[code] OTScanIt logfile created on: 8/2/2008 1:22:39 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Jesus\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 85.70% Memory free 2.60 Gb Paging File | 2.45 Gb Available in Paging File | 94.33% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 232.88 Gb Total Space | 93.61 Gb Free Space | 40.20% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 465.65 Gb Total Space | 376.11 Gb Free Space | 80.77% Space Free | Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JESUS-4JOY2PVC7 Current User Name: Jesus Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 3 | Size = 574808 bytes | Modified Date = 9/25/2007 9:00:46 AM | Attr = ] iviregmgr.exe -> %CommonProgramFiles%\InterVideo\RegMgr\iviRegMgr.exe -> InterVideo [Ver = 1, 0, 4, 0 | Size = 112152 bytes | Modified Date = 1/4/2007 8:48:52 PM | Attr = R ] wlservice.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ] soundman.exe -> %SystemRoot%\soundman.exe -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 59 | Size = 577536 bytes | Modified Date = 4/16/2007 3:28:22 PM | Attr = ] saimfd.exe -> %ProgramFiles%\Saitek\SD6\Software\SaiMfd.exe -> Saitek [Ver = 6.0.10.7 | Size = 131072 bytes | Modified Date = 10/2/2007 10:10:46 AM | Attr = ] isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 3/20/2006 6:34:50 PM | Attr = ] ezsp_px.exe -> %SystemRoot%\system32\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 11:29:26 AM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 2, 3 | Size = 574808 bytes | Modified Date = 9/25/2007 9:00:46 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:50 AM | Attr = ] (IviRegMgr) IviRegMgr [Win32_Own | Auto | Running] -> %CommonProgramFiles%\InterVideo\RegMgr\iviRegMgr.exe -> InterVideo [Ver = 1, 0, 4, 0 | Size = 112152 bytes | Modified Date = 1/4/2007 8:48:52 PM | Attr = R ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 127043 bytes | Modified Date = 10/29/2004 4:50:00 PM | Attr = ] (SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 3.2.00.12242 | Size = 65536 bytes | Modified Date = 12/24/2002 12:01:22 PM | Attr = ] (TuneUp.Defrag) TuneUp Drive Defrag Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.16 | Size = 355584 bytes | Modified Date = 7/7/2008 1:47:50 PM | Attr = ] (WUSB54GSSVC) WUSB54GSSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 4 | Size = 41025 bytes | Modified Date = 2/6/2004 11:56:14 PM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 40048 bytes | Modified Date = 5/11/2007 3:06:32 AM | Attr = ] ezShieldProtector for Px -> %SystemRoot%\system32\ezSP_Px.exe [C:\WINDOWS\system32\ezSP_Px.exe] -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 11:29:26 AM | Attr = ] ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler] -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 3/20/2006 6:34:50 PM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 4620288 bytes | Modified Date = 10/29/2004 4:50:00 PM | Attr = ] NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 86016 bytes | Modified Date = 10/29/2004 4:50:00 PM | Attr = ] ProfilerU -> %ProgramFiles%\Saitek\SD6\Software\ProfilerU.exe [C:\Program Files\Saitek\SD6\Software\ProfilerU.exe] -> Saitek [Ver = 6.0.10.7 | Size = 233472 bytes | Modified Date = 10/2/2007 10:10:14 AM | Attr = ] SaiMfd -> %ProgramFiles%\Saitek\SD6\Software\SaiMfd.exe [C:\Program Files\Saitek\SD6\Software\SaiMfd.exe] -> Saitek [Ver = 6.0.10.7 | Size = 131072 bytes | Modified Date = 10/2/2007 10:10:46 AM | Attr = ] SoundMan -> %SystemRoot%\soundman.exe [SOUNDMAN.EXE] -> Realtek Semiconductor Corp. [Ver = 5, 1, 0, 59 | Size = 577536 bytes | Modified Date = 4/16/2007 3:28:22 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Jesus Startup Folder > -> C:\Documents and Settings\Jesus\Start Menu\Programs\Startup -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> wdhotem.dll wcnonpe.dll businesn.dll tiplict.dll esceps.dll manleu.dll aliens.dll baccops.dll dearnts.dll jolinos.dll ccohole.dll cmopes.dll zlcdps.dll therbrek.dll hourpx2.dll joause.dll -> -> File not found *MultiFile Done* -> -> < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\adsntzt.dll [adsntzt.dll] -> [Ver = | Size = 767264 bytes | Modified Date = 7/31/2008 4:45:53 PM | Attr = ] {9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\certmgrkd.dll [certmgrkd.dll] -> [Ver = | Size = 692000 bytes | Modified Date = 7/31/2008 4:47:10 PM | Attr = ] {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\cliconfgzx.dll [cliconfgzx.dll] -> [Ver = | Size = 712852 bytes | Modified Date = 7/31/2008 4:44:32 PM | Attr = ] {00130013-0013-0013-0013-00130013BB15} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ksuserfy.dll [ksuserfy.dll] -> [Ver = | Size = 845088 bytes | Modified Date = 7/31/2001 4:51:25 PM | Attr = ] {71A78CD4-E470-4a18-8457-E0E0283DD507} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\lweurqhx.dll [lweurqhx.dll] -> [Ver = | Size = 1002412 bytes | Modified Date = 7/31/2008 4:49:29 PM | Attr = ] {00210021-0021-0021-0021-00210021BB15} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\olecli32pt.dll [olecli32pt.dll] -> [Ver = | Size = 726676 bytes | Modified Date = 7/31/2001 4:53:26 PM | Attr = ] {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\slbiopfs2.dll [slbiopfs2.dll] -> [Ver = | Size = 954796 bytes | Modified Date = 7/31/2008 4:51:06 PM | Attr = ] {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\tscfgwmijxsj.dll [tscfgwmijxsj.dll] -> [Ver = | Size = 627116 bytes | Modified Date = 7/31/2008 4:45:11 PM | Attr = ] {00260026-0026-0026-0026-00260026BB15} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\usbmonjx2.dll [usbmonjx2.dll] -> [Ver = | Size = 608404 bytes | Modified Date = 7/31/2008 4:50:08 PM | Attr = ] {00320032-0032-0032-0032-00320032BB15} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\xolehlpjh.dll [xolehlpjh.dll] -> [Ver = | Size = 759724 bytes | Modified Date = 7/31/2008 4:49:08 PM | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {00130013-0013-0013-0013-00130013BB15} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ksuserfy.dll [] -> [Ver = | Size = 845088 bytes | Modified Date = 7/31/2001 4:51:25 PM | Attr = ] {00210021-0021-0021-0021-00210021BB15} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\olecli32pt.dll [] -> [Ver = | Size = 726676 bytes | Modified Date = 7/31/2001 4:53:26 PM | Attr = ] {00260026-0026-0026-0026-00260026BB15} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\usbmonjx2.dll [] -> [Ver = | Size = 608404 bytes | Modified Date = 7/31/2008 4:50:08 PM | Attr = ] {00320032-0032-0032-0032-00320032BB15} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\xolehlpjh.dll [] -> [Ver = | Size = 759724 bytes | Modified Date = 7/31/2008 4:49:08 PM | Attr = ] {021F087F-4378-545F-74FA-37D345AD7A8C} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mttwfh.dll [] -> [Ver = | Size = 279552 bytes | Modified Date = 7/31/2008 4:43:35 PM | Attr = H ] {0B497AE8-3F6C-440C-AB87-52ED0182464A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Explorer\IEXPLORE32.Dat [] -> [Ver = | Size = 35998 bytes | Modified Date = 8/1/2008 11:41:48 PM | Attr = HS] {1FD4696C-E95A-44E2-A03A-FDBDF4CCC305} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Explorer\IEXPLORE32.win [] -> [Ver = | Size = 30843 bytes | Modified Date = 8/1/2008 11:41:48 PM | Attr = HS] {21E5BB9B-86BD-43C0-A53F-B94FCA0C9277} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Explorer\PLUGINS\UnixSys08.Sys [] -> [Ver = | Size = 44660 bytes | Modified Date = 7/31/2008 4:52:27 PM | Attr = HS] {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\tscfgwmijxsj.dll [] -> [Ver = | Size = 627116 bytes | Modified Date = 7/31/2008 4:45:11 PM | Attr = ] {45AADFAA-DD36-42AB-83AD-0521BBF58C24} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\zycdex.dll [] -> [Ver = | Size = 225792 bytes | Modified Date = 7/31/2008 4:46:51 PM | Attr = H ] {4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\tdggrz.dll [] -> [Ver = | Size = 218624 bytes | Modified Date = 7/31/2008 4:49:48 PM | Attr = H ] {71A78CD4-E470-4a18-8457-E0E0283DD507} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\lweurqhx.dll [] -> [Ver = | Size = 1002412 bytes | Modified Date = 7/31/2008 4:49:29 PM | Attr = ] {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\cliconfgzx.dll [] -> [Ver = | Size = 712852 bytes | Modified Date = 7/31/2008 4:44:32 PM | Attr = ] {8C41B7F7-3168-400D-A702-0E7EFE0BA304} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\sgdewg.dll [] -> [Ver = | Size = 225792 bytes | Modified Date = 7/31/2008 4:44:13 PM | Attr = H ] {9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\certmgrkd.dll [] -> [Ver = | Size = 692000 bytes | Modified Date = 7/31/2008 4:47:10 PM | Attr = ] {A9895933-6636-4281-BC58-EE6DE2AF96E3} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ddserh.dll [] -> [Ver = | Size = 272384 bytes | Modified Date = 7/31/2008 4:48:47 PM | Attr = H ] {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\adsntzt.dll [] -> [Ver = | Size = 767264 bytes | Modified Date = 7/31/2008 4:45:53 PM | Attr = ] {E6C0D0E3-9E9A-489D-AE19-BBCFC7047A59} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Explorer\IEXPLORE32.Sys [] -> [Ver = | Size = 31371 bytes | Modified Date = 8/1/2008 11:41:49 PM | Attr = HS] {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\slbiopfs2.dll [] -> [Ver = | Size = 954796 bytes | Modified Date = 7/31/2008 4:51:06 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 12:56:52 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/25/2007 11:36:51 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003] > -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{645FF040-5081-101B-9F08-00AA002F954E} -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003] > -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{645FF040-5081-101B-9F08-00AA002F954E} -> 0 -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 0 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> SCSI\CdRom&Ven_IVI&Prod_Virtual_CD&Rev_0.5a\1&2afd7d61&0&000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomLITE-ON_DVD_C__LH52C1P__________________6L14____\3032373033303530303034303137383020202020 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 9/3/2007 6:04:42 AM | Attr = ] autorun [] -> E:\autorun [ FAT32 ] -> [Folder | Modified Date = 1/24/2007 3:30:48 PM | Attr = ] autorun.inf [[autorun] | open=wd_windows_tools\setup.exe | ICON=AUTORUN\WDLOGO.ICO | ] -> E:\autorun.inf [ FAT32 ] -> [Ver = | Size = 69 bytes | Modified Date = 11/17/2005 6:15:24 PM | Attr = H ] < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://google.com/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\] > -> -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\: Main\\Start Page -> http://google.com/ -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3323 domain(s) found. -> 26 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 3323 domain(s) found. -> 26 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {0B497AE8-3F6C-440C-AB87-52ED0182464A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Explorer\IEXPLORE32.Dat [] -> [Ver = | Size = 35998 bytes | Modified Date = 8/1/2008 11:41:48 PM | Attr = HS] {1FD4696C-E95A-44E2-A03A-FDBDF4CCC305} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Explorer\IEXPLORE32.win [] -> [Ver = | Size = 30843 bytes | Modified Date = 8/1/2008 11:41:48 PM | Attr = HS] {21E5BB9B-86BD-43C0-A53F-B94FCA0C9277} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Explorer\PLUGINS\UnixSys08.Sys [] -> [Ver = | Size = 44660 bytes | Modified Date = 7/31/2008 4:52:27 PM | Attr = HS] {E6C0D0E3-9E9A-489D-AE19-BBCFC7047A59} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Internet Explorer\IEXPLORE32.Sys [] -> [Ver = | Size = 31371 bytes | Modified Date = 8/1/2008 11:41:49 PM | Attr = HS] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {12DA1BC4-5384-42fd-A119-3C99D2D146A2} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Internet Speed Monitor] -> File not found < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {13C1DBF6-7535-495c-91F6-8C13714ED485}:Exec -> %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker [Absolute Poker] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> {F4FBA929-A891-492C-A0F6-5C79CC4F1742}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {F4FBA929-A891-492C-A0F6-5C79CC4F1742}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found {F4FBA929-A891-492C-A0F6-5C79CC4F1742}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {F4FBA929-A891-492C-A0F6-5C79CC4F1742}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {F4FBA929-A891-492C-A0F6-5C79CC4F1742}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {F4FBA929-A891-492C-A0F6-5C79CC4F1742}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKEY_LOCAL_MACHINE] -> %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker [Absolute Poker] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{F4FBA929-A891-492C-A0F6-5C79CC4F1742} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Download All Files by HiDownload -> %ProgramFiles%\StreamingStar\HiDownload\HDGetAll.htm -> File not found Download by HiDownload -> %ProgramFiles%\StreamingStar\HiDownload\HDGet.htm -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\Software\Microsoft\Internet Explorer\Extensions\ -> {F4FBA929-A891-492C-A0F6-5C79CC4F1742}\\ButtonText [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {F4FBA929-A891-492C-A0F6-5C79CC4F1742}\\CLSID [HKEY_LOCAL_MACHINE] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found {F4FBA929-A891-492C-A0F6-5C79CC4F1742}\\Default Visible [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {F4FBA929-A891-492C-A0F6-5C79CC4F1742}\\Exec [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {F4FBA929-A891-492C-A0F6-5C79CC4F1742}\\HotIcon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found {F4FBA929-A891-492C-A0F6-5C79CC4F1742}\\Icon [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{13C1DBF6-7535-495c-91F6-8C13714ED485} [HKEY_LOCAL_MACHINE] -> %UserProfile%\Start Menu\Programs\Absolute Poker\Absolute Poker [Absolute Poker] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{F4FBA929-A891-492C-A0F6-5C79CC4F1742} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\] > -> HKEY_USERS\S-1-5-21-776561741-1645522239-682003330-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> Download All Files by HiDownload -> %ProgramFiles%\StreamingStar\HiDownload\HDGetAll.htm -> File not found Download by HiDownload -> %ProgramFiles%\StreamingStar\HiDownload\HDGet.htm -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {04FAC9F7-3E29-4B4E-B5B4-E645A8B95C42} -> (Linksys Wireless-G USB Network Adapter with SpeedBooster) -> {6DB1C4B0-D02D-42CE-8D8F-045DD03FDD02} -> () -> {E7518322-741B-4074-A8A1-041741668B35} -> (Scientific-Atlanta WebSTAR 2000 series Cable Modem) -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ not found. -> -> [Registry - Additional Scans - Non-Microsoft Only] < Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved -> {1CDB2949-8F65-4355-8456-263E7C208A5D} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nvshell.dll [Desktop Explorer] -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 462848 bytes | Modified Date = 10/29/2004 4:50:00 PM | Attr = ] {1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nvshell.dll [Desktop Explorer Menu] -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 462848 bytes | Modified Date = 10/29/2004 4:50:00 PM | Attr = ] {1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nvshell.dll [nView Desktop Context Menu] -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 462848 bytes | Modified Date = 10/29/2004 4:50:00 PM | Attr = ] {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Media Band] -> File not found {42071714-76d4-11d1-8b24-00a0c9068ff3} [HKEY_LOCAL_MACHINE] -> [Display