> [Ver = | Size = 529 bytes | Created Date = 7/12/2008 1:53:14 PM | Attr = ] Shortcut to xmplay.lnk -> %UserProfile%\Desktop\Shortcut to xmplay.lnk -> [Ver = | Size = 535 bytes | Created Date = 7/4/2008 1:44:59 AM | Attr = ] Silent Runners.vbs -> %UserProfile%\Desktop\Silent Runners.vbs -> [Ver = | Size = 399648 bytes | Created Date = 7/12/2008 5:31:36 PM | Attr = ] SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Created Date = 7/11/2008 11:58:40 PM | Attr = ] StyleXPInstallMale.exe -> %UserProfile%\Desktop\StyleXPInstallMale.exe -> [Ver = | Size = 19580717 bytes | Created Date = 7/6/2008 6:19:01 PM | Attr = ] system -> %UserProfile%\Desktop\system -> [Folder | Created Date = 7/6/2008 5:02:31 PM | Attr = ] werewolf&kevon.jpg -> %UserProfile%\Desktop\werewolf&kevon.jpg -> [Ver = | Size = 293738 bytes | Created Date = 7/4/2008 1:23:24 AM | Attr = ] XMPlay -> %UserProfile%\Desktop\XMPlay -> [Folder | Created Date = 7/3/2008 11:39:15 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 7/5/2008 9:29:11 PM | Attr = ] McAfee -> %CommonProgramFiles%\McAfee -> [Folder | Created Date = 6/25/2008 6:07:37 PM | Attr = ] AdVantage -> %ProgramFiles%\AdVantage -> [Folder | Created Date = 7/6/2008 6:28:28 PM | Attr = ] Apex -> %ProgramFiles%\Apex -> [Folder | Created Date = 7/4/2008 12:42:42 PM | Attr = ] AVG -> %ProgramFiles%\AVG -> [Folder | Created Date = 6/24/2008 10:51:23 PM | Attr = ] ChameleonXP -> %ProgramFiles%\ChameleonXP -> [Folder | Created Date = 7/6/2008 6:22:48 PM | Attr = ] FileSubmit -> %ProgramFiles%\FileSubmit -> [Folder | Created Date = 7/6/2008 6:28:16 PM | Attr = ] FlashFXP -> %ProgramFiles%\FlashFXP -> [Folder | Created Date = 6/18/2008 9:23:31 PM | Attr = ] McAfee -> %ProgramFiles%\McAfee -> [Folder | Created Date = 6/25/2008 6:07:25 PM | Attr = ] McAfee.com -> %ProgramFiles%\McAfee.com -> [Folder | Created Date = 6/25/2008 6:07:48 PM | Attr = ] Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight -> [Folder | Created Date = 6/24/2008 11:55:03 PM | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 6/24/2008 9:28:53 PM | Attr = ] SiteAdvisor -> %ProgramFiles%\SiteAdvisor -> [Folder | Created Date = 6/25/2008 6:13:50 PM | Attr = ] SpywareBlaster -> %ProgramFiles%\SpywareBlaster -> [Folder | Created Date = 7/11/2008 11:58:37 PM | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 7/6/2008 1:44:48 PM | Attr = ] SystemRequirementsLab -> %ProgramFiles%\SystemRequirementsLab -> [Folder | Created Date = 6/29/2008 8:50:40 PM | Attr = ] TGTSoft -> %ProgramFiles%\TGTSoft -> [Folder | Created Date = 7/6/2008 6:19:26 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 7/8/2008 11:09:47 PM | Attr = ] Xingtone -> %ProgramFiles%\Xingtone -> [Folder | Created Date = 7/10/2008 5:21:22 PM | Attr = ] XviD -> %ProgramFiles%\XviD -> [Folder | Created Date = 7/4/2008 12:44:32 PM | Attr = ] [Files/Folders - Modified Within 90 days] AUTOEXEC.BAT -> %SystemDrive%\AUTOEXEC.BAT -> [Ver = | Size = 95 bytes | Modified Date = 6/28/2008 7:58:17 PM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 338 bytes | Modified Date = 7/9/2008 5:06:55 PM | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 7/9/2008 5:06:55 PM | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 7/12/2008 1:53:00 PM | Attr = ] drmHeader.bin -> %SystemDrive%\drmHeader.bin -> [Ver = | Size = 3532 bytes | Modified Date = 7/4/2008 2:05:37 PM | Attr = ] Logs -> %SystemDrive%\Logs -> [Folder | Modified Date = 5/12/2008 2:27:52 PM | Attr = ] NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Modified Date = 6/29/2008 8:53:36 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 