[code] OTScanIt logfile created on: 18-07-2008 17:17:49 OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Thiago\Ambiente de trabalho\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy 1022,98 Mb Total Physical Memory | 610,58 Mb Available Physical Memory | 59,69% Memory free 2,41 Gb Paging File | 1,99 Gb Available in Paging File | 82,68% Paging File free Paging file location(s): D:\pagefile.sys 0 0; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programas Drive C: | 8,00 Gb Total Space | 0,20 Gb Free Space | 2,53% Space Free | Partition Type: FAT32 Drive D: | 29,30 Gb Total Space | 4,14 Gb Free Space | 14,12% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 4,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 465,75 Gb Total Space | 262,95 Gb Free Space | 56,46% Space Free | Partition Type: NTFS Computer Name: BLASTED Current User Name: Thiago Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ati2evxx.exe -> %SystemRoot%\system32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 512000 bytes | Modified Date = 21-12-2007 2:57:28 | Attr = ] ati2evxx.exe -> %SystemRoot%\system32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 512000 bytes | Modified Date = 21-12-2007 2:57:28 | Attr = ] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 19-03-2008 17:08:58 | Attr = ] googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 04-04-2008 10:58:06 | Attr = ] slserv.exe -> %SystemRoot%\system32\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 10-04-2003 11:53:16 | Attr = ] otscanit.exe -> %UserProfile%\Ambiente de trabalho\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12-07-2008 9:29:54 | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,7 | Size = 607576 bytes | Modified Date = 19-03-2008 17:08:58 | Attr = ] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [Ver = 2.41.000 | Size = 68096 bytes | Modified Date = 25-03-2008 22:23:34 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4188 | Size = 512000 bytes | Modified Date = 21-12-2007 2:57:28 | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0027 | Size = 593920 bytes | Modified Date = 20-12-2007 21:05:00 | Attr = ] (AVP) Kaspersky Anti-Virus 7.0 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 18-12-2007 0:43:32 | Attr = ] (dmadmin) Serviço administrativo de gestão de discos lógicos [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., VERITAS Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 04-08-2004 0:57:00 | Attr = ] (gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 04-04-2008 10:58:06 | Attr = ] (SLService) SmartLinkService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\slserv.exe -> [Ver = 2.80.00(24Apr2000) | Size = 45056 bytes | Modified Date = 10-04-2003 11:53:16 | Attr = ] (TuneUp.Defrag) TuneUp Drive Defrag Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.16 | Size = 355584 bytes | Modified Date = 02-07-2008 17:40:06 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVP -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe ["C:\Programas\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"] -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 227856 bytes | Modified Date = 18-12-2007 0:43:32 | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Iniciar\Programas\Arranque -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque -> < Thiago Startup Folder > -> C:\Documents and Settings\Thiago\Menu Iniciar\Programas\Arranque -> < Administrador Startup Folder > -> C:\Documents and Settings\Administrador\Menu Iniciar\Programas\Arranque -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1035264 bytes | Modified Date = 13-06-2007 13:22:26 | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25088 bytes | Modified Date = 04-08-2004 0:57:26 | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 515584 bytes | Modified Date = 04-08-2004 0:57:10 | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8501248 bytes | Modified Date = 25-10-2007 16:43:28 | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 303104 bytes | Modified Date = 04-08-2004 0:57:30 | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004] > -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> %SystemRoot%\system32\Ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4176 | Size = 122880 bytes | Modified Date = 21-12-2007 2:58:56 | Attr = ] klogon -> %SystemRoot%\system32\klogon.dll -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 219664 bytes | Modified Date = 18-12-2007 0:44:54 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRemoteRecursiveEvents -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStrCmpLogical -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\NoInternetOpenWith -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousMachineGroupPolicy -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousUserGroupPolicy -> 0 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInternetOpenWith -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\MaxRecentDocs -> 11 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTip -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\MemCheckBoxInRunDlg -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAutoTrayNotify -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartBanner -> 01 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWelcomeScreen -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSharedDocuments -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004] > -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\\NoChangingWallPaper -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInternetOpenWith -> 1 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\MaxRecentDocs -> 11 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSMBalloonTip -> 1 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSaveSettings -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> 1 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\CDRAutoRun -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 149 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks -> 1 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\MemCheckBoxInRunDlg -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoClose -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoAutoTrayNotify -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveTrack -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoResolveSearch -> 1 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\LinkResolveIgnoreLinkInfo -> 1 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoStartBanner -> 01 00 00 00 [binary data] -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoWelcomeScreen -> 1 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsNetHood -> 1 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktopCleanupWizard -> 1 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSharedDocuments -> 1 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoThemesTab -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispAppearancePage -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoColorChoice -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispBackgroundPage -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispCPL -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispSettingsPage -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoDispScrSavPage -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoVisualStyleChoice -> 0 -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\NoSizeChoice -> 0 -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Controlador de CD-ROM -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 03-08-2004 22:59:54 | Attr = ] *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSAMSUNG_CDRW/DVD_SN-324F________________U204____\5&2a1b8e8c&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 03-02-2008 15:01:16 | Attr = ] autorun [] -> J:\autorun [ NTFS ] -> [Folder | Modified Date = 10-03-2008 15:37:52 | Attr = H ] < HOSTS File > (227841 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/is&api/redir.dll?prd=iear=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Barra de Ferramentas do Yahoo! com bloqueador de pop-up] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\] > -> -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\: Main\\Search Page -> http://www.microsoft.com/is&api/redir.dll?prd=iear=iesearch -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\: Main\\Start Page -> -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Barra de Ferramentas do Yahoo! com bloqueador de pop-up] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ] HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4243 domain(s) found. -> 33 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4242 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4242 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4242 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4242 domain(s) found. -> 32 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ] {22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1377576 bytes | Modified Date = 07-12-2007 15:08:02 | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28-01-2008 11:43:28 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22-02-2008 4:25:20 | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 04-04-2008 10:58:08 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Barra de Ferramentas do Yahoo! com bloqueador de pop-up] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 26-10-2006 10:28:40 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22-02-2008 4:25:20 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22-02-2008 4:25:20 | Attr = ] {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}:BandCLSID -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll [Web Anti-Virus statistics] -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 223760 bytes | Modified Date = 18-12-2007 0:45:00 | Attr = ] {77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype] -> Skype Technologies S.A. [Ver = 2, 2, 0, 147 | Size = 1377576 bytes | Modified Date = 07-12-2007 15:08:02 | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\SPYBOT~1\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 28-01-2008 11:43:28 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\] > -> HKEY_USERS\S-1-5-21-606747145-1078081533-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> MathPlayer 2.10b -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {094CC478-F540-4500-B1EC-065FC96317B0} -> (Linksys Wireless-G Notebook Adapter WPC54GS Ver.1) -> {55737A8E-ED09-4F53-B108-79875FD93319} -> (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) -> {FCF6C046-463E-4DC5-9320-20F115CCECFC} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 07-12-2007 15:08:02 | Attr = R ] < Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> application/xhtml+xml:{32F66A26-7614-11D4-BD11-00104BD3F987}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Design Science\MathPlayer\MathMLMimer.dll[MathPlayer Mime Filter Class] -> Design Science, Inc. [Ver = 2007.05.09.00 | Size = 133584 bytes | Modified Date = 09-05-2007 9:41:32 | Attr = ] application/xhtml+xml; charset=iso-8859-1:{32F66A26-7614-11D4-BD11-00104BD3F987}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Design Science\MathPlayer\MathMLMimer.dll[MathPlayer Mime Filter Class] -> Design Science, Inc. [Ver = 2007.05.09.00 | Size = 133584 bytes | Modified Date = 09-05-2007 9:41:32 | Attr = ] application/xhtml+xml; charset=utf-8:{32F66A26-7614-11D4-BD11-00104BD3F987}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Design Science\MathPlayer\MathMLMimer.dll[MathPlayer Mime Filter Class] -> Design Science, Inc. [Ver = 2007.05.09.00 | Size = 133584 bytes | Modified Date = 09-05-2007 9:41:32 | Attr = ] text/xml; charset=iso-8859-1:{32F66A26-7614-11D4-BD11-00104BD3F987}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Design Science\MathPlayer\MathMLMimer.dll[MathPlayer Mime Filter Class] -> Design Science, Inc. [Ver = 2007.05.09.00 | Size = 133584 bytes | Modified Date = 09-05-2007 9:41:32 | Attr = ] text/xml; charset=utf-8:{32F66A26-7614-11D4-BD11-00104BD3F987}[HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Design Science\MathPlayer\MathMLMimer.dll[MathPlayer Mime Filter Class] -> Design Science, Inc. [Ver = 2007.05.09.00 | Size = 133584 bytes | Modified Date = 09-05-2007 9:41:32 | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0DB074F0-617E-4EE9-912C-2965CF2AA5A4}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab[SentinelVE3D Class] -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}[HKEY_LOCAL_MACHINE] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab[Reg Error: Key does not exist or could not be opened.] -> {5ED80217-570B-4DA9-BF44-BE107C0EC166}[HKEY_LOCAL_MACHINE] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab[Windows Live Safety Center Base Module] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1202053288859[WUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04-08-2004 0:56:36 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp.050614-1527) | Size = 297984 bytes | Modified Date = 20-02-2007 1:06:12 | Attr = ] msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04-08-2004 0:56:36 | Attr = ] schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25-04-2007 14:22:28 | Attr = ] wdigest -> %SystemRoot%\System32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24-03-2006 4:37:56 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1092 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 184320 bytes | Modified Date = 04-08-2004 0:56:42 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119296 bytes | Modified Date = 04-08-2004 0:56:40 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 68 BE 1A CA 85 65 9E 9E 9E 1E 70 AC 4A 8D CC CA 36 66 30 30 63 61 61 66 00 FD 07 00 5A 2F 00 00 34 FA 07 00 76 92 48 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 C2 F5 CA 96 A2 29 00 6D 88 71 67 6F [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> B2 CA 5F B2 F2 2C 4D 80 2D [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 75 82 76 5D 85 AF [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\System32\IISSUBA.