[code] OTScanIt logfile created on: 8/19/2008 12:55:57 AM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\ost\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 959.48 Mb Total Physical Memory | 565.18 Mb Available Physical Memory | 58.90% Memory free 1.51 Gb Paging File | 1.20 Gb Available in Paging File | 79.09% Paging File free Paging file location(s): C:\pagefile.sys 672 1344; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 9.32 Gb Total Space | 1.13 Gb Free Space | 12.14% Space Free | Partition Type: FAT32 Drive D: | 9.32 Gb Total Space | 4.62 Gb Free Space | 49.55% Space Free | Partition Type: FAT32 Drive E: | 9.32 Gb Total Space | 5.67 Gb Free Space | 60.87% Space Free | Partition Type: FAT32 Drive F: | 9.31 Gb Total Space | 5.53 Gb Free Space | 59.44% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: WELCOME Current User Name: Welcome Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] cdac11ba.exe -> %SystemRoot%\system32\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.020 | Size = 54784 bytes | Modified Date = 11/14/2007 1:43:08 PM | Attr = ] avpmapp.exe -> %SystemDrive%\PROGRA~1\eScan\VISTA\avpmapp.exe -> MicroWorld Technologies Inc. [Ver = 7, 0, 3, 39 | Size = 92672 bytes | Modified Date = 7/17/2008 11:44:32 AM | Attr = ] traysser.exe -> %SystemDrive%\PROGRA~1\eScan\TRAYSSER.EXE -> MicroWorld Technologies Inc. [Ver = 4, 0, 0, 18 | Size = 78848 bytes | Modified Date = 7/16/2008 5:34:00 PM | Attr = ] googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 5/13/2008 11:54:56 PM | Attr = ] incdsrv.exe -> %ProgramFiles%\Nero\Nero 7\InCD\InCDsrv.exe -> Nero AG [Ver = 5, 5, 2, 8 | Size = 1550896 bytes | Modified Date = 5/15/2007 3:55:46 PM | Attr = ] consctl.exe -> %SystemDrive%\PROGRA~1\eScan\consctl.exe -> MicroWorld Technologies Inc. [Ver = 4, 0, 0, 22 | Size = 75264 bytes | Modified Date = 6/26/2008 12:26:12 PM | Attr = ] mwaser.exe -> %CommonProgramFiles%\MicroWorld\Agent\MWASER.EXE -> MicroWorld Technologies Inc. [Ver = 4.0.1.2 | Size = 415232 bytes | Modified Date = 12/13/2007 7:06:14 PM | Attr = ] mwagent.exe -> %CommonProgramFiles%\MicroWorld\Agent\MWAgent.exe -> MicroWorld Technologies Inc. [Ver = 4.0.2.2 | Size = 531968 bytes | Modified Date = 12/13/2007 6:43:28 PM | Attr = ] tallylicserver.exe -> %SystemDrive%\Tally\tallylicserver.exe -> [Ver = | Size = 61440 bytes | Modified Date = 3/2/2005 8:35:46 AM | Attr = ] tally72.exe -> %SystemDrive%\Tally\Tally72.exe -> [Ver = | Size = 6369744 bytes | Modified Date = 11/14/2007 1:37:34 PM | Attr = ] vttimer.exe -> %SystemRoot%\system32\VTTimer.exe -> S3 Graphics, Inc. [Ver = 2.00.08-0921 | Size = 53248 bytes | Modified Date = 9/21/2006 4:36:18 PM | Attr = ] s3trayp.exe -> %SystemRoot%\system32\S3trayp.exe -> S3 Graphics Co., Ltd. [Ver = 2.00.61-0205 | Size = 176128 bytes | Modified Date = 2/6/2007 7:30:52 AM | Attr = ] hdeck.exe -> %ProgramFiles%\VIA\VIAudioi\HDADeck\HDeck.exe -> VIA Technologies, Inc. [Ver = 3, 3, 0, 0 | Size = 790528 bytes | Modified Date = 5/11/2007 3:47:30 PM | Attr = ] pdvdserv.exe -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 11/2/2004 8:24:46 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 5/24/2008 10:00:38 PM | Attr = ] nbhgui.exe -> %ProgramFiles%\Nero\Nero 7\InCD\NBHGui.exe -> Nero AG [Ver = 5, 5, 2, 8 | Size = 1628208 bytes | Modified Date = 5/15/2007 3:55:46 PM | Attr = ] incd.exe -> %ProgramFiles%\Nero\Nero 7\InCD\InCD.exe -> Nero AG [Ver = 5, 5, 2, 8 | Size = 1057328 bytes | Modified Date = 5/15/2007 3:55:26 PM | Attr = ] dap.exe -> %ProgramFiles%\DAP\DAP.EXE -> Speedbit Ltd. [Ver = 8, 6, 5, 2 | Size = 3053056 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] nitropdfprintermonitor.exe -> %ProgramFiles%\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe -> [Ver = 5, 4, 0, 21 | Size = 210224 bytes | Modified Date = 7/10/2008 1:59:36 PM | Attr = ] trayicos.exe -> %SystemDrive%\PROGRA~1\eScan\TRAYICOS.EXE -> MicroWorld Technologies Inc. [Ver = 4.0.1.55 | Size = 1772032 bytes | Modified Date = 7/11/2008 4:35:34 PM | Attr = ] escanmon.exe -> %SystemDrive%\PROGRA~1\eScan\Vista\eScanMon.exe -> MicroWorld Technologies Inc. [Ver = 1.0.0.45 | Size = 2056192 bytes | Modified Date = 7/17/2008 12:04:14 PM | Attr = ] googleupdater.exe -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1202.1501.beta | Size = 124400 bytes | Modified Date = 5/13/2008 11:54:54 PM | Attr = ] ymsgr_tray.exe -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe -> Yahoo! Inc. [Ver = 8,1,0,0 | Size = 103664 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] otscanit.exe -> %SystemDrive%\ost\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Auto | Running] -> %SystemRoot%\system32\drivers\CDAC11BA.EXE -> Macrovision [Ver = 4.20.020 | Size = 54784 bytes | Modified Date = 11/14/2007 1:43:08 PM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\System32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] (eScan Monitor Service) eScan Monitor Service [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\eScan\VISTA\avpmapp.exe -> MicroWorld Technologies Inc. [Ver = 7, 0, 3, 39 | Size = 92672 bytes | Modified Date = 7/17/2008 11:44:32 AM | Attr = ] (eScan-trayicos) eScan Server-Updater [Win32_Own | Auto | Running] -> %SystemDrive%\PROGRA~1\eScan\TRAYSSER.EXE -> MicroWorld Technologies Inc. [Ver = 4, 0, 0, 18 | Size = 78848 bytes | Modified Date = 7/16/2008 5:34:00 PM | Attr = ] (gusvc) Google Updater Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.1175.1407.beta | Size = 137200 bytes | Modified Date = 5/13/2008 11:54:56 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ] (InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> %ProgramFiles%\Nero\Nero 7\InCD\InCDsrv.exe -> Nero AG [Ver = 5, 5, 2, 8 | Size = 1550896 bytes | Modified Date = 5/15/2007 3:55:46 PM | Attr = ] (MWAgent) MWAgent [Win32_Own | Auto | Running] -> %CommonProgramFiles%\MicroWorld\Agent\MWASER.EXE -> MicroWorld Technologies Inc. [Ver = 4.0.1.2 | Size = 415232 bytes | Modified Date = 12/13/2007 7:06:14 PM | Attr = ] (NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 9, 1, 0 | Size = 792112 bytes | Modified Date = 4/13/2007 9:09:56 PM | Attr = ] (NMIndexingService) NMIndexingService [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Ahead\Lib\NMIndexingService.exe -> Nero AG [Ver = 2,0,12,0 | Size = 271920 bytes | Modified Date = 5/8/2007 7:47:22 PM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 5, 0, 5, 3 | Size = 65536 bytes | Modified Date = 11/27/2002 5:00:30 PM | Attr = ] (Tally License Server) Tally License Server (NT) [Win32_Own | Auto | Running] -> %SystemDrive%\Tally\tallylicserver.exe -> [Ver = | Size = 61440 bytes | Modified Date = 3/2/2005 8:35:46 AM | Attr = ] [Driver Services - Non-Microsoft Only] (AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\System32\drivers\AFS2K.SYS -> Oak Technology Inc. [Ver = 3.1.21.1103 | Size = 35840 bytes | Modified Date = 10/8/2004 6:46:04 AM | Attr = ] (CdaC15BA) CdaC15BA [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\CDAC15BA.SYS -> Macrovision Europe Ltd [Ver = 3.17.000 | Size = 12464 bytes | Modified Date = 11/14/2007 1:43:10 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] (ESCANMX) eScan Monitor Extension [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\escanmxx.sys -> MicroWorld Technologies Inc. - www.mwti.net [Ver = 4.97.0.0 built by: WinDDK | Size = 33792 bytes | Modified Date = 8/9/2008 1:07:32 AM | Attr = ] (FETND5BV) VIA Rhine-Family Fast Ethernet Adapter Driver Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\fetnd5bv.sys -> VIA Technologies, Inc. [Ver = 3.41.00.0426 | Size = 42496 bytes | Modified Date = 12/16/2004 1:36:30 PM | Attr = ] (FETNDIS) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Modified Date = 8/17/2001 12:13:08 PM | Attr = ] (HdAudAddService) VIA High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\viahduaa.sys -> VIA Technologies, Inc. [Ver = 6,0,01,1230 built by: WinDDK | Size = 199808 bytes | Modified Date = 4/23/2007 4:56:32 PM | Attr = ] (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\HDAudBus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5013 built by: WinDDK | Size = 138752 bytes | Modified Date = 1/7/2005 5:07:18 PM | Attr = ] (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZid412.sys -> HP [Ver = 5, 0, 5, 0 | Size = 50960 bytes | Modified Date = 11/27/2002 5:00:30 PM | Attr = ] (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZipr12.sys -> HP [Ver = 5, 0, 5, 0 | Size = 16080 bytes | Modified Date = 11/27/2002 5:00:30 PM | Attr = ] (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\HPZius12.sys -> HP [Ver = 5, 0, 5, 0 | Size = 22384 bytes | Modified Date = 11/27/2002 5:00:30 PM | Attr = ] (InCDfs) InCD File System [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\InCDFs.sys -> Nero AG [Ver = 5, 5, 2, 8 | Size = 118576 bytes | Modified Date = 5/15/2007 3:55:36 PM | Attr = ] (InCDPass) InCDPass [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDPass.sys -> Nero AG [Ver = 5, 5, 2, 8 | Size = 37040 bytes | Modified Date = 5/15/2007 3:55:36 PM | Attr = ] (incdrm) InCD Reader [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDRm.sys -> Nero AG [Ver = 5, 5, 2, 8 | Size = 38576 bytes | Modified Date = 5/15/2007 3:55:36 PM | Attr = ] (ProcObsrves) Process Creation Monitor [Kernel | On_Demand | Running] -> %SystemDrive%\PROGRA~1\eScan\ProcObsrves.sys -> MicroWorld Technologies Inc. [Ver = 4, 0, 0, 2 | Size = 5632 bytes | Modified Date = 4/15/2008 5:06:00 PM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\System32\Drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 2/21/2008 7:35:38 AM | Attr = ] (s116bus) Sony Ericsson Device 116 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\s116bus.sys -> MCCI Corporation [Ver = V4.40 | Size = 83336 bytes | Modified Date = 4/3/2007 12:57:42 PM | Attr = ] (s116mdfl) Sony Ericsson Device 116 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\s116mdfl.sys -> MCCI Corporation [Ver = V4.40 | Size = 15112 bytes | Modified Date = 4/3/2007 12:57:48 PM | Attr = ] (s116mdm) Sony Ericsson Device 116 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\s116mdm.sys -> MCCI Corporation [Ver = V4.40 | Size = 108680 bytes | Modified Date = 4/3/2007 12:57:48 PM | Attr = ] (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\s116mgmt.sys -> MCCI Corporation [Ver = V4.40 | Size = 100488 bytes | Modified Date = 4/3/2007 12:57:50 PM | Attr = ] (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\s116nd5.sys -> MCCI Corporation [Ver = V4.40 | Size = 23176 bytes | Modified Date = 4/3/2007 12:57:52 PM | Attr = ] (s116obex) Sony Ericsson Device 116 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\s116obex.sys -> MCCI Corporation [Ver = V4.40 | Size = 98696 bytes | Modified Date = 4/3/2007 12:57:52 PM | Attr = ] (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\s116unic.sys -> MCCI Corporation [Ver = V4.40 | Size = 99080 bytes | Modified Date = 4/3/2007 12:57:54 PM | Attr = ] (S3GIGP) S3GIGP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\DRIVERS\S3gIGPm.sys -> S3 Graphics Co., Ltd. [Ver = 6.14.10.0086-20.00.01a | Size = 709632 bytes | Modified Date = 3/5/2007 9:54:54 AM | Attr = ] (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\secdrv.sys -> [Ver = | Size = 27440 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] (slnt) Silan SC92031 PCI Fast Ethernet Adapter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\DRIVERS\slnt.sys -> Silan Micro-Electronics Inc. [Ver = 1.02.0527.2003 | Size = 18004 bytes | Modified Date = 11/20/2003 12:58:02 PM | Attr = ] (tifsfilter) Acronis True Image FS Filter [File_System | Auto | Running] -> %SystemRoot%\system32\DRIVERS\tifsfilt.sys -> Acronis [Ver = 4,0,0,469 | Size = 44384 bytes | Modified Date = 3/4/2008 10:16:54 PM | Attr = ] (timounter) Acronis True Image Backup Archive Explorer [Kernel | Boot | Running] -> %SystemRoot%\system32\DRIVERS\timntr.sys -> Acronis [Ver = 4,0,0,469 | Size = 441760 bytes | Modified Date = 3/4/2008 10:16:54 PM | Attr = ] [Registry - All] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ] DownloadAccelerator -> %ProgramFiles%\DAP\DAP.EXE ["C:\Program Files\DAP\DAP.EXE" /STARTUP] -> Speedbit Ltd. [Ver = 8, 6, 5, 2 | Size = 3053056 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] eScan Updater -> %SystemDrive%\PROGRA~1\eScan\TRAYICOS.EXE [C:\PROGRA~1\eScan\TRAYICOS.EXE /App] -> MicroWorld Technologies Inc. [Ver = 4.0.1.55 | Size = 1772032 bytes | Modified Date = 7/11/2008 4:35:34 PM | Attr = ] googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe /autostart] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/2/2007 2:52:02 AM | Attr = ] HDAudDeck -> %ProgramFiles%\VIA\VIAudioi\HDADeck\HDeck.exe [C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1] -> VIA Technologies, Inc. [Ver = 3, 3, 0, 0 | Size = 790528 bytes | Modified Date = 5/11/2007 3:47:30 PM | Attr = ] InCD -> %ProgramFiles%\Nero\Nero 7\InCD\InCD.exe [C:\Program Files\Nero\Nero 7\InCD\InCD.exe] -> Nero AG [Ver = 5, 5, 2, 8 | Size = 1057328 bytes | Modified Date = 5/15/2007 3:55:26 PM | Attr = ] MailScan Dispatcher -> %SystemDrive%\PROGRA~1\eScan\LAUNCH.EXE ["C:\PROGRA~1\eScan\LAUNCH.EXE" /startup] -> MicroWorld Technologies Inc. [Ver = 4, 0, 0, 22 | Size = 204800 bytes | Modified Date = 7/16/2008 4:10:32 PM | Attr = ] NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 3/1/2007 3:57:24 PM | Attr = ] Nitro PDF Printer Monitor -> %ProgramFiles%\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ["C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe"] -> [Ver = 5, 4, 0, 21 | Size = 210224 bytes | Modified Date = 7/10/2008 1:59:36 PM | Attr = ] RemoteControl -> %ProgramFiles%\CyberLink\PowerDVD\PDVDServ.exe ["C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"] -> Cyberlink Corp. [Ver = 6.00.1027 | Size = 32768 bytes | Modified Date = 11/2/2004 8:24:46 PM | Attr = ] S3Trayp -> %SystemRoot%\system32\S3trayp.exe [S3trayp.exe] -> S3 Graphics Co., Ltd. [Ver = 2.00.61-0205 | Size = 176128 bytes | Modified Date = 2/6/2007 7:30:52 AM | Attr = ] SecurDisc -> %ProgramFiles%\Nero\Nero 7\InCD\NBHGui.exe [C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe] -> Nero AG [Ver = 5, 5, 2, 8 | Size = 1628208 bytes | Modified Date = 5/15/2007 3:55:46 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.4043 | Size = 185632 bytes | Modified Date = 5/24/2008 10:00:38 PM | Attr = ] UserFaultCheck -> [%systemroot%\system32\dumprep 0 -u] -> File not found VTTimer -> %SystemRoot%\system32\VTTimer.exe [VTTimer.exe] -> S3 Graphics, Inc. [Ver = 2.00.08-0921 | Size = 53248 bytes | Modified Date = 9/21/2006 4:36:18 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ctfmon.exe -> %SystemRoot%\system32\ctfmon.exe [C:\WINDOWS\system32\ctfmon.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Yahoo! Pager -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] < Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DWQueuedReporting -> %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> Microsoft Corporation [Ver = 12.0.6010.5000 | Size = 437160 bytes | Modified Date = 2/26/2007 1:01:00 AM | Attr = ] < Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> DWQueuedReporting -> %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe ["C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t] -> Microsoft Corporation [Ver = 12.0.6010.5000 | Size = 437160 bytes | Modified Date = 2/26/2007 1:01:00 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\] > -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ctfmon.exe -> %SystemRoot%\system32\ctfmon.exe [C:\WINDOWS\system32\ctfmon.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Yahoo! Pager -> %SystemDrive%\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Google Updater.lnk -> %ProgramFiles%\Google\Google Updater\GoogleUpdater.exe -> Google [Ver = 2.2.1202.1501.beta | Size = 124400 bytes | Modified Date = 5/13/2008 11:54:54 PM | Attr = ] < IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> Your Image File Name Here without a path -> %SystemRoot%\System32\ntsd.exe [Debugger] -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 31744 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> {fbeb8a05-beee-4442-804e-409d6c4515e9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\SHELL32.dll [CDBurn] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/26/2007 9:04:02 AM | Attr = ] {7849596a-48ea-486e-8937-a2a3009f31a9} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\SHELL32.dll [PostBootReminder] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/26/2007 9:04:02 AM | Attr = ] {35CEC8A3-2BE6-11D2-8773-92E220524153} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\stobject.dll [SysTray] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 121856 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] {e57ce738-33e8-4c51-8354-bb4de9d215d1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\upnpui.dll [UPnPMonitor] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 239616 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] {E6FB5E20-DE35-11CF-9C87-00AA005127ED} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\webcheck.dll [WebCheck] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 233472 bytes | Modified Date = 12/7/2007 7:51:48 AM | Attr = ] {AAA288BA-9A4C-45B0-95D7-94D524869DB5} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\WPDShServiceObj.dll [WPDShServiceObj] -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 133632 bytes | Modified Date = 10/18/2006 9:47:22 PM | Attr = ] < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\WIFD1F~1\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> Microsoft Corporation [Ver = 1.1.1593.0 | Size = 83224 bytes | Modified Date = 11/3/2006 7:20:00 PM | Attr = ] {AEB6717E-7E19-11d0-97EE-00C04FD91972} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\shell32.dll [] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/26/2007 9:04:02 