7/11/2008 11:58:37 PM | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 7/12/2008 2:26:40 PM | Attr = ] QUARANTINE -> %SystemDrive%\QUARANTINE -> [Folder | Modified Date = 6/24/2008 8:28:00 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 7/12/2008 8:25:51 PM | Attr = HS] TEST.XML -> %SystemDrive%\TEST.XML -> [Ver = | Size = 45 bytes | Modified Date = 7/12/2008 2:08:16 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 7/13/2008 10:13:03 AM | Attr = ] quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 5/7/2008 12:18:48 AM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 7/12/2008 2:06:46 PM | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 7/12/2008 2:06:46 PM | Attr = ] hosts.ics -> %SystemRoot%\System32\drivers\etc\hosts.ics -> [Ver = | Size = 436 bytes | Modified Date = 7/12/2008 2:13:57 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 6/19/2008 5:47:58 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 6/19/2008 5:48:04 PM | Attr = ] apexconverter.exe.stackdump -> %SystemRoot%\System32\apexconverter.exe.stackdump -> [Ver = | Size = 1017 bytes | Modified Date = 7/4/2008 1:15:42 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 6/25/2008 5:18:01 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 7/12/2008 2:24:37 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 7/12/2008 2:03:26 PM | Attr = ] Config.MPF -> %SystemRoot%\System32\Config.MPF -> [Ver = | Size = 14691 bytes | Modified Date = 7/12/2008 2:13:35 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 7/9/2008 7:15:48 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 7/12/2008 2:28:45 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 1414016 bytes | Modified Date = 6/28/2008 8:15:22 PM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 6/24/2008 6:52:21 PM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 7/8/2008 10:53:32 PM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 88224 bytes | Modified Date = 7/12/2008 2:07:34 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 65044 bytes | Modified Date = 7/5/2008 9:30:59 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 410574 bytes | Modified Date = 7/5/2008 9:30:59 PM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 484100 bytes | Modified Date = 7/5/2008 9:30:58 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 5/7/2008 12:18:48 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 7/5/2008 9:13:41 PM | Attr = ] RMBin -> %SystemRoot%\System32\RMBin -> [Folder | Modified Date = 7/4/2008 12:42:50 PM | Attr = ] vfw_32.reg -> %SystemRoot%\System32\vfw_32.reg -> [Ver = | Size = 28 bytes | Modified Date = 7/10/2008 6:30:00 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13736 bytes | Modified Date = 7/12/2008 2:06:30 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 7/8/2008 5:05:44 PM | Attr = H ] avisplitter.INI -> %SystemRoot%\avisplitter.INI -> [Ver = | Size = 38 bytes | Modified Date = 7/4/2008 2:02:08 PM | Attr = ] BMeb586c94.xml -> %SystemRoot%\BMeb586c94.xml -> [Ver = | Size = 110339 bytes | Modified Date = 7/11/2008 10:51:08 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/12/2008 2:06:17 PM | Attr = S] dallas.jpg -> %SystemRoot%\dallas.jpg -> [Ver = | Size = 177924 bytes | Modified Date = 7/6/2008 5:31:52 PM | Attr = ] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 6/10/2008 1:56:27 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 7/12/2008 10:50:20 AM | Attr = S] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 7/12/2008 2:02:43 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 7/11/2008 6:08:12 PM | Attr = R