Panning CPL Extension] -> File not found {44440D00-FF19-4AFC-B765-9A0970567D97} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\uxtuneup.dll [TuneUp Theme Extension] -> TuneUp Software GmbH [Ver = 2.0.0.12 | Size = 28416 bytes | Modified Date = 5/29/2008 9:28:54 AM | Attr = ] {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\TuneUp Utilities 2008\SDShelEx-win32.dll [TuneUp Shredder Shell Extension] -> TuneUp Software GmbH [Ver = 2.0.0.4 | Size = 27656 bytes | Modified Date = 5/27/2008 1:39:20 PM | Attr = ] {764BF0E1-F219-11ce-972D-00AA00A14F56} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Shell extensions for file compression] -> File not found {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Encryption Context Menu] -> File not found {88895560-9AA2-1069-930E-00AA0030EBC8} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ] {A70C977A-BF00-412C-90B7-034C51DA2439} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nvcpl.dll [NvCpl DesktopContext Class] -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 4620288 bytes | Modified Date = 10/29/2004 4:50:00 PM | Attr = ] {B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 128512 bytes | Modified Date = 5/22/2007 10:59:22 AM | Attr = ] {FFB699E0-306A-11d3-8BD1-00104B6F7516} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\nvcpl.dll [Play on my TV helper] -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 4620288 bytes | Modified Date = 10/29/2004 4:50:00 PM | Attr = ] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 788 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 42 E2 02 99 EE C5 9D 63 23 4D AC 5F D0 0A 72 8B 37 31 30 31 61 33 39 62 00 68 07 00 01 00 00 00 D8 00 00 00 DC 00 00 00 48 FA 06 00 D6 48 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 7E 6E C8 06 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> F2 7E 52 3D A5 3B A6 B3 60 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 4E DB CB 81 82 68 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 22 83 F8 9E 79 99 1E 72 28 9D C6 91 0D 8F F3 C6 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 94 1A DB A1 02 EF C7 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 CE 2E 70 DF 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 6408 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Opera 9\Opera.exe -> %ProgramFiles%\Opera 9\Opera.exe [C:\Program Files\Opera 9\Opera.exe:*:Disabled:Opera Internet Browser] -> Opera Software [Ver = 8808 | Size = 79360 bytes | Modified Date = 8/9/2007 12:21:56 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Disabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 12/10/2007 5:53:59 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DC++\DCPlusPlus.exe -> %ProgramFiles%\DC++\DCPlusPlus.exe [C:\Program Files\DC++\DCPlusPlus.exe:*:Disabled:DC++] -> [Ver = 0, 6, 9, 9 | Size = 1716224 bytes | Modified Date = 12/18/2006 5:18:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Silkroad\SilkErrSender.exe -> %SystemDrive%\Silkroad\SilkErrSender.exe [C:\Silkroad\SilkErrSender.exe:*:Disabled:FTPSender MFC ?? ????] -> [Ver = 1, 0, 0, 1 | Size = 139264 bytes | Modified Date = 1/31/2005 5:39:32 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Silkroad\ag\nuConnector70.exe -> %SystemDrive%\Silkroad\ag\nuConnector70.exe [C:\Silkroad\ag\nuConnector70.exe:*:Disabled:nuConnector70] -> [Ver = | Size = 242688 bytes | Modified Date = 7/6/2008 10:54:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Jesus\Desktop\nuConnector70.exe -> %UserProfile%\Desktop\nuConnector70.exe [C:\Documents and Settings\Jesus\Desktop\nuConnector70.exe:*:Disabled:nuConnector70] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Silkroad\Silkroad.exe -> %SystemDrive%\Silkroad\Silkroad.exe [C:\Silkroad\Silkroad.exe:*:Disabled:Silkroad] -> [Ver = 1, 0, 0, 1 | Size = 765952 bytes | Modified Date = 11/21/2007 10:08:30 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\InterVideo\DVD8\WinDVD.exe -> %ProgramFiles%\InterVideo\DVD8\WinDVD.exe [C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Disabled:WinDVD] -> InterVideo Inc. [Ver = 8.0.6.109 | Size = 726552 bytes | Modified Date = 3/20/2007 2:38:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 12:56:58 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> aswUpdSv -> -> avast! Antivirus -> -> avast! Mail Scanner -> -> avast! Web Scanner -> -> < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> bndfxdh hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\bndfxdh.exe -> [Ver = | Size = 15297 bytes | Modified Date = 7/31/2008 4:52:46 PM | Attr = ] ezShieldProtector for Px hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 11:29:26 AM | Attr = ] iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found NvCplDaemon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 4620288 bytes | Modified Date = 10/29/2004 4:50:00 PM | Attr = ] nwiz hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.6693 | Size = 921600 bytes | Modified Date = 10/29/2004 4:50:00 PM | Attr = ] < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> -> File not found .cmd [@ = cmdfile] -> -> File not found .com [@ = comfile] -> -> File not found .exe [@ = exefile] -> -> File not found .pif [@ = piffile] -> -> File not found .scr [@ = scrfile] -> -> File not found [Files/Folders - Created Within 90 days] 02F14B43 -> %SystemDrive%\02F14B43 -> [Folder | Created Date = 7/31/2008 4:42:09 PM | Attr = HS] 02F15025 -> %SystemDrive%\02F15025 -> [Folder | Created Date = 7/31/2008 4:42:10 PM | Attr = HS] ATI -> %SystemDrive%\ATI -> [Folder | Created Date = 5/22/2008 5:37:05 PM | Attr = ] driver -> %SystemDrive%\driver -> [Folder | Created Date = 5/23/2008 10:07:11 AM | Attr = ] emsf.bat -> %SystemDrive%\emsf.bat -> [Ver = | Size = 102 bytes | Created Date = 7/31/2008 4:53:46 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2147012608 bytes | Created Date = 8/1/2008 12:11:23 AM | Attr = HS] hidownload -> %SystemDrive%\hidownload -> [Folder | Created Date = 5/13/2008 1:13:07 PM | Attr = ] IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 331 bytes | Created Date = 8/1/2008 8:15:02 PM | Attr = H ] Silkroad -> %SystemDrive%\Silkroad -> [Folder | Created Date = 5/23/2008 11:48:54 AM | Attr = ] SaiBus.sys -> %SystemRoot%\System32\drivers\SaiBus.sys -> Saitek [Ver = 6.0.10.7 | Size = 35200 bytes | Created Date = 6/10/2008 2:37:36 PM | Attr = ] SaiH80C1.sys -> %SystemRoot%\System32\drivers\SaiH80C1.sys -> Saitek [Ver = 6.0.10.7 | Size = 136320 bytes | Created Date = 6/10/2008 2:30:22 PM | Attr = ] SaiMini.sys -> %SystemRoot%\System32\drivers\SaiMini.sys -> Saitek [Ver = 6.0.10.7 | Size = 14080 bytes | Created Date = 6/10/2008 3:05:37 PM | Attr = ] WINFOXIO.sys -> %SystemRoot%\System32\drivers\WINFOXIO.sys -> Leadtek Research Inc. [Ver = 5.13.01.2003-1.17 | Size = 9469 bytes | Created Date = 5/23/2008 12:02:45 PM | Attr = ] adsntzt.dll -> %SystemRoot%\System32\adsntzt.dll -> [Ver = | Size = 767264 bytes | Created Date = 7/31/2008 4:45:52 PM | Attr = ] adsntzt.nls -> %SystemRoot%\System32\adsntzt.nls -> [Ver = | Size = 288 bytes | Created Date = 7/31/2008 4:45:53 PM | Attr = ] aliens.dll -> %SystemRoot%\System32\aliens.dll -> [Ver = | Size = 28672 bytes | Created Date = 7/31/2008 4:46:12 PM | Attr = ] baccops.dll -> %SystemRoot%\System32\baccops.dll -> [Ver = | Size = 24576 bytes | Created Date = 7/31/2008 4:46:31 PM | Attr = ] bfcccb2_d.ocx -> %SystemRoot%\System32\bfcccb2_d.ocx -> [Ver = | Size = 23 bytes | Created Date = 5/23/2008 10:33:09 AM | Attr = ] bndfxdh.cfg -> %SystemRoot%\System32\bndfxdh.cfg -> [Ver = | Size = 144 bytes | Created Date = 7/31/2008 4:52:46 PM | Attr = HS] bndfxdh.exe -> %SystemRoot%\System32\bndfxdh.exe -> [Ver = | Size = 15297 bytes | Created Date = 7/31/2008 4:52:46 PM | Attr = ] businesn.dll -> %SystemRoot%\System32\businesn.dll -> [Ver = | Size = 24576 bytes | Created Date = 7/31/2008 4:43:14 PM | Attr = ] ccohole.dll -> %SystemRoot%\System32\ccohole.dll -> [Ver = | Size = 28672 bytes | Created Date = 7/31/2008 4:48:08 PM | Attr = ] certmgrkd.dll -> %SystemRoot%\System32\certmgrkd.dll -> [Ver = | Size = 692000 bytes | Created Date = 7/31/2008 4:47:10 PM | Attr = ] certmgrkd.nls -> %SystemRoot%\System32\certmgrkd.nls -> [Ver = | Size = 288 bytes | Created Date = 7/31/2008 4:47:10 PM | Attr = ] cliconfgzx.dll -> %SystemRoot%\System32\cliconfgzx.dll -> [Ver = | Size = 712852 bytes | Created Date = 7/31/2008 4:44:32 PM | Attr = ] cliconfgzx.nls -> %SystemRoot%\System32\cliconfgzx.nls -> [Ver = | Size = 148 bytes | Created Date = 7/31/2008 4:44:32 PM | Attr = ] cmopes.dll -> %SystemRoot%\System32\cmopes.dll -> [Ver = | Size = 28672 bytes | Created Date = 7/31/2008 4:48:28 PM | Attr = ] ddccacef3_d.dll -> %SystemRoot%\System32\ddccacef3_d.dll -> [Ver = | Size = 23 bytes | Created Date = 5/23/2008 10:33:09 AM | Attr = HS] ddserh.dll -> %SystemRoot%\System32\ddserh.dll -> [Ver = | Size = 272384 bytes | Created Date = 7/31/2008 4:48:47 PM | Attr = H ] dearnts.dll -> %SystemRoot%\System32\dearnts.dll -> [Ver = | Size = 24576 bytes | Created Date = 7/31/2008 4:47:30 PM | Attr = ] esceps.dll -> %SystemRoot%\System32\esceps.dll -> [Ver = | Size = 28672 bytes | Created Date = 7/31/2008 4:44:52 PM | Attr = ] hourpx2.dll -> %SystemRoot%\System32\hourpx2.dll -> [Ver = | Size = 28672 bytes | Created Date = 7/31/2008 4:52:04 PM | Attr = ] joause.dll -> %SystemRoot%\System32\joause.dll -> [Ver = | Size = 24576 bytes | Created Date = 7/31/2008 4:53:06 PM | Attr = ] jolinos.dll -> %SystemRoot%\System32\jolinos.dll -> [Ver = | Size = 24576 bytes | Created Date = 7/31/2008 4:47:49 PM | Attr = ] lweurqhx.dll -> %SystemRoot%\System32\lweurqhx.dll -> [Ver = | Size = 1002412 bytes | Created Date = 7/31/2008 4:49:28 PM | Attr = ] lweurqhx.nls -> %SystemRoot%\System32\lweurqhx.nls -> [Ver = | Size = 428 bytes | Created Date = 7/31/2008 4:49:29 PM | Attr = ] manleu.dll -> %SystemRoot%\System32\manleu.dll -> [Ver = | Size = 24576 bytes | Created Date = 7/31/2008 4:45:30 PM | Attr = ] mttwfh.dll -> %SystemRoot%\System32\mttwfh.dll -> [Ver = | Size = 279552 bytes | Created Date = 7/31/2008 4:43:34 PM | Attr = H ] nvgart.nvu -> %SystemRoot%\System32\nvgart.nvu -> [Ver = | Size = 2124 bytes | Created Date = 5/23/2008 10:08:11 AM | Attr = ] nvide.nvu -> %SystemRoot%\System32\nvide.nvu -> [Ver = | Size = 464 bytes | Created Date = 5/23/2008 10:09:20 AM | Attr = ] nvnrm.nvu -> %SystemRoot%\System32\nvnrm.nvu -> [Ver = | Size = 2509 bytes | Created Date = 5/23/2008 10:08:15 AM | Attr = ] nvsmb.nvu -> %SystemRoot%\System32\nvsmb.nvu -> [Ver = | Size = 789 bytes | Created Date = 5/23/2008 10:08:14 AM | Attr = ] nvugart.exe -> %SystemRoot%\System32\nvugart.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Created Date = 5/23/2008 10:08:11 AM | Attr = ] nvuide.exe -> %SystemRoot%\System32\nvuide.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Created Date = 5/23/2008 10:09:20 AM | Attr = ] nvunrm.exe -> %SystemRoot%\System32\nvunrm.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Created Date = 5/23/2008 10:08:15 AM | Attr = ] nvusmb.exe -> %SystemRoot%\System32\nvusmb.exe -> NVIDIA Corporation [Ver = 1 , 0 , 1 , 56 | Size = 356352 bytes | Created Date = 5/23/2008 10:08:14 AM | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 5/13/2008 1:06:52 PM | Attr = ] SaiC80C1.Dll -> %SystemRoot%\System32\SaiC80C1.Dll -> [Ver = | Size = 1589248 bytes | Created Date = 6/10/2008 2:30:22 PM | Attr = ] SaiC80C1_0402.dll -> %SystemRoot%\System32\SaiC80C1_0402.dll -> [Ver = | Size = 7168 bytes | Created Date = 6/10/2008 2:30:27 PM | Attr = ] SaiC80C1_07.dll -> %SystemRoot%\System32\SaiC80C1_07.dll -> [Ver = | Size = 8192 bytes | Created Date = 6/10/2008 2:30:27 PM | Attr = ] SaiC80C1_09.dll -> %SystemRoot%\System32\SaiC80C1_09.dll -> [Ver = | Size = 7680 bytes | Created Date = 6/10/2008 2:30:27 PM | Attr = ] SaiC80C1_0A.dll -> %SystemRoot%\System32\SaiC80C1_0A.dll -> [Ver = | Size = 8192 bytes | Created Date = 6/10/2008 2:30:27 PM | Attr = ] SaiC80C1_0C.dll -> %SystemRoot%\System32\SaiC80C1_0C.dll -> [Ver = | Size = 8704 bytes | Created Date = 6/10/2008 2:30:27 PM | Attr = ] SaiC80C1_10.dll -> %SystemRoot%\System32\SaiC80C1_10.dll -> [Ver = | Size = 8192 bytes | Created Date = 6/10/2008 2:30:27 PM | Attr = ] SaiC80C1_11.dll -> %SystemRoot%\System32\SaiC80C1_11.dll -> [Ver = | Size = 5632 bytes | Created Date = 6/10/2008 2:30:27 PM | Attr = ] SaiD80C1.pr0 -> %SystemRoot%\System32\SaiD80C1.pr0 -> [Ver = | Size = 63600 bytes | Created Date = 6/10/2008 2:30:22 PM | Attr = R ] sgdewg.dll -> %SystemRoot%\System32\sgdewg.dll -> [Ver = | Size = 225792 bytes | Created Date = 7/31/2008 4:44:13 PM | Attr = H ] slbiopfs2.dll -> %SystemRoot%\System32\slbiopfs2.dll -> [Ver = | Size = 954796 bytes | Created Date = 7/31/2008 4:51:05 PM | Attr = ] slbiopfs2.nls -> %SystemRoot%\System32\slbiopfs2.nls -> [Ver = | Size = 428 bytes | Created Date = 7/31/2008 4:51:06 PM | Attr = ] sys07002.sys -> %SystemRoot%\System32\sys07002.sys -> [Ver = | Size = 2620 bytes | Created Date = 7/31/2008 4:51:45 PM | Attr = ] tdggrz.dll -> %SystemRoot%\System32\tdggrz.dll -> [Ver = | Size = 218624 bytes | Created Date = 7/31/2008 4:49:48 PM | Attr = H ] therbrek.dll -> %SystemRoot%\System32\therbrek.dll -> [Ver = | Size = 24576 bytes | Created Date = 7/31/2008 4:50:46 PM | Attr = ] Thumbs.db -> %SystemRoot%\System32\Thumbs.db -> [Ver = | Size = 5120 bytes | Created Date = 6/26/2008 2:54:16 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemRoot%\System32\Thumbs.db:encryptable tiplict.dll -> %SystemRoot%\System32\tiplict.dll -> [Ver = | Size = 24576 bytes | Created Date = 7/31/2008 4:43:53 PM | Attr = ] tscfgwmijxsj.dll -> %SystemRoot%\System32\tscfgwmijxsj.dll -> [Ver = | Size = 627116 bytes | Created Date = 7/31/2008 4:45:11 PM | Attr = ] tscfgwmijxsj.nls -> %SystemRoot%\System32\tscfgwmijxsj.nls -> [Ver = | Size = 428 bytes | Created Date = 7/31/2008 4:45:11 PM | Attr = ] TuneUpDefragService.exe -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.16 | Size = 355584 bytes | Created Date = 7/7/2008 1:47:50 PM | Attr = ] usbmonjx2.dll -> %SystemRoot%\System32\usbmonjx2.dll -> [Ver = | Size = 608404 bytes | Created Date = 7/31/2008 4:50:07 PM | Attr = ] usbmonjx2.nls -> %SystemRoot%\System32\usbmonjx2.nls -> [Ver = | Size = 148 bytes | Created Date = 7/31/2008 4:50:08 PM | Attr = ] uxtuneup.dll -> %SystemRoot%\System32\uxtuneup.dll -> TuneUp Software GmbH [Ver = 2.0.0.12 | Size = 28416 bytes | Created Date = 7/7/2008 1:47:50 PM | Attr = ] wcnonpe.dll -> %SystemRoot%\System32\wcnonpe.dll -> [Ver = | Size = 24576 bytes | Created Date = 7/31/2008 4:42:55 PM | Attr = ] wdhotem.dll -> %SystemRoot%\System32\wdhotem.dll -> [Ver = | Size = 28672 bytes | Created Date = 7/31/2008 4:42:36 PM | Attr = ] wdhotemk.exe -> %SystemRoot%\System32\wdhotemk.exe -> [Ver = | Size = 11776 bytes | Created Date = 7/31/2008 4:42:36 PM | Attr = ] WinFast -> %SystemRoot%\System32\WinFast -> [Folder | Created Date = 7/7/2008 10:47:39 AM | Attr = ] WinFox -> %SystemRoot%\System32\WinFox -> [Folder | Created Date = 7/7/2008 10:47:39 AM | Attr = ] xolehlpjh.dll -> %SystemRoot%\System32\xolehlpjh.dll -> [Ver = | Size = 759724 bytes | Created Date = 7/31/2008 4:49:08 PM | Attr = ] xolehlpjh.nls -> %SystemRoot%\System32\xolehlpjh.nls -> [Ver = | Size = 428 bytes | Created Date = 7/31/2008 4:49:08 PM | Attr = ] zlcdps.dll -> %SystemRoot%\System32\zlcdps.dll -> [Ver = | Size = 24576 bytes | Created Date = 7/31/2008 4:50:27 PM | Attr = ] zycdex.dll -> %SystemRoot%\System32\zycdex.dll -> [Ver = | Size = 225792 bytes | Created Date = 7/31/2008 4:46:51 PM | Attr = H ] LastGood(2) -> %SystemRoot%\LastGood(2) -> [Folder | Created Date = 6/26/2008 9:53:05 PM | Attr = ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 6/10/2008 9:21:38 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 6/7/2008 4:08:06 