AM | Attr = ] < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> {438755C2-A8BA-11D1-B96B-00A0C90312E1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\browseui.dll [Browseui preloader] -> Microsoft Corporation [Ver = 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) | Size = 1022976 bytes | Modified Date = 8/22/2007 6:42:16 PM | Attr = ] {8C7461EF-2B13-11d2-BE35-3078302C2030} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\browseui.dll [Component Categories cache daemon] -> Microsoft Corporation [Ver = 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) | Size = 1022976 bytes | Modified Date = 8/22/2007 6:42:16 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dll -> %SystemRoot%\system32\msapsspc.dll -> Microsoft Corporation [Ver = 6.00.7755 | Size = 86016 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] schannel.dll -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 7:51:16 PM | Attr = ] digest.dll -> %SystemRoot%\system32\digest.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] msnsspc.dll -> %SystemRoot%\system32\msnsspc.dll -> Microsoft Corporation [Ver = 6.1.1825.0 | Size = 290816 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\Explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 3:53:08 PM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\System32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/26/2007 9:04:02 AM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003] > -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> crypt32chain -> %SystemRoot%\system32\crypt32.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 597504 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] cryptnet -> %SystemRoot%\system32\cryptnet.dll -> Microsoft Corporation [Ver = 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63488 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] cscdll -> %SystemRoot%\system32\cscdll.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 101888 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] ScCertProp -> %SystemRoot%\system32\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Schedule -> %SystemRoot%\system32\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] sclgntfy -> %SystemRoot%\system32\sclgntfy.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] SensLogn -> %SystemRoot%\system32\WlNotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] termsrv -> %SystemRoot%\system32\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] WgaLogon -> %SystemRoot%\system32\WgaLogon.dll -> Microsoft Corporation [Ver = 1.7.0018.7 | Size = 236928 bytes | Modified Date = 4/10/2007 2:00:46 PM | Attr = ] wlballoon -> %SystemRoot%\system32\wlnotify.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92672 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytoosl -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003] > -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 1 -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 1 -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\disableregistrytoosl -> 0 -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomTSSTcorp_CDDVDW_SH-S203D________________SB00____\5&28aae37e&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomHL-DT-ST_CD-RW_GCE-8526B________________1.03____\5&1a134b3d&0&0.0.0 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 11/14/2007 12:09:46 PM | Attr = ] autocalender(1).xls [ÐÏࡱá | ] -> F:\autocalender(1).xls [ FAT32 ] -> [Ver = | Size = 56320 bytes | Modified Date = 6/24/2005 8:05:28 PM | Attr = ] AUTOCAP- INTRO.doc [ÐÏࡱá | ] -> F:\AUTOCAP- INTRO.doc [ FAT32 ] -> [Ver = | Size = 24064 bytes | Modified Date = 2/7/2007 5:24:36 PM | Attr = ] < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> about:blank -> HKEY_CURRENT_USER\: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ieframe.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 6066176 bytes | Modified Date = 12/7/2007 7:51:46 AM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\] > -> -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\: Main\\Start Page -> about:blank -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ieframe.dll [Microsoft Url Search Hook] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 6066176 bytes | Modified Date = 12/7/2007 7:51:46 AM | Attr = ] HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 15 domain(s) found. -> 15 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 399 domain(s) found. -> office_microsoft.com [http] -> Trusted sites -> 410 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\] > -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 399 domain(s) found. -> office_microsoft.com [http] -> Trusted sites -> 410 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\] > -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\google\googletoolbar1.