S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 6/29/2008 9:01:10 PM | Attr = ] icons -> %SystemRoot%\icons -> [Folder | Modified Date = 7/6/2008 6:27:52 PM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 7/13/2008 10:13:15 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 7/13/2008 3:01:31 AM | Attr = HS] LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 7/13/2008 10:13:03 AM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 7/11/2008 9:35:41 PM | Attr = ] nview -> %SystemRoot%\nview -> [Folder | Modified Date = 6/29/2008 9:01:10 PM | Attr = ] popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 30 bytes | Modified Date = 4/24/2008 5:58:47 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 7/13/2008 11:42:16 AM | Attr = ] randseed.rnd -> %SystemRoot%\randseed.rnd -> [Ver = | Size = 512 bytes | Modified Date = 6/24/2008 5:15:21 PM | Attr = ] Resources -> %SystemRoot%\Resources -> [Folder | Modified Date = 7/6/2008 6:20:03 PM | Attr = ] security -> %SystemRoot%\security -> [Folder | Modified Date = 6/24/2008 10:58:34 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 6/24/2008 10:22:27 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 201 bytes | Modified Date = 7/12/2008 2:07:33 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 7/12/2008 2:28:48 PM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 7/8/2008 11:20:59 PM | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 7/13/2008 10:28:58 AM | Attr = ] valhal99.fnt -> %SystemRoot%\valhal99.fnt -> [Ver = | Size = 15612 bytes | Modified Date = 7/10/2008 6:30:02 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 6/28/2008 7:59:47 PM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 7/12/2008 10:53:03 PM | Attr = ] McDefragTask.job -> %SystemRoot%\tasks\McDefragTask.job -> [Ver = | Size = 342 bytes | Modified Date = 6/25/2008 6:08:16 PM | Attr = ] McQcTask.job -> %SystemRoot%\tasks\McQcTask.job -> [Ver = | Size = 334 bytes | Modified Date = 7/1/2008 1:00:18 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 7/12/2008 2:06:24 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 11/29/2005 5:24:37 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6764 bytes | Modified Date = 7/12/2008 2:14:02 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6764 bytes | Modified Date = 7/12/2008 2:14:03 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 6/28/2007 9:37:48 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat -> [Ver = | Size = 1372 bytes | Modified Date = 6/28/2007 9:37:48 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 11732 bytes | Modified Date = 1/23/2006 4:49:46 PM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 6/2/2007 2:00:03 AM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 7/13/2008 10:28:58 AM | Attr = ] 0267971215961996mcinst.exe -> C:\WINDOWS\Temp\0267971215961996mcinst.exe -> McAfee, Inc. [Ver = 3,0,121,0 | Size = 309096 bytes | Modified Date = 2/23/2008 2:50:32 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 7/12/2008 12:18:01 AM | Attr = ] avg7 -> %AllUsersProfile%\Application Data\avg7 -> [Folder | Modified Date = 6/25/2008 12:41:07 AM | Attr = ] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Modified Date = 6/25/2008 12:41:07 AM | Attr = ] FLEXnet -> %AllUsersProfile%\Application Data\FLEXnet -> [Folder | Modified Date = 6/24/2008 6:52:56 PM | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 6/24/2008 10:21:37 PM | Attr = ] LauncherAccess.dt -> %AllUsersProfile%\Application Data\LauncherAccess.dt -> [Ver = | Size = 0 bytes | Modified Date = 7/11/2008 12:49:15 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 