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 6/7/2008 4:08:06 PM | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Saitek -> %AllUsersProfile%\Application Data\Saitek -> [Folder | Created Date = 6/10/2008 5:01:27 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Created Date = 5/23/2008 10:37:39 AM | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Created Date = 6/23/2008 3:29:31 PM | Attr = ] InfraRecorder -> %AppData%\InfraRecorder -> [Folder | Created Date = 5/23/2008 4:47:57 AM | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Created Date = 7/7/2008 10:48:26 AM | Attr = ] Saitek SD6 Profiles -> %AllUsersProfile%\Documents\Saitek SD6 Profiles -> [Folder | Created Date = 6/10/2008 2:38:31 PM | Attr = ] 02.mpg -> %UserProfile%\My Documents\02.mpg -> [Ver = | Size = 2957316 bytes | Created Date = 7/29/2008 5:13:12 PM | Attr = ] aim0912t.exe -> %UserProfile%\My Documents\aim0912t.exe -> America Online, Inc. [Ver = 1.9.13.1.1 | Size = 399972 bytes | Created Date = 8/1/2008 8:15:44 PM | Attr = ] bazookasetup.exe -> %UserProfile%\My Documents\bazookasetup.exe -> [Ver = | Size = 744529 bytes | Created Date = 8/1/2008 1:44:54 AM | Attr = ] HJTInstall.exe -> %UserProfile%\My Documents\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Created Date = 8/1/2008 2:04:24 AM | Attr = ] Install_AIM.exe -> %UserProfile%\My Documents\Install_AIM.exe -> AOL LLC. [Ver = 6.8.10.1 | Size = 14287528 bytes | Created Date = 8/1/2008 8:14:34 PM | Attr = ] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Created Date = 6/23/2008 3:30:31 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 565 bytes | Created Date = 6/23/2008 3:31:26 PM | Attr = ] nView.reg -> %UserProfile%\My Documents\nView.reg -> [Ver = | Size = 165428 bytes | Created Date = 8/1/2008 1:51:53 AM | Attr = ] O -> %UserProfile%\My Documents\O -> [Folder | Created Date = 7/21/2008 1:18:57 AM | Attr = ] Shortcut to jesusresume.lnk -> %UserProfile%\My Documents\Shortcut to jesusresume.lnk -> [Ver = | Size = 284 bytes | Created Date = 7/7/2008 4:33:14 PM | Attr = ] TU2008TrialEN.exe -> %UserProfile%\My Documents\TU2008TrialEN.exe -> [Ver = | Size = 14997248 bytes | Created Date = 7/7/2008 1:45:00 PM | Attr = ] V07668_big_05.mpg -> %UserProfile%\My Documents\V07668_big_05.mpg -> [Ver = | Size = 2533380 bytes | Created Date = 7/29/2008 5:12:31 PM | Attr = ] Chakrasyogi.jpg -> %UserProfile%\Desktop\Chakrasyogi.jpg -> [Ver = | Size = 36809 bytes | Created Date = 7/14/2008 6:50:22 PM | Attr = ] Maps -> %UserProfile%\Desktop\Maps -> [Folder | Created Date = 7/9/2008 3:23:36 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 8/2/2008 1:14:38 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 8/2/2008 1:12:47 PM | Attr = ] Silkroad.lnk -> %UserProfile%\Desktop\Silkroad.lnk -> [Ver = | Size = 1360 bytes | Created Date = 5/23/2008 11:53:22 AM | Attr = ] Apple -> %CommonProgramFiles%\Apple -> [Folder | Created Date = 6/7/2008 4:06:31 PM | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Created Date = 6/23/2008 3:29:42 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 7/7/2008 10:50:54 AM | Attr = ] Apple Software Update -> %ProgramFiles%\Apple Software Update -> [Folder | Created Date = 6/7/2008 4:06:46 PM | Attr = ] Bazooka Scanner -> %ProgramFiles%\Bazooka Scanner -> [Folder | Created Date = 6/23/2008 5:20:04 PM | Attr = ] Lavasoft -> %ProgramFiles%\Lavasoft -> [Folder | Created Date = 7/7/2008 10:50:58 AM | Attr = ] QuickTime -> %ProgramFiles%\QuickTime -> [Folder | Created Date = 6/7/2008 4:07:01 PM | Attr = ] Saitek -> %ProgramFiles%\Saitek -> [Folder | Created Date = 6/10/2008 2:37:34 PM | Attr = ] Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [Folder | Created Date = 7/7/2008 10:47:37 AM | Attr = ] StreamingStar -> %ProgramFiles%\StreamingStar -> [Folder | Created Date = 7/7/2008 10:50:53 AM | Attr = ] TuneUp Utilities 2008 -> %ProgramFiles%\TuneUp Utilities 2008 -> [Folder | Created Date = 7/7/2008 1:47:16 PM | Attr = ] Widestep Software -> %ProgramFiles%\Widestep Software -> [Folder | Created Date = 6/23/2008 5:23:19 PM | Attr = ] Windows Live -> %ProgramFiles%\Windows Live -> [Folder | Created Date = 6/23/2008 3:29:37 PM | Attr = ] [Files/Folders - Modified Within 90 days] 02F14B43 -> %SystemDrive%\02F14B43 -> [Folder | Modified Date = 7/31/2008 4:42:10 PM | Attr = HS] 02F15025 -> %SystemDrive%\02F15025 -> [Folder | Modified Date = 7/31/2008 4:53:49 PM | Attr = HS] ATI -> %SystemDrive%\ATI -> [Folder | Modified Date = 5/22/2008 5:37:05 PM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 8/2/2008 1:10:32 PM | Attr = RHS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 7/7/2008 1:47:44 PM | Attr = HS] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 5/22/2008 5:05:31 PM | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 7/7/2008 10:50:30 AM | Attr = R ] driver -> %SystemDrive%\driver -> [Folder | Modified Date = 5/23/2008 10:07:11 AM | Attr = ] emsf.bat -> %SystemDrive%\emsf.bat -> [Ver = | Size = 102 bytes | Modified Date = 7/31/2008 4:53:46 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 2147012608 bytes | Modified Date = 8/2/2008 1:11:20 PM | Attr = HS] hidownload -> %SystemDrive%\hidownload -> [Folder | Modified Date = 5/13/2008 3:37:54 PM | Attr = ] IPH.PH -> %SystemDrive%\IPH.PH -> [Ver = | Size = 331 bytes | Modified Date = 8/1/2008 8:15:03 PM | Attr = H ] NVIDIA -> %SystemDrive%\NVIDIA -> [Folder | Modified Date = 5/22/2008 5:38:38 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/1/2008 11:39:36 PM | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 5/22/2008 5:05:53 PM | Attr = HS] Silkroad -> %SystemDrive%\Silkroad -> [Folder | Modified Date = 8/1/2008 3:05:03 AM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/2/2008 1:11:47 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 7/27/2008 2:41:09 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 5/7/2008 1:18:48 AM | Attr = ] adsntzt.dll -> %SystemRoot%\System32\adsntzt.dll -> [Ver = | Size = 767264 bytes | Modified Date = 7/31/2008 4:45:53 PM | Attr = ] adsntzt.nls -> %SystemRoot%\System32\adsntzt.nls -> [Ver = | Size = 288 bytes | Modified Date = 7/31/2008 4:45:53 PM | Attr = ] aliens.dll -> %SystemRoot%\System32\aliens.dll -> [Ver = | Size = 28672 bytes | Modified Date = 7/31/2008 4:46:12 PM | Attr = ] baccops.dll -> %SystemRoot%\System32\baccops.dll -> [Ver = | Size = 24576 bytes | Modified Date = 7/31/2008 4:46:31 PM | Attr = ] bfcccb2_d.ocx -> %SystemRoot%\System32\bfcccb2_d.ocx -> [Ver = | Size = 23 bytes | Modified Date = 5/23/2008 10:33:09 AM | Attr = ] bndfxdh.cfg -> %SystemRoot%\System32\bndfxdh.cfg -> [Ver = | Size = 144 bytes | Modified Date = 8/1/2008 1:42:45 AM | Attr = HS] bndfxdh.exe -> %SystemRoot%\System32\bndfxdh.exe -> [Ver = | Size = 15297 bytes | Modified Date = 7/31/2008 4:52:46 PM | Attr = ] businesn.dll -> %SystemRoot%\System32\businesn.dll -> [Ver = | Size = 24576 bytes | Modified Date = 7/31/2008 4:43:14 PM | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 7/8/2008 5:42:13 PM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/1/2008 11:34:22 PM | Attr = ] ccohole.dll -> %SystemRoot%\System32\ccohole.dll -> [Ver = | Size = 28672 bytes | Modified Date = 7/31/2008 4:48:08 PM | Attr = ] certmgrkd.dll -> %SystemRoot%\System32\certmgrkd.dll -> [Ver = | Size = 692000 bytes | Modified Date = 7/31/2008 4:47:10 PM | Attr = ] certmgrkd.nls -> %SystemRoot%\System32\certmgrkd.nls -> [Ver = | Size = 288 bytes | Modified Date = 7/31/2008 4:47:10 PM | Attr = ] cliconfgzx.dll -> %SystemRoot%\System32\cliconfgzx.dll -> [Ver = | Size = 712852 bytes | Modified Date = 7/31/2008 4:44:32 PM | Attr = ] cliconfgzx.nls -> %SystemRoot%\System32\cliconfgzx.nls -> [Ver = | Size = 148 bytes | Modified Date = 7/31/2008 4:44:32 PM | Attr = ] cmopes.dll -> %SystemRoot%\System32\cmopes.dll -> [Ver = | Size = 28672 bytes | Modified Date = 7/31/2008 4:48:28 PM | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 