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 20-11-2001 12:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 6E CE D5 04 68 EB 98 E4 47 17 42 FD D0 8F D2 14 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 88 07 55 05 7F E5 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 6C 31 DD BD 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 B8 31 80 B5 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 7A 58 E4 BD 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Fornece conversão de endereços de rede, endereçamento, resolução de nomes e/ou serviços de prevenção de intrusões para uma rede de pequeno escritório ou doméstica. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Firewall do Windows/Partilha de ligação à Internet (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04-08-2004 0:57:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 1755 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 332288 bytes | Modified Date = 04-08-2004 0:56:30 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 04-08-2004 0:57:22 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Programas\Windows Live\Messenger\MSNMSGR.EXE -> %ProgramFiles%\Windows Live\Messenger\MSNMSGR.EXE [C:\Programas\Windows Live\Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18-10-2007 11:34:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Programas\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02-10-2007 17:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 142336 bytes | Modified Date = 04-08-2004 0:57:22 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programas\uTorrent\utorrent.exe -> %ProgramFiles%\uTorrent\utorrent.exe [C:\Programas\uTorrent\utorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 177152 bytes | Modified Date = 03-02-2008 18:30:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programas\eMule\emule.exe -> %ProgramFiles%\eMule\emule.exe [C:\Programas\eMule\emule.exe:*:Enabled:eMule] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programas\mIRC\mirc.exe -> %ProgramFiles%\mIRC\mirc.exe [C:\Programas\mIRC\mirc.exe:*:Enabled:mIRC] -> mIRC Co. Ltd. [Ver = 6.31 | Size = 2756096 bytes | Modified Date = 01-11-2007 19:57:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programas\SopCast\SopCast.exe -> %ProgramFiles%\SopCast\SopCast.exe [C:\Programas\SopCast\SopCast.exe:*:Enabled:SopCast Main Application] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programas\SopCast\adv\SopAdver.exe -> %ProgramFiles%\SopCast\adv\SopAdver.exe [C:\Programas\SopCast\adv\SopAdver.exe:*:Disabled:SopCast Adver] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programas\Metin2_Portugal\metin2.bin -> %ProgramFiles%\Metin2_Portugal\metin2.bin [C:\Programas\Metin2_Portugal\metin2.bin:*:Enabled:metin2] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programas\DreMule\emule.exe -> %ProgramFiles%\DreMule\emule.exe [C:\Programas\DreMule\emule.exe:*:Enabled:Dreamule] -> http://www.dreamule.org [Ver = 0.48.0 Unicode | Size = 6992896 bytes | Modified Date = 17-02-2008 20:17:48 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programas\Mozilla Firefox\firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Programas\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 18-07-2008 17:05:18 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programas\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Programas\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16674 (vista_gdr.080415-1732) | Size = 625664 bytes | Modified Date = 22-04-2008 8:43:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe -> %AllUsersProfile%\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe [C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.321\English\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup] -> Kaspersky Lab [Ver = 7.0.1.321 | Size = 72264 bytes | Modified Date = 20-12-2007 19:23:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programas\Windows Live\Messenger\MSNMSGR.EXE -> %ProgramFiles%\Windows Live\Messenger\MSNMSGR.EXE [C:\Programas\Windows Live\Messenger\MSNMSGR.EXE:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 18-10-2007 11:34:46 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programas\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Programas\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 02-10-2007 17:18:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16800:TCP -> 16800:TCP:*:Enabled:16800 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16800:UDP -> 16800:UDP:*:Enabled:16800 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04-08-2004 0:57:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Actualizações automáticas -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Permite a transferência e instalação de actualizações do Windows. Se este serviço estiver desactivado, este computador não conseguirá utilizar a funcionalidade de actualizações automáticas nem o website Windows Update. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04-08-2004 0:56:50 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Permite que os utilizadores remotos modifiquem definições de registo neste computador. Se este serviço for parado, o registo só poderá ser modificado pelos utilizadores deste computador. Se este serviço for desactivado, a inicialização dos serviços dependentes dele explicitamente falhará -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\System32\RPCSS.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp.050725-1531) | Size = 398336 bytes | Modified Date = 20-02-2007 1:07:56 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Registo remoto -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04-08-2004 0:57:24 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 04-08-2004 0:56:42 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 74240 bytes | Modified Date = 04-08-2004 0:57:26 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\System32\RPCSS.