6/25/2008 4:07:40 PM | Attr = ] McAfee -> %AllUsersProfile%\Application Data\McAfee -> [Folder | Modified Date = 6/25/2008 6:23:24 PM | Attr = ] MSN6 -> %AllUsersProfile%\Application Data\MSN6 -> [Folder | Modified Date = 6/8/2008 5:21:44 PM | Attr = ] Pinnacle -> %AllUsersProfile%\Application Data\Pinnacle -> [Folder | Modified Date = 6/28/2008 8:08:08 PM | Attr = ] Pinnacle Studio -> %AllUsersProfile%\Application Data\Pinnacle Studio -> [Folder | Modified Date = 6/28/2008 7:48:51 PM | Attr = ] SiteAdvisor -> %AllUsersProfile%\Application Data\SiteAdvisor -> [Folder | Modified Date = 6/25/2008 6:14:12 PM | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Application Data\SUPERAntiSpyware.com -> [Folder | Modified Date = 7/6/2008 1:45:06 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 7/12/2008 12:08:00 AM | Attr = ] @Alternate Data Stream - 111 bytes -> %AllUsersProfile%\Application Data\TEMP:44DAF2F1 @Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34 @Alternate Data Stream - 122 bytes -> %AllUsersProfile%\Application Data\TEMP:A2947BEA @Alternate Data Stream - 126 bytes -> %AllUsersProfile%\Application Data\TEMP:CB0AACC9 @Alternate Data Stream - 103 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 7/12/2008 12:18:01 AM | Attr = ] FileSubmit -> %AppData%\FileSubmit -> [Folder | Modified Date = 7/6/2008 6:54:03 PM | Attr = ] iPod Copy Expert -> %AppData%\iPod Copy Expert -> [Folder | Modified Date = 5/12/2008 3:48:43 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 6/25/2008 4:16:21 PM | Attr = ] McAfee -> %AppData%\McAfee -> [Folder | Modified Date = 6/25/2008 6:23:41 PM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 7/9/2008 4:48:00 PM | Attr = S] MSN6 -> %AppData%\MSN6 -> [Folder | Modified Date = 7/6/2008 8:19:01 PM | Attr = ] SiteAdvisor -> %AppData%\SiteAdvisor -> [Folder | Modified Date = 7/8/2008 8:56:52 PM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Modified Date = 6/24/2008 8:16:36 PM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 6/24/2008 10:30:45 PM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 7/12/2008 2:07:40 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 25600 bytes | Modified Date = 7/11/2008 9:35:40 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 489368 bytes | Modified Date = 6/28/2008 8:24:10 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 14994208 bytes | Modified Date = 7/12/2008 12:20:15 PM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 7/6/2008 8:10:10 PM | Attr = ] desktop.ini -> %AllUsersProfile%\Documents\desktop.ini -> [Ver = | Size = 135 bytes | Modified Date = 6/8/2008 12:48:40 AM | Attr = HS] My Projects -> %AllUsersProfile%\Documents\My Projects -> [Folder | Modified Date = 6/28/2008 8:00:20 PM | Attr = ] My Videos -> %AllUsersProfile%\Documents\My Videos -> [Folder | Modified Date = 6/28/2008 8:00:12 PM | Attr = R ] PCLECHAL.INI -> %AllUsersProfile%\Documents\PCLECHAL.INI -> [Ver = | Size = 349 bytes | Modified Date = 7/11/2008 9:35:24 PM | Attr = ] Pinnacle -> %AllUsersProfile%\Documents\Pinnacle -> [Folder | Modified Date = 6/28/2008 8:08:16 PM | Attr = ] Pinnacle Studio -> %AllUsersProfile%\Documents\Pinnacle Studio -> [Folder | Modified Date = 6/28/2008 7:48:51 PM | Attr = ] apex-free-3gp-converter.exe -> %UserProfile%\My Documents\apex-free-3gp-converter.exe -> Apex Corporation [Ver = 6.33 | Size = 14835728 bytes | Modified Date = 7/4/2008 12:42:08 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\apex-free-3gp-converter.exe:Zone.Identifier codes.doc -> %UserProfile%\My Documents\codes.doc -> [Ver = | Size = 38912 bytes | Modified Date = 7/8/2008 8:43:49 PM | Attr = ] corphome_13910_en-us_12m_r1.exe -> %UserProfile%\My Documents\corphome_13910_en-us_12m_r1.exe -> [Ver = | Size = 37694488 bytes | Modified Date = 6/25/2008 5:49:32 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\corphome_13910_en-us_12m_r1.exe:Zone.Identifier Dallas_skyline_night.jpg -> %UserProfile%\My Documents\Dallas_skyline_night.jpg -> [Ver = | Size = 54659 bytes | Modified Date = 6/11/2008 7:46:35 PM | Attr = ] DivX Converter.lnk -> %UserProfile%\My Documents\DivX Converter.lnk -> [Ver = | Size = 806 bytes | Modified Date = 5/1/2008 5:02:28 PM | Attr = ] DivX Movies.lnk -> %UserProfile%\My Documents\DivX Movies.lnk -> [Ver = | Size = 1476 bytes | Modified Date = 5/1/2008 5:01:58 PM | Attr = ] DivX Player.lnk -> %UserProfile%\My Documents\DivX Player.lnk -> [Ver = | Size = 795 bytes | Modified Date = 5/1/2008 5:02:50 PM | Attr = ] dlhb.pdf -> %UserProfile%\My Documents\dlhb.pdf -> [Ver = | Size = 3838366 bytes | Modified Date = 5/27/2008 7:46:39 PM | Attr = ] dt -> %UserProfile%\My Documents\dt -> [Folder | Modified Date = 6/22/2008 10:31:11 PM | Attr = ] Instant DVD Recorder.lnk -> %UserProfile%\My Documents\Instant DVD Recorder.lnk -> [Ver = | Size = 531 bytes | Modified Date = 6/28/2008 8:05:09 PM | Attr = ] JAMES MYSPACE.doc -> %UserProfile%\My Documents\JAMES MYSPACE.doc -> [Ver = | Size = 1481216 bytes | Modified Date = 7/1/2008 11:24:24 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %UserProfile%\My Documents\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 559 bytes | Modified Date = 6/25/2008 4:15:55 PM | Attr = ] mbam-setup.exe -> %UserProfile%\My Documents\mbam-setup.exe -> Malwarebytes [Ver = 1.0.0.0 | Size = 1665344 bytes | Modified Date = 6/25/2008 3:39:42 PM | Attr = ] McAfee EasyNetwork.lnk -> %UserProfile%\My Documents\McAfee EasyNetwork.lnk -> [Ver = | Size = 666 bytes | Modified Date = 6/25/2008 6:14:43 PM | Attr = ] McAfee Security Center.lnk -> %UserProfile%\My Documents\McAfee Security Center.lnk -> [Ver = | Size = 671 bytes | Modified Date = 6/25/2008 6:14:42 PM | Attr = ] msvbvm60.zip -> %UserProfile%\My Documents\msvbvm60.zip -> [Ver = | Size = 694679 bytes | Modified Date = 6/25/2008 4:09:46 PM | Attr = ] My Art -> %UserProfile%\My Documents\My Art -> [Folder | Modified Date = 4/29/2008 8:33:23 PM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 7/6/2008 5:31:52 PM | Attr = R ] My Projects -> %UserProfile%\My Documents\My Projects -> [Folder | Modified Date = 6/28/2008 8:00:20 PM | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 6/28/2008 8:00:21 PM | Attr = R ] PB190017.JPG -> %UserProfile%\My Documents\PB190017.JPG -> [Ver = | Size = 84440 bytes | Modified Date = 4/27/2008 12:05:47 PM | Attr = ] Pinnacle Studio -> %UserProfile%\My Documents\Pinnacle Studio -> [Folder | Modified Date = 6/28/2008 8:27:41 PM | Attr = ] Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 13824 bytes | Modified Date = 7/6/2008 5:15:45 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable Updater5 -> %UserProfile%\My Documents\Updater5 -> [Folder | Modified Date = 6/24/2008 6:58:51 PM | Attr = ] Wavepad Master Edition + Serial -> %UserProfile%\My Documents\Wavepad Master Edition + Serial -> [Folder | Modified Date = 7/10/2008 7:05:42 PM | Attr = ] Xbins -> %UserProfile%\My Documents\Xbins -> [Folder | Modified Date = 6/18/2008 9:53:15 PM | Attr = ] Express Burn.lnk -> %AllUsersProfile%\Desktop\Express Burn.lnk -> [Ver = | Size = 826 bytes | Modified Date = 7/10/2008 7:09:39 PM | Attr = ] Express Rip.lnk -> %AllUsersProfile%\Desktop\Express