7/7/2008 10:51:14 AM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 5/26/2008 11:19:49 PM | Attr = ] ddccacef3_d.dll -> %SystemRoot%\System32\ddccacef3_d.dll -> [Ver = | Size = 23 bytes | Modified Date = 5/23/2008 10:33:09 AM | Attr = HS] ddserh.dll -> %SystemRoot%\System32\ddserh.dll -> [Ver = | Size = 272384 bytes | Modified Date = 7/31/2008 4:48:47 PM | Attr = H ] dearnts.dll -> %SystemRoot%\System32\dearnts.dll -> [Ver = | Size = 24576 bytes | Modified Date = 7/31/2008 4:47:30 PM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 7/31/2008 4:42:14 PM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 7/9/2008 3:03:55 AM | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 7/7/2008 10:50:30 AM | Attr = ] esceps.dll -> %SystemRoot%\System32\esceps.dll -> [Ver = | Size = 28672 bytes | Modified Date = 7/31/2008 4:44:52 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 102232 bytes | Modified Date = 7/7/2008 10:35:25 AM | Attr = ] hourpx2.dll -> %SystemRoot%\System32\hourpx2.dll -> [Ver = | Size = 28672 bytes | Modified Date = 7/31/2008 4:52:04 PM | Attr = ] joause.dll -> %SystemRoot%\System32\joause.dll -> [Ver = | Size = 24576 bytes | Modified Date = 7/31/2008 4:53:06 PM | Attr = ] jolinos.dll -> %SystemRoot%\System32\jolinos.dll -> [Ver = | Size = 24576 bytes | Modified Date = 7/31/2008 4:47:49 PM | Attr = ] lweurqhx.dll -> %SystemRoot%\System32\lweurqhx.dll -> [Ver = | Size = 1002412 bytes | Modified Date = 7/31/2008 4:49:29 PM | Attr = ] lweurqhx.nls -> %SystemRoot%\System32\lweurqhx.nls -> [Ver = | Size = 428 bytes | Modified Date = 7/31/2008 4:49:29 PM | Attr = ] manleu.dll -> %SystemRoot%\System32\manleu.dll -> [Ver = | Size = 24576 bytes | Modified Date = 7/31/2008 4:45:30 PM | Attr = ] mttwfh.dll -> %SystemRoot%\System32\mttwfh.dll -> [Ver = | Size = 279552 bytes | Modified Date = 7/31/2008 4:43:35 PM | Attr = H ] mui -> %SystemRoot%\System32\mui -> [Folder | Modified Date = 7/7/2008 10:19:13 AM | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 17145 bytes | Modified Date = 7/31/2008 3:00:18 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 70828 bytes | Modified Date = 7/19/2008 10:55:11 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 422740 bytes | Modified Date = 7/19/2008 10:55:11 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 500834 bytes | Modified Date = 7/19/2008 10:55:11 AM | Attr = ] quartz.dll -> %SystemRoot%\System32\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 5/7/2008 1:18:48 AM | Attr = ] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [Folder | Modified Date = 6/10/2008 5:20:39 PM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 7/19/2008 11:00:25 AM | Attr = ] sgdewg.dll -> %SystemRoot%\System32\sgdewg.dll -> [Ver = | Size = 225792 bytes | Modified Date = 7/31/2008 4:44:13 PM | Attr = H ] slbiopfs2.dll -> %SystemRoot%\System32\slbiopfs2.dll -> [Ver = | Size = 954796 bytes | Modified Date = 7/31/2008 4:51:06 PM | Attr = ] slbiopfs2.nls -> %SystemRoot%\System32\slbiopfs2.nls -> [Ver = | Size = 428 bytes | Modified Date = 7/31/2008 4:51:06 PM | Attr = ] sys07002.sys -> %SystemRoot%\System32\sys07002.sys -> [Ver = | Size = 2620 bytes | Modified Date = 7/31/2008 4:51:45 PM | Attr = ] tdggrz.dll -> %SystemRoot%\System32\tdggrz.dll -> [Ver = | Size = 218624 bytes | Modified Date = 7/31/2008 4:49:48 PM | Attr = H ] therbrek.dll -> %SystemRoot%\System32\therbrek.dll -> [Ver = | Size = 24576 bytes | Modified Date = 7/31/2008 4:50:46 PM | Attr = ] Thumbs.db -> %SystemRoot%\System32\Thumbs.db -> [Ver = | Size = 5120 bytes | Modified Date = 8/1/2008 2:56:45 AM | Attr = HS] @Alternate Data Stream - 0 bytes -> %SystemRoot%\System32\Thumbs.db:encryptable tiplict.dll -> %SystemRoot%\System32\tiplict.dll -> [Ver = | Size = 24576 bytes | Modified Date = 7/31/2008 4:43:53 PM | Attr = ] tscfgwmijxsj.dll -> %SystemRoot%\System32\tscfgwmijxsj.dll -> [Ver = | Size = 627116 bytes | Modified Date = 7/31/2008 4:45:11 PM | Attr = ] tscfgwmijxsj.nls -> %SystemRoot%\System32\tscfgwmijxsj.nls -> [Ver = | Size = 428 bytes | Modified Date = 7/31/2008 4:45:11 PM | Attr = ] TuneUpDefragService.exe -> %SystemRoot%\System32\TuneUpDefragService.exe -> TuneUp Software GmbH [Ver = 1.1.0.16 | Size = 355584 bytes | Modified Date = 7/7/2008 1:47:50 PM | Attr = ] usbmonjx2.dll -> %SystemRoot%\System32\usbmonjx2.dll -> [Ver = | Size = 608404 bytes | Modified Date = 7/31/2008 4:50:08 PM | Attr = ] usbmonjx2.nls -> %SystemRoot%\System32\usbmonjx2.nls -> [Ver = | Size = 148 bytes | Modified Date = 7/31/2008 4:50:08 PM | Attr = ] uxtuneup.dll -> %SystemRoot%\System32\uxtuneup.dll -> TuneUp Software GmbH [Ver = 2.0.0.12 | Size = 28416 bytes | Modified Date = 5/29/2008 9:28:54 AM | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 7/7/2008 10:51:07 AM | Attr = ] wcnonpe.dll -> %SystemRoot%\System32\wcnonpe.dll -> [Ver = | Size = 24576 bytes | Modified Date = 7/31/2008 4:42:55 PM | Attr = ] wdhotem.dll -> %SystemRoot%\System32\wdhotem.dll -> [Ver = | Size = 28672 bytes | Modified Date = 7/31/2008 4:42:36 PM | Attr = ] wdhotemk.exe -> %SystemRoot%\System32\wdhotemk.exe -> [Ver = | Size = 11776 bytes | Modified Date = 7/31/2008 4:42:36 PM | Attr = ] WinFast -> %SystemRoot%\System32\WinFast -> [Folder | Modified Date = 7/7/2008 10:47:47 AM | Attr = ] WinFox -> %SystemRoot%\System32\WinFox -> [Folder | Modified Date = 7/7/2008 10:47:39 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 7/28/2008 1:28:49 PM | Attr = ] xolehlpjh.dll -> %SystemRoot%\System32\xolehlpjh.dll -> [Ver = | Size = 759724 bytes | Modified Date = 7/31/2008 4:49:08 PM | Attr = ] xolehlpjh.nls -> %SystemRoot%\System32\xolehlpjh.nls -> [Ver = | Size = 428 bytes | Modified Date = 7/31/2008 4:49:08 PM | Attr = ] zlcdps.dll -> %SystemRoot%\System32\zlcdps.dll -> [Ver = | Size = 24576 bytes | Modified Date = 7/31/2008 4:50:27 PM | Attr = ] zycdex.dll -> %SystemRoot%\System32\zycdex.dll -> [Ver = | Size = 225792 bytes | Modified Date = 7/31/2008 4:46:51 PM | Attr = H ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 7/8/2008 5:42:13 PM | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [Folder | Modified Date = 6/26/2008 2:54:19 PM | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/2/2008 1:11:22 PM | Attr = S] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 7/7/2008 10:47:48 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 6/28/2008 3:00:31 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 7/9/2008 3:05:16 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 7/7/2008 1:47:51 PM | Attr = HS] LastGood(2) -> %SystemRoot%\LastGood(2) -> [Folder | Modified Date = 7/7/2008 10:50:08 AM | Attr = ] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 7/19/2008 10:54:46 AM | Attr = ] nview -> %SystemRoot%\nview -> [Folder | Modified Date = 5/23/2008 12:17:22 PM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/2/2008 1:20:39 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 6/7/2008 4:08:20 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 6/7/2008 4:08:20 PM | Attr = H ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 7/7/2008 10:51:07 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 8/2/2008 1:10:32 PM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/1/2008 1:42:45 AM | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 7/7/2008 1:47:54 PM | Attr = S] temp -> %SystemRoot%\temp -> [Folder | Modified Date = 8/2/2008 1:11:51 PM | Attr = ] Web -> %SystemRoot%\Web -> [Folder | Modified Date = 6/26/2008 2:54:15 PM | Attr = R ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 487 bytes | Modified Date = 8/2/2008 1:10:32 PM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 7/7/2008 10:47:13 AM | Attr = ] 1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 486 bytes | Modified Date = 8/2/2008 1:11:36 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/2/2008 1:11:33 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 9/4/2007 12:40:26 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6812 bytes | Modified Date = 8/2/2008 1:12:29 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6812 bytes | Modified Date = 8/2/2008 1:12:29 PM | Attr = ] C:\Documents and Settings\Jesus\Local Settings\Temp\ -> C:\Documents and Settings\Jesus\Local Settings\Temp -> [Folder | Modified Date = 8/2/2008 1:12:47 PM | Attr = ] c8.jpg.