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp.050725-1531) | Size = 398336 bytes | Modified Date = 20-02-2007 1:07:56 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Permite que um utilizador remoto inicie sessão neste computador e execute programas, e suporte diversos clientes de Telnet de TCP/IP, incluindo computadores baseados em UNIX e baseados no Windows. Se parar este serviço for, o acesso de utilizador remoto a programas pode estar indisponível. Se este serviço estiver desactivado, não será possível iniciar quaisquer serviços que dependem dele explicitamente. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = A minha home page actual -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> [Files/Folders - Created Within 90 days] Lyrics -> %SystemDrive%\Lyrics -> [Folder | Created Date = 14-07-2008 0:25:18 | Attr = ] FOUND.002 -> %SystemDrive%\FOUND.002 -> [Folder | Created Date = 17-07-2008 16:04:50 | Attr = HS] Program Files -> %SystemDrive%\Program Files -> [Folder | Created Date = 17-07-2008 20:15:17 | Attr = ] FOUND.001 -> %SystemDrive%\FOUND.001 -> [Folder | Created Date = 12-05-2008 17:09:42 | Attr = HS] StMp3Rec.sys -> %SystemRoot%\System32\drivers\StMp3Rec.sys -> Creative Technology Ltd. [Ver = 1.655.0.250 | Size = 65702 bytes | Created Date = 24-05-2008 1:03:56 | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 13-07-2008 14:07:34 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 13-07-2008 14:07:35 | Attr = ] NALJ8YSL.exe -> %SystemRoot%\System32\NALJ8YSL.exe -> [Ver = | Size = 35842 bytes | Created Date = 18-07-2008 8:12:38 | Attr = ] NALJ8YSL.exe_ -> %SystemRoot%\System32\NALJ8YSL.exe_ -> [Ver = | Size = 35842 bytes | Created Date = 18-07-2008 8:12:38 | Attr = ] NALJ8YSL.exe.a_a -> %SystemRoot%\System32\NALJ8YSL.exe.a_a -> [Ver = | Size = 0 bytes | Created Date = 11-07-2008 20:14:40 | Attr = ] avisynth.dll -> %SystemRoot%\System32\avisynth.dll -> The Public [Ver = 2, 5, 8, 0 | Size = 318976 bytes | Created Date = 21-06-2008 11:34:10 | Attr = ] x.264.exe -> %SystemRoot%\System32\x.264.exe -> [Ver = | Size = 240128 bytes | Created Date = 21-06-2008 11:34:09 | Attr = ] devil.dll -> %SystemRoot%\System32\devil.dll -> Abysmal Software [Ver = 1.6.6 | Size = 719872 bytes | Created Date = 21-06-2008 11:34:10 | Attr = ] RLTheoraDec.ax -> %SystemRoot%\System32\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Created Date = 21-06-2008 10:29:45 | Attr = RHS] pdfcmnnt.dll -> %SystemRoot%\System32\pdfcmnnt.dll -> internet-support foehr.com [Ver = Release 1.8.0.10 | Size = 196608 bytes | Created Date = 26-06-2008 0:57:03 | Attr = ] Smab.dll -> %SystemRoot%\System32\Smab.dll -> [Ver = | Size = 408576 bytes | Created Date = 21-06-2008 11:34:10 | Attr = ] RLVorbisDec.ax -> %SystemRoot%\System32\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Created Date = 21-06-2008 10:29:45 | Attr = RHS] AVSredirect.dll -> %SystemRoot%\System32\AVSredirect.dll -> [Ver = | Size = 27648 bytes | Created Date = 21-06-2008 11:34:09 | Attr = ] uxtuneup.dll -> %SystemRoot%\System32\uxtuneup.dll -> TuneUp Software GmbH [Ver = 2.0.0.12 | Size = 28416 bytes | Created Date = 02-07-2008 17:40:05 | Attr = ] CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Created Date = 13-07-2008 0:32:01 | Attr = ] 80jkOGAF.exe -> %SystemRoot%\System32\80jkOGAF.exe -> [Ver = | Size = 29760 bytes | Created Date = 14-07-2008 16:45:56 | Attr = ] TuneUpDefragService.exe -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.16 | Size = 355584 bytes | Created Date = 02-07-2008 17:40:04 | Attr = ] fj3Q1f6S.exe.a_a -> %SystemRoot%\System32\fj3Q1f6S.exe.a_a -> [Ver = | Size = 0 bytes | Created Date = 09-07-2008 19:25:42 | Attr = ] 80jkOGAF.exe.a_a -> %SystemRoot%\System32\80jkOGAF.exe.a_a -> [Ver = | Size = 0 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 481040 bytes | Created Date = 21-04-2008 19:25:12 | Attr = H ] BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll -> [Ver = | Size = 10752 bytes | Created Date = 20-06-2008 21:56:55 | Attr = ] aac_parser.ax -> %SystemRoot%\System32\aac_parser.ax -> [Ver = 1.1 | Size = 81920 bytes | Created Date = 21-06-2008 10:29:45 | Attr = RHS] CoreAAC.ax -> %SystemRoot%\System32\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Created Date = 21-06-2008 10:29:45 | Attr = RHS] DiracSplitter.ax -> %SystemRoot%\System32\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Created Date = 21-06-2008 10:29:45 | Attr = RHS] RLOgg.ax -> %SystemRoot%\System32\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Created Date = 21-06-2008 10:29:45 | Attr = RHS] RLSpeexDec.ax -> %SystemRoot%\System32\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Created Date = 21-06-2008 10:29:45 | Attr = RHS] i420vfw.dll -> %SystemRoot%\System32\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 21-06-2008 11:34:09 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Created Date = 22-05-2008 2:33:31 | Attr = H ] At122.job -> %SystemRoot%\tasks\At122.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At123.job -> %SystemRoot%\tasks\At123.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At124.job -> %SystemRoot%\tasks\At124.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At125.job -> %SystemRoot%\tasks\At125.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At126.job -> %SystemRoot%\tasks\At126.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At127.job -> %SystemRoot%\tasks\At127.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At128.job -> %SystemRoot%\tasks\At128.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At129.job -> %SystemRoot%\tasks\At129.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At130.job -> %SystemRoot%\tasks\At130.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At131.job -> %SystemRoot%\tasks\At131.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At132.job -> %SystemRoot%\tasks\At132.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At133.job -> %SystemRoot%\tasks\At133.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At134.job -> %SystemRoot%\tasks\At134.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At135.job -> %SystemRoot%\tasks\At135.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At136.job -> %SystemRoot%\tasks\At136.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At137.job -> %SystemRoot%\tasks\At137.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At138.job -> %SystemRoot%\tasks\At138.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At139.job -> %SystemRoot%\tasks\At139.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At140.job -> %SystemRoot%\tasks\At140.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At141.job -> %SystemRoot%\tasks\At141.