Rip.lnk -> [Ver = | Size = 814 bytes | Modified Date = 7/10/2008 7:09:43 PM | Attr = ] FileSubmit Downloads.lnk -> %AllUsersProfile%\Desktop\FileSubmit Downloads.lnk -> [Ver = | Size = 525 bytes | Modified Date = 7/6/2008 6:50:57 PM | Attr = ] iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [Ver = | Size = 2137 bytes | Modified Date = 7/3/2008 8:44:36 PM | Attr = ] Studio.lnk -> %AllUsersProfile%\Desktop\Studio.lnk -> [Ver = | Size = 743 bytes | Modified Date = 6/28/2008 8:09:29 PM | Attr = ] Switch.lnk -> %AllUsersProfile%\Desktop\Switch.lnk -> [Ver = | Size = 760 bytes | Modified Date = 7/10/2008 7:09:52 PM | Attr = ] WavePad.lnk -> %AllUsersProfile%\Desktop\WavePad.lnk -> [Ver = | Size = 742 bytes | Modified Date = 7/10/2008 7:09:00 PM | Attr = ] Apex Free 3GP Video Converter.lnk -> %UserProfile%\Desktop\Apex Free 3GP Video Converter.lnk -> [Ver = | Size = 877 bytes | Modified Date = 7/4/2008 12:43:08 PM | Attr = ] avz4 -> %UserProfile%\Desktop\avz4 -> [Folder | Modified Date = 7/12/2008 10:10:46 AM | Attr = ] avz4.zip -> %UserProfile%\Desktop\avz4.zip -> [Ver = | Size = 3639856 bytes | Modified Date = 7/12/2008 10:04:10 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\avz4.zip:Zone.Identifier cell phne ringtones -> %UserProfile%\Desktop\cell phne ringtones -> [Folder | Modified Date = 7/11/2008 12:32:47 AM | Attr = ] fix computer -> %UserProfile%\Desktop\fix computer -> [Folder | Modified Date = 7/12/2008 1:49:36 PM | Attr = ] FlashFXP.lnk -> %UserProfile%\Desktop\FlashFXP.lnk -> [Ver = | Size = 682 bytes | Modified Date = 6/18/2008 9:23:32 PM | Attr = ] jadmaker -> %UserProfile%\Desktop\jadmaker -> [Folder | Modified Date = 7/10/2008 7:08:09 PM | Attr = ] layout backgrounds.doc -> %UserProfile%\Desktop\layout backgrounds.doc -> [Ver = | Size = 29696 bytes | Modified Date = 6/24/2008 12:05:56 AM | Attr = ] Movies -> %UserProfile%\Desktop\Movies -> [Folder | Modified Date = 7/4/2008 3:37:34 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 7/13/2008 11:42:36 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 7/13/2008 11:41:17 AM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier samsung videos -> %UserProfile%\Desktop\samsung videos -> [Folder | Modified Date = 7/4/2008 3:37:39 PM | Attr = ] Shortcut to ComboFix.exe.lnk -> %UserProfile%\Desktop\Shortcut to ComboFix.exe.lnk -> [Ver = | Size = 529 bytes | Modified Date = 7/12/2008 1:53:14 PM | Attr = ] Shortcut to xmplay.lnk -> %UserProfile%\Desktop\Shortcut to xmplay.lnk -> [Ver = | Size = 535 bytes | Modified Date = 7/4/2008 1:44:59 AM | Attr = ] Silent Runners.vbs -> %UserProfile%\Desktop\Silent Runners.vbs -> [Ver = | Size = 399648 bytes | Modified Date = 7/12/2008 8:14:28 PM | Attr = ] SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Modified Date = 7/11/2008 11:58:40 PM | Attr = ] system -> %UserProfile%\Desktop\system -> [Folder | Modified Date = 7/6/2008 5:02:58 PM | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 281600 bytes | Modified Date = 7/3/2008 11:17:41 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable werewolf&kevon.jpg -> %UserProfile%\Desktop\werewolf&kevon.jpg -> [Ver = | Size = 293738 bytes | Modified Date = 7/4/2008 1:23:35 AM | Attr = ] XMPlay -> %UserProfile%\Desktop\XMPlay -> [Folder | Modified Date = 7/5/2008 8:03:58 PM | Attr = ] Adobe -> %CommonProgramFiles%\Adobe -> [Folder | Modified Date = 6/24/2008 6:37:21 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 7/6/2008 12:48:25 AM | Attr = ] McAfee -> %CommonProgramFiles%\McAfee -> [Folder | Modified Date = 6/25/2008 6:08:52 PM | Attr = ] < End of report > [/code]