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\c8.jpg.exe -> [Ver = | Size = 24187 bytes | Modified Date = 8/1/2008 11:41:48 PM | Attr = ] ck3.jpg.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\ck3.jpg.exe -> [Ver = | Size = 26782 bytes | Modified Date = 8/1/2008 11:41:48 PM | Attr = ] sa.jpg.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\sa.jpg.exe -> [Ver = | Size = 24203 bytes | Modified Date = 8/1/2008 11:41:49 PM | Attr = ] SETUP.EXE -> C:\Documents and Settings\Jesus\Local Settings\Temp\SETUP.EXE -> [Ver = | Size = 1536 bytes | Modified Date = 7/31/2008 4:42:19 PM | Attr = ] 20 C:\Documents and Settings\Jesus\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jesus\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\ -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1 -> [Folder | Modified Date = 8/1/2008 8:15:01 PM | Attr = ] AIMinst.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\AIMinst.exe -> AOL LLC [Ver = 1.0.0.0 | Size = 1709784 bytes | Modified Date = 6/19/2008 2:32:25 PM | Attr = ] AIMLang.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\AIMLang.exe -> AOL LLC [Ver = 1.0.0.0 | Size = 566264 bytes | Modified Date = 6/19/2008 2:32:27 PM | Attr = ] alsetup.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\alsetup.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 142040 bytes | Modified Date = 6/19/2008 2:32:37 PM | Attr = ] amos.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\amos.exe -> [Ver = | Size = 72464 bytes | Modified Date = 6/19/2008 2:32:29 PM | Attr = ] aoldlmgr.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\aoldlmgr.exe -> AOL LLC [Ver = 1.0.6.0 | Size = 120368 bytes | Modified Date = 6/19/2008 2:32:33 PM | Attr = ] bsetutil.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\bsetutil.exe -> [Ver = 1, 0, 5, 1 | Size = 96608 bytes | Modified Date = 6/19/2008 2:32:36 PM | Attr = ] migrator.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\migrator.exe -> [Ver = 0, 0, 0, 2 | Size = 228704 bytes | Modified Date = 6/19/2008 2:32:29 PM | Attr = ] ocpinst.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\ocpinst.exe -> AOL LLC [Ver = 6.8.10.1 | Size = 5685720 bytes | Modified Date = 6/19/2008 2:32:29 PM | Attr = ] postproc.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\postproc.exe -> AOL LLC. [Ver = 1, 0, 0, 6 | Size = 36912 bytes | Modified Date = 6/19/2008 2:32:23 PM | Attr = ] setup.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\setup.exe -> AOL LLC. [Ver = 11, 8, 0, 0 | Size = 170848 bytes | Modified Date = 6/19/2008 2:32:22 PM | Attr = ] tbsetup.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\tbsetup.exe -> AOL LLC [Ver = 3.3.15.2 | Size = 383128 bytes | Modified Date = 6/19/2008 2:32:31 PM | Attr = ] toolbar.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\toolbar.exe -> AOL LLC [Ver = 1.0.27.2 | Size = 1630600 bytes | Modified Date = 6/19/2008 2:32:37 PM | Attr = ] unagi3.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\unagi3.exe -> [Ver = 3.0.0.0 | Size = 376568 bytes | Modified Date = 6/19/2008 2:32:31 PM | Attr = ] Uninstaller.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\Uninstaller.exe -> [Ver = 1, 0, 0, 1 | Size = 30560 bytes | Modified Date = 6/19/2008 2:32:35 PM | Attr = ] vwpt.exe -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\vwpt.exe -> [Ver = | Size = 2884832 bytes | Modified Date = 6/19/2008 2:32:37 PM | Attr = ] C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\ -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1 -> [Folder | Modified Date = 8/1/2008 8:15:01 PM | Attr = ] AOLFirewallMgr.dll -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\AOLFirewallMgr.dll -> AOL LLC [Ver = 1.3.2.1 | Size = 95792 bytes | Modified Date = 6/19/2008 2:32:24 PM | Attr = ] AOLSearch.dll -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\AOLSearch.dll -> America Online, Inc. [Ver = 1.0.8.1 | Size = 111968 bytes | Modified Date = 6/19/2008 2:32:34 PM | Attr = ] gui.dll -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\gui.dll -> [Ver = | Size = 1008992 bytes | Modified Date = 6/19/2008 2:32:23 PM | Attr = ] imappver.dll -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\imappver.dll -> AOL LLC [Ver = 6.8.10.1 | Size = 13664 bytes | Modified Date = 6/19/2008 2:32:28 PM | Attr = ] instSup.dll -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\instSup.dll -> AOL LLC [Ver = 4,6,1,2 | Size = 75104 bytes | Modified Date = 6/19/2008 2:32:30 PM | Attr = ] ocpchk.dll -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\ocpchk.dll -> AOL LLC [Ver = 4,6,1,2 | Size = 15712 bytes | Modified Date = 6/19/2008 2:32:30 PM | Attr = ] ProgUpd.dll -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\ProgUpd.dll -> AOL LLC. [Ver = 1, 0, 1, 0 | Size = 83808 bytes | Modified Date = 6/19/2008 2:32:22 PM | Attr = ] tbinst.dll -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\tbinst.dll -> AOL LLC [Ver = 3.3.15.2 | Size = 11616 bytes | Modified Date = 6/19/2008 2:32:33 PM | Attr = ] C:\Documents and Settings\Jesus\Local Settings\Temp\ -> C:\Documents and Settings\Jesus\Local Settings\Temp -> [Folder | Modified Date = 8/2/2008 1:12:47 PM | Attr = ] setup.ini -> C:\Documents and Settings\Jesus\Local Settings\Temp\setup.ini -> [Ver = | Size = 3722 bytes | Modified Date = 6/19/2008 2:32:38 PM | Attr = ] 20 C:\Documents and Settings\Jesus\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Jesus\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\ -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1 -> [Folder | Modified Date = 8/1/2008 8:15:01 PM | Attr = ] dlconfig.ini -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\dlconfig.ini -> [Ver = | Size = 49 bytes | Modified Date = 6/19/2008 2:32:38 PM | Attr = ] gui.ini -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\gui.ini -> [Ver = | Size = 4154 bytes | Modified Date = 6/19/2008 2:32:38 PM | Attr = ] post.ini -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\post.ini -> [Ver = | Size = 389 bytes | Modified Date = 6/19/2008 2:32:38 PM | Attr = ] setup.ini -> C:\Documents and Settings\Jesus\Local Settings\Temp\AIM_6.8.10.1\setup.ini -> [Ver = | Size = 3722 bytes | Modified Date = 6/19/2008 2:32:38 PM | Attr = ] C:\Documents and Settings\Jesus\Local Settings\Temp\History\History.IE5\ -> C:\Documents and Settings\Jesus\Local Settings\Temp\History\History.IE5\ -> [Folder | Modified Date = 7/11/2008 5:29:56 PM | Attr = S] desktop.ini -> C:\Documents and Settings\Jesus\Local Settings\Temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 1/23/2008 7:10:30 AM | Attr = HS] C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 7/11/2008 5:29:54 PM | Attr = S] desktop.ini -> C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/23/2008 7:10:30 AM | Attr = HS] C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\81GTY7ER\ -> C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\81GTY7ER -> [Folder | Modified Date = 1/23/2008 7:10:30 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\81GTY7ER\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/23/2008 7:10:30 AM | Attr = HS] C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\A32NA5CD\ -> C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\A32NA5CD -> [Folder | Modified Date = 1/23/2008 7:10:30 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\A32NA5CD\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/23/2008 7:10:30 AM | Attr = HS] C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\A76J8VQP\ -> C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\A76J8VQP -> [Folder | Modified Date = 1/23/2008 7:10:30 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\A76J8VQP\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/23/2008 7:10:30 AM | Attr = HS] C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDW10NYL\ -> C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDW10NYL -> [Folder | Modified Date = 1/23/2008 7:10:30 AM | Attr = S] desktop.ini -> C:\Documents and Settings\Jesus\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDW10NYL\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/23/2008 7:10:30 AM | Attr = HS] C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [Folder | Modified Date = 7/11/2008 5:29:54 PM | Attr = S] desktop.ini -> C:\WINDOWS\temp\History\History.IE5\desktop.ini -> [Ver = | Size = 113 bytes | Modified Date = 1/7/2008 10:48:02 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [Folder | Modified Date = 1/7/2008 10:48:02 PM | Attr = S] desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/7/2008 10:48:02 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\G56J4PIV\ -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\G56J4PIV -> [Folder | Modified Date = 7/11/2008 5:29:54 PM | Attr = S] desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\G56J4PIV\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/7/2008 10:48:02 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KD6ZW9UV\ -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\KD6ZW9UV -> [Folder | Modified Date = 7/11/2008 5:29:54 PM | Attr = S] desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\KD6ZW9UV\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/7/2008 10:48:02 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\STMB4PYF\ -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\STMB4PYF -> [Folder | Modified Date = 7/11/2008 5:29:54 PM | Attr = S] desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\STMB4PYF\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/7/2008 10:48:02 PM | Attr = HS] C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\WTYZG5IB\ -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\WTYZG5IB -> [Folder | Modified Date = 7/11/2008 5:29:54 PM | Attr = S] desktop.ini -> C:\WINDOWS\temp\Temporary Internet Files\Content.IE5\WTYZG5IB\desktop.ini -> [Ver = | Size = 67 bytes | Modified Date = 1/7/2008 10:48:02 PM | Attr = HS] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Apple Computer -> %AllUsersProfile%\Application Data\Apple Computer -> [Folder | Modified Date = 7/7/2008 10:48:26 AM | Attr = ] Gtek -> %AllUsersProfile%\Application Data\Gtek -> [Folder | Modified Date = 5/22/2008 10:58:21 AM | Attr = H ] Microsoft -> %AllUsersProfile%\Application Data\Microsoft -> [Folder | Modified Date = 6/23/2008 3:20:12 PM | Attr = S] Saitek -> %AllUsersProfile%\Application Data\Saitek -> [Folder | Modified Date = 7/7/2008 10:48:47 AM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 7/7/2008 10:47:50 AM | Attr = ] WLInstaller -> %AllUsersProfile%\Application Data\WLInstaller -> [Folder | Modified Date = 6/23/2008 3:29:31 PM | Attr = ] dvdcss -> %AppData%\dvdcss -> [Folder | Modified Date = 6/28/2008 11:32:27 PM | Attr = ] InfraRecorder -> %AppData%\InfraRecorder -> [Folder | Modified Date = 5/23/2008 4:51:24 AM | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 6/23/2008 3:20:18 PM | Attr = S] U3 -> %AppData%\U3 -> [Folder | Modified Date = 7/7/2008 10:47:22 AM | Attr = ] uTorrent -> %AppData%\uTorrent -> [Folder | Modified Date = 7/7/2008 10:50:48 AM | Attr = ] Adobe -> %UserProfile%\Local Settings\Application Data\Adobe -> [Folder | Modified Date = 5/22/2008 5:45:09 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 140288 bytes | Modified Date = 7/29/2008 5:52:06 PM | Attr = ] Help -> %UserProfile%\Local Settings\Application Data\Help -> [Folder | Modified Date = 7/7/2008 10:48:26 AM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 5888944 bytes | Modified Date = 8/1/2008 3:05:41 AM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 7/21/2008 4:25:25 PM | Attr = ] My Music -> %AllUsersProfile%\Documents\My Music -> [Folder | Modified Date = 6/16/2008 9:06:32 AM | Attr = R ] Saitek SD6 Profiles -> %AllUsersProfile%\Documents\Saitek SD6 Profiles -> [Folder | Modified Date = 6/18/2008 3:08:06 PM | Attr = ] 02.mpg -> %UserProfile%\My Documents\02.mpg -> [Ver = | Size = 2957316 bytes | Modified Date = 7/29/2008 5:13:14 PM | Attr = ] aim0912t.exe -> %UserProfile%\My Documents\aim0912t.exe -> America Online, Inc. [Ver = 1.9.13.1.1 | Size = 399972 bytes | Modified Date = 8/1/2008 8:15:41 PM | Attr = ] bazookasetup.exe -> %UserProfile%\My Documents\bazookasetup.exe -> [Ver = | Size = 744529 bytes | Modified Date = 8/1/2008 1:44:54 AM | Attr = ] dwkt0pSC -> %UserProfile%\My Documents\dwkt0pSC -> [Folder | Modified Date = 7/4/2008 7:23:01 PM | Attr = ] HJTInstall.exe -> %UserProfile%\My Documents\HJTInstall.exe -> Trend Micro Inc. [Ver = 2.00.2 | Size = 812344 bytes | Modified Date = 8/1/2008 2:04:19 AM | Attr = ] Install_AIM.exe -> %UserProfile%\My Documents\Install_AIM.exe -> AOL LLC. [Ver = 6.8.10.1 | Size = 14287528 bytes | Modified Date = 8/1/2008 8:14:57 PM | Attr = ] MPG -> %UserProfile%\My Documents\MPG -> [Folder | Modified Date = 8/1/2008 3:05:03 AM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 6/11/2008 10:54:16 PM | Attr = S] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 7/23/2008 7:27:06 PM | Attr = S] My Received Files -> %UserProfile%\My Documents\My Received Files -> [Folder | Modified Date = 6/23/2008 3:30:31 PM | Attr = ] My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [Ver = | Size = 565 bytes | Modified Date = 6/23/2008 3:31:27 PM | Attr = ] nView.reg -> %UserProfile%\My Documents\nView.reg -> [Ver = | Size = 165428 bytes | Modified Date = 8/1/2008 1:51:53 AM | Attr = ] O -> %UserProfile%\My Documents\O -> [Folder | Modified Date = 7/22/2008 8:54:37 AM | Attr = ] papel -> %UserProfile%\My Documents\papel -> [Folder | Modified Date = 7/2/2008 5:23:24 PM | Attr = ] randomPaGES -> %UserProfile%\My Documents\randomPaGES -> [Folder | Modified Date = 5/23/2008 2:18:09 PM | Attr = ] Shortcut to jesusresume.lnk -> %UserProfile%\My Documents\Shortcut to jesusresume.lnk -> [Ver = | Size = 284 bytes | Modified Date = 7/7/2008 4:33:14 PM | Attr = ] Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 550912 bytes | Modified Date = 7/29/2008 5:52:08 PM | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable TU2008TrialEN.exe -> %UserProfile%\My Documents\TU2008TrialEN.exe -> [Ver = | Size = 14997248 bytes | Modified Date = 7/7/2008 1:45:19 PM | Attr = ] V07668_big_05.mpg -> %UserProfile%\My Documents\V07668_big_05.mpg -> [Ver = | Size = 2533380 bytes | Modified Date = 7/29/2008 5:12:33 PM | Attr = ] ZZZ -> %UserProfile%\My Documents\ZZZ -> [Folder | Modified Date = 7/25/2008 1:32:00 PM | Attr = ] Chakrasyogi.jpg -> %UserProfile%\Desktop\Chakrasyogi.jpg -> [Ver = | Size = 36809 bytes | Modified Date = 7/14/2008 6:50:22 PM | Attr = ] Maps -> %UserProfile%\Desktop\Maps -> [Folder | Modified Date = 8/2/2008 1:09:50 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 8/2/2008 1:14:38 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 8/2/2008 1:12:18 PM | Attr = ] Silkroad.lnk -> %UserProfile%\Desktop\Silkroad.lnk -> [Ver = | Size = 1360 bytes | Modified Date = 5/23/2008 11:53:22 AM | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 121856 bytes | Modified Date = 8/1/2008 2:47:43 AM | Attr = HS] Apple -> %CommonProgramFiles%\Apple -> [Folder | Modified Date = 6/7/2008 4:06:31 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 6/23/2008 3:29:53 PM | Attr = ] WindowsLiveInstaller -> %CommonProgramFiles%\WindowsLiveInstaller -> [Folder | Modified Date = 7/7/2008 10:50:00 AM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 7/7/2008 1:46:11 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]