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At142.job -> %SystemRoot%\tasks\At142.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At143.job -> %SystemRoot%\tasks\At143.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At144.job -> %SystemRoot%\tasks\At144.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] At97.job -> %SystemRoot%\tasks\At97.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At98.job -> %SystemRoot%\tasks\At98.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At99.job -> %SystemRoot%\tasks\At99.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At100.job -> %SystemRoot%\tasks\At100.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At101.job -> %SystemRoot%\tasks\At101.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At102.job -> %SystemRoot%\tasks\At102.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At103.job -> %SystemRoot%\tasks\At103.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At104.job -> %SystemRoot%\tasks\At104.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At105.job -> %SystemRoot%\tasks\At105.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At106.job -> %SystemRoot%\tasks\At106.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At107.job -> %SystemRoot%\tasks\At107.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At108.job -> %SystemRoot%\tasks\At108.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At109.job -> %SystemRoot%\tasks\At109.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At110.job -> %SystemRoot%\tasks\At110.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At111.job -> %SystemRoot%\tasks\At111.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At112.job -> %SystemRoot%\tasks\At112.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At113.job -> %SystemRoot%\tasks\At113.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At114.job -> %SystemRoot%\tasks\At114.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At115.job -> %SystemRoot%\tasks\At115.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At116.job -> %SystemRoot%\tasks\At116.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At117.job -> %SystemRoot%\tasks\At117.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At118.job -> %SystemRoot%\tasks\At118.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At119.job -> %SystemRoot%\tasks\At119.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At120.job -> %SystemRoot%\tasks\At120.job -> [Ver = | Size = 350 bytes | Created Date = 14-07-2008 16:45:57 | Attr = ] At121.job -> %SystemRoot%\tasks\At121.job -> [Ver = | Size = 350 bytes | Created Date = 17-07-2008 19:44:53 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 07-06-2008 9:59:37 | Attr = ] Messenger Plus! -> %AllUsersProfile%\Application Data\Messenger Plus! -> [Folder | Created Date = 13-06-2008 21:06:56 | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [Folder | Created Date = 02-07-2008 8:07:38 | Attr = ] TuneUp Software -> %AllUsersProfile%\Application Data\TuneUp Software -> [Folder | Created Date = 02-07-2008 17:39:49 | Attr = ] cronometer -> %AppData%\cronometer -> [Folder | Created Date = 25-05-2008 11:23:09 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 07-06-2008 9:59:40 | Attr = ] MiniLyrics -> %AppData%\MiniLyrics -> [Folder | Created Date = 20-06-2008 20:07:22 | Attr = ] Mp3tag -> %AppData%\Mp3tag -> [Folder | Created Date = 20-06-2008 21:38:25 | Attr = ] FastStone -> %AppData%\FastStone -> [Folder | Created Date = 06-07-2008 11:04:00 | Attr = ] KompoZer -> %AppData%\KompoZer -> [Folder | Created Date = 13-07-2008 10:45:06 | Attr = ] Gateway -> %UserProfile%\Definições locais\Application Data\Gateway -> [Folder | Created Date = 15-07-2008 19:11:37 | Attr = ] MediaMonkey -> %UserProfile%\Definições locais\Application Data\MediaMonkey -> [Folder | Created Date = 20-06-2008 19:24:33 | Attr = ] Hattrick Manager -> %UserProfile%\Definições locais\Application Data\Hattrick Manager -> [Folder | Created Date = 24-06-2008 22:14:07 | Attr = ] leiria -> %UserProfile%\Os meus documentos\leiria -> [Folder | Created Date = 13-07-2008 10:37:27 | Attr = ] 441px-Wheatstone_Bridge.svg.png -> %UserProfile%\Os meus documentos\441px-Wheatstone_Bridge.svg.png -> [Ver = | Size = 17587 bytes | Created Date = 13-07-2008 23:34:48 | Attr = ] reinos -> %UserProfile%\Os meus documentos\reinos -> [Folder | Created Date = 08-06-2008 10:00:28 | Attr = ] Os Meus Registos -> %UserProfile%\Os meus documentos\Os Meus Registos -> [Folder | Created Date = 13-06-2008 21:10:10 | Attr = ] TAP -> %UserProfile%\Os meus documentos\TAP -> [Folder | Created Date = 15-06-2008 22:51:57 | Attr = ] Hattrick -> %UserProfile%\Os meus documentos\Hattrick -> [Folder | Created Date = 24-06-2008 18:31:27 | Attr = ] tmp.xlsx -> %UserProfile%\Os meus documentos\tmp.xlsx -> [Ver = | Size = 18757 bytes | Created Date = 29-06-2008 22:47:27 | Attr = ] Virtual Earth.lnk -> %AllUsersProfile%\Ambiente de trabalho\Virtual Earth.lnk -> [Ver = | Size = 1789 bytes | Created Date = 04-06-2008 19:06:59 | Attr = ] aMSN.lnk -> %AllUsersProfile%\Ambiente de trabalho\aMSN.lnk -> [Ver = | Size = 509 bytes | Created Date = 13-06-2008 21:05:24 | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Ambiente de trabalho\Mozilla Firefox.lnk -> [Ver = | Size = 1477 bytes | Created Date = 19-06-2008 0:05:18 | Attr = ] MediaMonkey.lnk -> %AllUsersProfile%\Ambiente de trabalho\MediaMonkey.lnk -> [Ver = | Size = 551 bytes | Created Date = 20-06-2008 19:24:37 | Attr = ] PDFCreator.lnk -> %AllUsersProfile%\Ambiente de trabalho\PDFCreator.lnk -> [Ver = | Size = 589 bytes | Created Date = 26-06-2008 0:57:12 | Attr = ] TuneUp Utilities 2008.lnk -> %AllUsersProfile%\Ambiente de trabalho\TuneUp Utilities 2008.lnk -> [Ver = | Size = 716 bytes | Created Date = 02-07-2008 17:39:59 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 587 bytes | Created Date = 13-07-2008 14:07:36 | Attr = ] Pool Sharks.lnk -> %AllUsersProfile%\Ambiente de trabalho\Pool Sharks.lnk -> [Ver = | Size = 2233 bytes | Created Date = 15-07-2008 19:04:09 | Attr = ] TAP -> %UserProfile%\Ambiente de trabalho\TAP -> [Folder | Created Date = 30-04-2008 19:46:35 | Attr = ] HTO -> %UserProfile%\Ambiente de trabalho\HTO -> [Folder | Created Date = 24-06-2008 18:24:44 | Attr = ] A Porteira.xls -> %UserProfile%\Ambiente de trabalho\A Porteira.xls -> [Ver = | Size = 133120 bytes | Created Date = 29-06-2008 23:01:20 | Attr = ] CCleaner.lnk -> %UserProfile%\Ambiente de trabalho\CCleaner.lnk -> [Ver = | Size = 1423 bytes | Created Date = 01-07-2008 23:09:13 | Attr = ] HijackThis.lnk -> %UserProfile%\Ambiente de trabalho\HijackThis.lnk -> [Ver = | Size = 1609 bytes | Created Date = 13-07-2008 9:32:51 | Attr = ] KompoZer 0.7.10 -> %UserProfile%\Ambiente de trabalho\KompoZer 0.7.10 -> [Folder | Created Date = 13-07-2008 10:44:22 | Attr = ] OTScanIt -> %UserProfile%\Ambiente de trabalho\OTScanIt -> [Folder | Created Date = 18-07-2008 17:15:14 | Attr = ] CPLEIRIA.xlsx.lnk -> %UserProfile%\Ambiente de trabalho\CPLEIRIA.xlsx.lnk -> [Ver = | Size = 586 bytes | Created Date = 17-07-2008 16:11:41 | Attr = ] Foxit PDF Editor.lnk -> %UserProfile%\Ambiente de trabalho\Foxit PDF Editor.lnk -> [Ver = | Size = 605 bytes | Created Date = 17-07-2008 20:15:17 | Attr = ] Hattrick Organizer.lnk -> %UserProfile%\Ambiente de trabalho\Hattrick Organizer.lnk -> [Ver = | Size = 1372 bytes | Created Date = 24-06-2008 18:27:55 | Attr = ] HAM -> %ProgramFiles%\HAM -> [Folder | Created Date = 24-06-2008 19:34:45 | Attr = ] MSECACHE -> %ProgramFiles%\MSECACHE -> [Folder | Created Date = 10-07-2008 22:15:30 | Attr = ] Yahoo! -> %ProgramFiles%\Yahoo! -> [Folder | Created Date = 01-07-2008 23:09:20 | Attr = ] Pool Sharks -> %ProgramFiles%\Pool Sharks -> [Folder | Created Date = 15-07-2008 19:04:06 | Attr = ] Virtual Earth 3D -> %ProgramFiles%\Virtual Earth 3D -> [Folder | Created Date = 04-06-2008 19:06:50 | Attr = ] TuneUp Utilities 2008 -> %ProgramFiles%\TuneUp Utilities 2008 -> [Folder | Created Date = 02-07-2008 17:39:44 | Attr = ] aMSN -> %ProgramFiles%\aMSN -> [Folder | Created Date = 13-06-2008 21:05:14 | Attr = ] StuffPlug3 -> %ProgramFiles%\StuffPlug3 -> [Folder | Created Date = 13-06-2008 21:06:54 | Attr = ] FastStone Capture -> %ProgramFiles%\FastStone Capture -> [Folder | Created Date = 06-07-2008 11:03:58 | Attr = ] Windows Installer Clean Up -> %ProgramFiles%\Windows Installer Clean Up -> [Folder | Created Date = 10-07-2008 22:15:44 | Attr = ] Enigma Software Group -> %ProgramFiles%\Enigma Software Group -> [Folder | Created Date = 11-07-2008 16:36:05 | Attr = ] Design Science -> %ProgramFiles%\Design Science -> [Folder | Created Date = 10-06-2008 17:37:51 | Attr = ] Messenger Plus! Live -> %ProgramFiles%\Messenger Plus! Live -> [Folder | Created Date = 13-06-2008 21:05:41 | Attr = ] MediaMonkey -> %ProgramFiles%\MediaMonkey -> [Folder | Created Date = 20-06-2008 19:24:31 | Attr = ] Minilyrics -> %ProgramFiles%\Minilyrics -> [Folder | Created Date = 20-06-2008 20:05:12 | Attr = ] Mp3tag -> %ProgramFiles%\Mp3tag -> [Folder | Created Date = 20-06-2008 21:38:20 | Attr = ] Cloudbrain -> %ProgramFiles%\Cloudbrain -> [Folder | Created Date = 20-06-2008 21:39:50 | Attr = ] AviSynth 2.5 -> %ProgramFiles%\AviSynth 2.5 -> [Folder | Created Date = 21-06-2008 11:34:09 | Attr = ] Hattrick Coach Professional -> %ProgramFiles%\Hattrick Coach Professional -> [Folder | Created Date = 24-06-2008 22:04:02 | Attr = ] Hattrick Manager -> %ProgramFiles%\Hattrick Manager -> [Folder | Created Date = 24-06-2008 22:04:13 | Attr = ] PDFCreator -> %ProgramFiles%\PDFCreator -> [Folder | Created Date = 26-06-2008 0:57:02 | Attr = ] Windows Live Safety Center -> %ProgramFiles%\Windows Live Safety Center -> [Folder | Created Date = 12-07-2008 11:28:23 | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 13-07-2008 14:07:33 | Attr = ] [Files/Folders - Modified Within 90 days] Lyrics -> %SystemDrive%\Lyrics -> [Folder | Modified Date = 14-07-2008 0:25:20 | Attr = ] FOUND.002 -> %SystemDrive%\FOUND.002 -> [Folder | Modified Date = 17-07-2008 16:04:50 | Attr = HS] Program Files -> %SystemDrive%\Program Files -> [Folder | Modified Date = 17-07-2008 20:15:18 | Attr = ] FOUND.001 -> %SystemDrive%\FOUND.001 -> [Folder | Modified Date = 12-05-2008 17:09:42 | Attr = HS] fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [Ver = | Size = 69920 bytes | Modified Date = 18-07-2008 8:20:34 | Attr = HS] fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [Ver = | Size = 5242880 bytes | Modified Date = 18-07-2008 8:20:34 | Attr = HS] fidbox2.idx -> %SystemRoot%\System32\drivers\fidbox2.idx -> [Ver = | Size = 24248 bytes | Modified Date = 18-07-2008 8:20:34 | Attr = HS] fidbox2.dat -> %SystemRoot%\System32\drivers\fidbox2.dat -> [Ver = | Size = 475136 bytes | Modified Date = 18-07-2008 8:20:34 | Attr = HS] klick.dat -> %SystemRoot%\System32\drivers\klick.dat -> [Ver = | Size = 88774 bytes | Modified Date = 29-05-2008 18:20:18 | Attr = ] klin.dat -> %SystemRoot%\System32\drivers\klin.dat -> [Ver = | Size = 96966 bytes | Modified Date = 29-05-2008 18:20:18 | Attr = ] kl1.sys -> %SystemRoot%\System32\drivers\kl1.sys -> Kaspersky Lab [Ver = 6.1.30.0 | Size = 112144 bytes | Modified Date = 29-05-2008 18:20:22 | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 07-07-2008 17:35:36 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 07-07-2008 17:35:30 | Attr = ] NALJ8YSL.exe -> %SystemRoot%\System32\NALJ8YSL.exe -> [Ver = | Size = 35842 bytes | Modified Date = 18-07-2008 16:10:58 | Attr = ] NALJ8YSL.exe_ -> %SystemRoot%\System32\NALJ8YSL.exe_ -> [Ver = | Size = 35842 bytes | Modified Date = 18-07-2008 8:12:40 | Attr = ] NALJ8YSL.exe.a_a -> %SystemRoot%\System32\NALJ8YSL.exe.a_a -> [Ver = | Size = 0 bytes | Modified Date = 11-07-2008 20:14:42 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 63528 bytes | Modified Date = 16-06-2008 22:08:34 | Attr = ] perfc016.dat -> %SystemRoot%\System32\perfc016.dat -> [Ver = | Size = 74488 bytes | Modified Date = 16-06-2008 22:08:34 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 406328 bytes | Modified Date = 16-06-2008 22:08:34 | Attr = ] perfh016.dat -> %SystemRoot%\System32\perfh016.dat -> [Ver = | Size = 453706 bytes | Modified Date = 16-06-2008 22:08:34 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 13-07-2008 0:31:16 | Attr = ] uxtuneup.dll -> %SystemRoot%\System32\uxtuneup.dll -> TuneUp Software GmbH [Ver = 2.0.0.12 | Size = 28416 bytes | Modified Date = 29-05-2008 9:28:54 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 1899600 bytes | Modified Date = 11-06-2008 8:07:32 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 1010548 bytes | Modified Date = 16-06-2008 22:08:34 | Attr = ] CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Modified Date = 13-07-2008 0:32:02 | Attr = ] 80jkOGAF.exe -> %SystemRoot%\System32\80jkOGAF.exe -> [Ver = | Size = 29760 bytes | Modified Date = 14-07-2008 16:45:22 | Attr = ] TuneUpDefragService.exe -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.16 | Size = 355584 bytes | Modified Date = 02-07-2008 17:40:06 | Attr = ] fj3Q1f6S.exe.a_a -> %SystemRoot%\System32\fj3Q1f6S.exe.a_a -> [Ver = | Size = 0 bytes | Modified Date = 09-07-2008 19:25:44 | Attr = ] 80jkOGAF.exe.a_a -> %SystemRoot%\System32\80jkOGAF.exe.a_a -> [Ver = | Size = 0 bytes | Modified Date = 14-07-2008 16:45:58 | Attr = ] mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 481040 bytes | Modified Date = 21-04-2008 19:25:14 | Attr = H ] BASSMOD.dll -> %SystemRoot%\System32\BASSMOD.dll -> [Ver = | Size = 10752 bytes | Modified Date = 20-06-2008 21:57:42 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 231 bytes | Modified Date = 08-07-2008 20:55:36 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 22-05-2008 2:33:32 | Attr = H ] avisplitter.INI -> %SystemRoot%\avisplitter.INI -> [Ver = | Size = 38 bytes | Modified Date = 14-07-2008 0:31:04 | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 18-07-2008 15:28:52 | Attr = S] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 18-07-2008 15:29:04 | Attr = H ] At122.job -> %SystemRoot%\tasks\At122.job -> [Ver = | Size = 350 bytes | Modified Date = 18-07-2008 1:00:12 | Attr = ] At123.job -> %SystemRoot%\tasks\At123.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] At124.job -> %SystemRoot%\tasks\At124.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] 1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 480 bytes | Modified Date = 18-07-2008 17:15:02 | Attr = ] At125.job -> %SystemRoot%\tasks\At125.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] At126.job -> %SystemRoot%\tasks\At126.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] At127.job -> %SystemRoot%\tasks\At127.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] At128.job -> %SystemRoot%\tasks\At128.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] At129.job -> %SystemRoot%\tasks\At129.job -> [Ver = | Size = 350 bytes | Modified Date = 18-07-2008 8:00:02 | Attr = ] At130.job -> %SystemRoot%\tasks\At130.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] At131.job -> %SystemRoot%\tasks\At131.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] At132.job -> %SystemRoot%\tasks\At132.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] At133.job -> %SystemRoot%\tasks\At133.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] At134.job -> %SystemRoot%\tasks\At134.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] At135.job -> %SystemRoot%\tasks\At135.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] At136.job -> %SystemRoot%\tasks\At136.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] At137.job -> %SystemRoot%\tasks\At137.job -> [Ver = | Size = 350 bytes | Modified Date = 18-07-2008 17:05:02 | Attr = ] At138.job -> %SystemRoot%\tasks\At138.job -> [Ver = | Size = 350 bytes | Modified Date = 18-07-2008 17:00:12 | Attr = ] At139.job -> %SystemRoot%\tasks\At139.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] At140.job -> %SystemRoot%\tasks\At140.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:44:56 | Attr = ] At141.job -> %SystemRoot%\tasks\At141.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 20:00:12 | Attr = ] At142.job -> %SystemRoot%\tasks\At142.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 21:00:12 | Attr = ] At143.job -> %SystemRoot%\tasks\At143.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 22:00:12 | Attr = ] At144.job -> %SystemRoot%\tasks\At144.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 23:00:12 | Attr = ] At97.job -> %SystemRoot%\tasks\At97.job -> [Ver = | Size = 350 bytes | Modified Date = 18-07-2008 0:44:04 | Attr = ] At98.job -> %SystemRoot%\tasks\At98.job -> [Ver = | Size = 350 bytes | Modified Date = 18-07-2008 1:00:04 | Attr = ] At99.job -> %SystemRoot%\tasks\At99.job -> [Ver = | Size = 350 bytes | Modified Date = 14-07-2008 16:45:58 | Attr = ] At100.job -> %SystemRoot%\tasks\At100.job -> [Ver = | Size = 350 bytes | Modified Date = 14-07-2008 16:45:58 | Attr = ] At101.job -> %SystemRoot%\tasks\At101.job -> [Ver = | Size = 350 bytes | Modified Date = 14-07-2008 16:45:58 | Attr = ] At102.job -> %SystemRoot%\tasks\At102.job -> [Ver = | Size = 350 bytes | Modified Date = 14-07-2008 16:45:58 | Attr = ] At103.job -> %SystemRoot%\tasks\At103.job -> [Ver = | Size = 350 bytes | Modified Date = 14-07-2008 16:45:58 | Attr = ] At104.job -> %SystemRoot%\tasks\At104.job -> [Ver = | Size = 350 bytes | Modified Date = 14-07-2008 16:45:58 | Attr = ] At105.job -> %SystemRoot%\tasks\At105.job -> [Ver = | Size = 350 bytes | Modified Date = 18-07-2008 8:00:04 | Attr = ] At106.job -> %SystemRoot%\tasks\At106.job -> [Ver = | Size = 350 bytes | Modified Date = 14-07-2008 16:45:58 | Attr = ] At107.job -> %SystemRoot%\tasks\At107.job -> [Ver = | Size = 350 bytes | Modified Date = 14-07-2008 16:45:58 | Attr = ] At108.job -> %SystemRoot%\tasks\At108.job -> [Ver = | Size = 350 bytes | Modified Date = 14-07-2008 16:45:58 | Attr = ] At109.job -> %SystemRoot%\tasks\At109.job -> [Ver = | Size = 350 bytes | Modified Date = 14-07-2008 16:45:58 | Attr = ] At110.job -> %SystemRoot%\tasks\At110.job -> [Ver = | Size = 350 bytes | Modified Date = 14-07-2008 16:45:58 | Attr = ] At111.job -> %SystemRoot%\tasks\At111.job -> [Ver = | Size = 350 bytes | Modified Date = 14-07-2008 16:45:58 | Attr = ] At112.job -> %SystemRoot%\tasks\At112.job -> [Ver = | Size = 350 bytes | Modified Date = 14-07-2008 16:45:58 | Attr = ] At113.job -> %SystemRoot%\tasks\At113.job -> [Ver = | Size = 350 bytes | Modified Date = 18-07-2008 16:00:04 | Attr = ] At114.job -> %SystemRoot%\tasks\At114.job -> [Ver = | Size = 350 bytes | Modified Date = 18-07-2008 17:00:04 | Attr = ] At115.job -> %SystemRoot%\tasks\At115.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 18:00:04 | Attr = ] At116.job -> %SystemRoot%\tasks\At116.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 19:00:04 | Attr = ] At117.job -> %SystemRoot%\tasks\At117.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 20:00:04 | Attr = ] At118.job -> %SystemRoot%\tasks\At118.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 21:00:04 | Attr = ] At119.job -> %SystemRoot%\tasks\At119.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 22:00:04 | Attr = ] At120.job -> %SystemRoot%\tasks\At120.job -> [Ver = | Size = 350 bytes | Modified Date = 17-07-2008 23:00:04 | Attr = ] At121.job -> %SystemRoot%\tasks\At121.job -> [Ver = | Size = 350 bytes | Modified Date = 18-07-2008 0:15:12 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 03-02-2008 15:44:06 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 13990 bytes | Modified Date = 18-07-2008 15:30:10 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 13990 bytes | Modified Date = 18-07-2008 15:30:10 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 12-02-2008 21:23:56 | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 12-02-2008 21:37:20 | Attr = ] D:\Temp\ -> D:\Temp -> [Folder | Modified Date = 18-07-2008 17:16:50 | Attr = ] 1fgCPnxo.exe -> D:\Temp\1fgCPnxo.exe -> [Ver = | Size = 35842 bytes | Modified Date = 16-07-2008 23:30:31 | Attr = ] 3r842uVR.exe -> D:\Temp\3r842uVR.exe -> [Ver = | Size = 35842 bytes | Modified Date = 14-07-2008 20:16:20 | Attr = ] 8N0b206w.exe -> D:\Temp\8N0b206w.exe -> [Ver = | Size = 35842 bytes | Modified Date = 15-07-2008 23:31:20 | Attr = ] WlMaVOn1.exe -> D:\Temp\WlMaVOn1.exe -> [Ver = | Size = 35842 bytes | Modified Date = 14-07-2008 22:16:44 | Attr = ] YHEW5nHj.exe -> D:\Temp\YHEW5nHj.exe -> [Ver = | Size = 35842 bytes | Modified Date = 15-07-2008 17:30:20 | Attr = ] 10 D:\Temp\*.tmp files -> D:\Temp\*.tmp -> D:\Temp\VSD4E.tmp\dotnetfx\ -> D:\Temp\VSD4E.tmp\dotnetfx -> [Folder | Modified Date = 15-07-2008 19:03:45 | Attr = ] dotnetchk.exe -> D:\Temp\VSD4E.tmp\dotnetfx\dotnetchk.exe -> Microsoft Corporation [Ver = 8.0.50727.42 (RTM.050727-4200) | Size = 61632 bytes | Modified Date = 15-07-2008 19:03:45 | Attr = ] D:\Temp\ -> D:\Temp -> [Folder | Modified Date = 18-07-2008 17:16:50 | Attr = ] 3846u885.dat -> D:\Temp\3846u885.dat -> [Ver = | Size = 8983 bytes | Modified Date = 18-07-2008 8:12:54 | Attr = ] 10 D:\Temp\*.tmp files -> D:\Temp\*.tmp -> C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 03-02-2008 14:12:00 | Attr = ] 3846u885.dat -> C:\WINDOWS\Temp\3846u885.dat -> [Ver = | Size = 6563 bytes | Modified Date = 18-07-2008 16:00:14 | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 07-06-2008 9:59:38 | Attr = ] Messenger Plus! -> %AllUsersProfile%\Application Data\Messenger Plus! -> [Folder | Modified Date = 13-06-2008 21:06:58 | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [Folder | Modified Date = 02-07-2008 8:07:40 | Attr = ] TuneUp Software -> %AllUsersProfile%\Application Data\TuneUp Software -> [Folder | Modified Date = 02-07-2008 17:39:50 | Attr = ] cronometer -> %AppData%\cronometer -> [Folder | Modified Date = 25-05-2008 11:23:10 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 07-06-2008 9:59:42 | Attr = ] MiniLyrics -> %AppData%\MiniLyrics -> [Folder | Modified Date = 20-06-2008 20:07:24 | Attr = ] Mp3tag -> %AppData%\Mp3tag -> [Folder | Modified Date = 20-06-2008 21:38:26 | Attr = ] FastStone -> %AppData%\FastStone -> [Folder | Modified Date = 06-07-2008 11:04:02 | Attr = ] KompoZer -> %AppData%\KompoZer -> [Folder | Modified Date = 13-07-2008 10:45:08 | Attr = ] IconCache.db -> %UserProfile%\Definições locais\Application Data\IconCache.db -> [Ver = | Size = 40857252 bytes | Modified Date = 18-07-2008 8:20:24 | Attr = H ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Definições locais\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 790624 bytes | Modified Date = 11-06-2008 0:16:02 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Definições locais\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 143872 bytes | Modified Date = 17-07-2008 1:05:24 | Attr = ] Gateway -> %UserProfile%\Definições locais\Application Data\Gateway -> [Folder | Modified Date = 15-07-2008 19:11:38 | Attr = ] MediaMonkey -> %UserProfile%\Definições locais\Application Data\MediaMonkey -> [Folder | Modified Date = 20-06-2008 19:24:34 | Attr = ] Hattrick Manager -> %UserProfile%\Definições locais\Application Data\Hattrick Manager -> [Folder | Modified Date = 24-06-2008 22:14:08 | Attr = ] leiria -> %UserProfile%\Os meus documentos\leiria -> [Folder | Modified Date = 13-07-2008 10:37:28 | Attr = ] 441px-Wheatstone_Bridge.svg.png -> %UserProfile%\Os meus documentos\441px-Wheatstone_Bridge.svg.png -> [Ver = | Size = 17587 bytes | Modified Date = 13-07-2008 23:34:50 | Attr = ] pcnovo.xlsx -> %UserProfile%\Os meus documentos\pcnovo.xlsx -> [Ver = | Size = 8981 bytes | Modified Date = 27-04-2008 14:32:52 | Attr = ] reinos -> %UserProfile%\Os meus documentos\reinos -> [Folder | Modified Date = 08-06-2008 10:00:30 | Attr = ] Os Meus Registos -> %UserProfile%\Os meus documentos\Os Meus Registos -> [Folder | Modified Date = 13-06-2008 21:10:12 | Attr = ] TAP -> %UserProfile%\Os meus documentos\TAP -> [Folder | Modified Date = 15-06-2008 22:51:58 | Attr = ] Hattrick -> %UserProfile%\Os meus documentos\Hattrick -> [Folder | Modified Date = 24-06-2008 18:31:28 | Attr = ] tmp.xlsx -> %UserProfile%\Os meus documentos\tmp.xlsx -> [Ver = | Size = 18757 bytes | Modified Date = 29-06-2008 22:47:28 | Attr = ] Virtual Earth.lnk -> %AllUsersProfile%\Ambiente de trabalho\Virtual Earth.lnk -> [Ver = | Size = 1789 bytes | Modified Date = 04-06-2008 19:07:00 | Attr = ] aMSN.lnk -> %AllUsersProfile%\Ambiente de trabalho\aMSN.lnk -> [Ver = | Size = 509 bytes | Modified Date = 13-06-2008 21:05:26 | Attr = ] Mozilla Firefox.lnk -> %AllUsersProfile%\Ambiente de trabalho\Mozilla Firefox.lnk -> [Ver = | Size = 1477 bytes | Modified Date = 19-06-2008 0:05:20 | Attr = ] MediaMonkey.lnk -> %AllUsersProfile%\Ambiente de trabalho\MediaMonkey.lnk -> [Ver = | Size = 551 bytes | Modified Date = 20-06-2008 19:24:38 | Attr = ] PDFCreator.lnk -> %AllUsersProfile%\Ambiente de trabalho\PDFCreator.lnk -> [Ver = | Size = 589 bytes | Modified Date = 26-06-2008 0:57:14 | Attr = ] TuneUp Utilities 2008.lnk -> %AllUsersProfile%\Ambiente de trabalho\TuneUp Utilities 2008.lnk -> [Ver = | Size = 716 bytes | Modified Date = 02-07-2008 17:40:00 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Ambiente de trabalho\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 587 bytes | Modified Date = 13-07-2008 14:07:38 | Attr = ] Pool Sharks.lnk -> %AllUsersProfile%\Ambiente de trabalho\Pool Sharks.lnk -> [Ver = | Size = 2233 bytes | Modified Date = 17-07-2008 17:36:32 | Attr = ] TAP -> %UserProfile%\Ambiente de trabalho\TAP -> [Folder | Modified Date = 30-04-2008 19:46:36 | Attr = ] HTO -> %UserProfile%\Ambiente de trabalho\HTO -> [Folder | Modified Date = 24-06-2008 18:24:46 | Attr = ] A Porteira.xls -> %UserProfile%\Ambiente de trabalho\A Porteira.xls -> [Ver = | Size = 133120 bytes | Modified Date = 17-07-2008 22:16:28 | Attr = ] CCleaner.lnk -> %UserProfile%\Ambiente de trabalho\CCleaner.lnk -> [Ver = | Size = 1423 bytes | Modified Date = 01-07-2008 23:09:14 | Attr = ] HijackThis.lnk -> %UserProfile%\Ambiente de trabalho\HijackThis.lnk -> [Ver = | Size = 1609 bytes | Modified Date = 13-07-2008 9:32:52 | Attr = ] KompoZer 0.7.10 -> %UserProfile%\Ambiente de trabalho\KompoZer 0.7.10 -> [Folder | Modified Date = 13-07-2008 10:44:24 | Attr = ] OTScanIt -> %UserProfile%\Ambiente de trabalho\OTScanIt -> [Folder | Modified Date = 18-07-2008 17:15:16 | Attr = ] CPLEIRIA.xlsx.lnk -> %UserProfile%\Ambiente de trabalho\CPLEIRIA.xlsx.lnk -> [Ver = | Size = 586 bytes | Modified Date = 17-07-2008 16:11:42 | Attr = ] Foxit PDF Editor.lnk -> %UserProfile%\Ambiente de trabalho\Foxit PDF Editor.lnk -> [Ver = | Size = 605 bytes | Modified Date = 17-07-2008 20:15:18 | Attr = ] Hattrick Organizer.lnk -> %UserProfile%\Ambiente de trabalho\Hattrick Organizer.lnk -> [Ver = | Size = 1372 bytes | Modified Date = 24-06-2008 18:28:12 | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]