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1602, 35650 | Size = 2549368 bytes | Modified Date = 5/13/2008 11:58:00 PM | Attr = ] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 1119, 1736 | Size = 654320 bytes | Modified Date = 5/13/2008 11:55:04 PM | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4D5C8C25-D075-11d0-B416-00C04FB90376} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\shdocvw.dll [&Tip of the Day] -> Microsoft Corporation [Ver = 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) | Size = 1494528 bytes | Modified Date = 8/22/2007 6:42:18 PM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\SHELL32.dll [File Search Explorer Band] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/26/2007 9:04:02 AM | Attr = ] {EFA24E64-B078-11D0-89E4-00C04FC9E26E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\shdocvw.dll [Explorer Band] -> Microsoft Corporation [Ver = 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) | Size = 1494528 bytes | Modified Date = 8/22/2007 6:42:18 PM | Attr = ] < Internet Explorer Bars [HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\] > -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\SHELL32.dll [File Search Explorer Band] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/26/2007 9:04:02 AM | Attr = ] {EFA24E64-B078-11D0-89E4-00C04FC9E26E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\shdocvw.dll [Explorer Band] -> Microsoft Corporation [Ver = 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) | Size = 1494528 bytes | Modified Date = 8/22/2007 6:42:18 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 35650 | Size = 2549368 bytes | Modified Date = 5/13/2008 11:58:00 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) | Size = 1022976 bytes | Modified Date = 8/22/2007 6:42:16 PM | Attr = ] WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) | Size = 1022976 bytes | Modified Date = 8/22/2007 6:42:16 PM | Attr = ] WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\SHELL32.dll [&Links] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/26/2007 9:04:02 AM | Attr = ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 35650 | Size = 2549368 bytes | Modified Date = 5/13/2008 11:58:00 PM | Attr = ] WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ieframe.dll [&Links] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 6066176 bytes | Modified Date = 12/7/2007 7:51:46 AM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\] > -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) | Size = 1022976 bytes | Modified Date = 8/22/2007 6:42:16 PM | Attr = ] WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\browseui.dll [&Address] -> Microsoft Corporation [Ver = 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257) | Size = 1022976 bytes | Modified Date = 8/22/2007 6:42:16 PM | Attr = ] WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\SHELL32.dll [&Links] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/26/2007 9:04:02 AM | Attr = ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\google\googletoolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 35650 | Size = 2549368 bytes | Modified Date = 5/13/2008 11:58:00 PM | Attr = ] WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ieframe.dll [&Links] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 6066176 bytes | Modified Date = 12/7/2007 7:51:46 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {04849C74-016E-4a43-8AA5-1F01DE57F4A1}:{8C85E2EE-9FD6-11D5-B770-504D54C10000} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Trace] -> File not found {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 6:14:50 PM | Attr = ] {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec -> %ProgramFiles%\Messenger\msmsgs.exe [@C:\Program Files\Messenger\Msgslang.dll,-61144] -> Microsoft Corporation [Ver = 5.1.0715 | Size = 1660952 bytes | Modified Date = 6/2/2008 9:44:28 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Clean Traces -> %ProgramFiles%\DAP\Privacy Package\dapcleanerie.htm -> [Ver = | Size = 1748 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] &Download with &DAP -> %ProgramFiles%\DAP\dapextie.htm -> [Ver = | Size = 2020 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] Download &all with DAP -> %ProgramFiles%\DAP\dapextie2.htm -> [Ver = | Size = 1041 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\Office10\EXCEL.EXE -> Microsoft Corporation [Ver = 10.0.2614 | Size = 9164192 bytes | Modified Date = 2/16/2001 1:05:38 AM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [@C:\Program Files\Messenger\Msgslang.dll,-61144] -> Microsoft Corporation [Ver = 5.1.0715 | Size = 1660952 bytes | Modified Date = 6/2/2008 9:44:28 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> &Clean Traces -> %ProgramFiles%\DAP\Privacy Package\dapcleanerie.htm -> [Ver = | Size = 1748 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] &Download with &DAP -> %ProgramFiles%\DAP\dapextie.htm -> [Ver = | Size = 2020 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] Download &all with DAP -> %ProgramFiles%\DAP\dapextie2.htm -> [Ver = | Size = 1041 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Messenger\msmsgs.exe [@C:\Program Files\Messenger\Msgslang.dll,-61144] -> Microsoft Corporation [Ver = 5.1.0715 | Size = 1660952 bytes | Modified Date = 6/2/2008 9:44:28 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> &Clean Traces -> %ProgramFiles%\DAP\Privacy Package\dapcleanerie.htm -> [Ver = | Size = 1748 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] &Download with &DAP -> %ProgramFiles%\DAP\dapextie.htm -> [Ver = | Size = 2020 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] Download &all with DAP -> %ProgramFiles%\DAP\dapextie2.htm -> [Ver = | Size = 1041 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\] > -> HKEY_USERS\S-1-5-21-2052111302-861567501-725345543-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> &Clean Traces -> %ProgramFiles%\DAP\Privacy Package\dapcleanerie.htm -> [Ver = | Size = 1748 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] &Download with &DAP -> %ProgramFiles%\DAP\dapextie.htm -> [Ver = | Size = 2020 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] Download &all with DAP -> %ProgramFiles%\DAP\dapextie2.htm -> [Ver = | Size = 1041 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\Office10\EXCEL.EXE -> Microsoft Corporation [Ver = 10.0.2614 | Size = 9164192 bytes | Modified Date = 2/16/2001 1:05:38 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {474274AF-BF53-407F-941A-A876A80E07FD} -> 61.1.96.69,61.1.96.71 (VIA Rhine II Fast Ethernet Adapter) -> {9D81E8A8-FAE7-49E6-9840-ABEA0F0A93B8} -> (Sony Ericsson Device 116 USB Ethernet Emulation (NDIS 5)) -> {FF87A27A-7802-49B4-A223-9638F62C7727} -> 61.1.96.69,61.1.96.71 (Silan SC92031 PCI Fast Ethernet Adapter) -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] -> %SystemRoot%\System32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] -> %SystemRoot%\System32\winrnr.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 16896 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] -> %SystemRoot%\System32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] NameSpace_Catalog5\Catalog_Entries\000000000004 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] -> %SystemRoot%\System32\nwprovau.dll -> Microsoft Corporation [Ver = 5.1.2600.3015 (xpsp_sp2_gdr.061013-0145) | Size = 142336 bytes | Modified Date = 10/13/2006 6:05:12 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\system32\mswsock.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 245248 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML About Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 12/8/2007 10:51:48 AM | Attr = ] cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[CDL: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 12/7/2007 7:51:48 AM | Attr = ] cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Microsoft Shared\Web Folders\PKMCDO.DLL[Microsoft PKM KnowledgePluggable Class] -> Microsoft Corporation [Ver = 10.145.3722.0 | Size = 872448 bytes | Modified Date = 1/22/2001 3:25:24 AM | Attr = ] dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msvidctl.dll[DVD: Pluggable Protocol] -> Microsoft Corporation [Ver = 6.05.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1428480 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[file:, local: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 12/7/2007 7:51:48 AM | Attr = ] ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[ftp: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 12/7/2007 7:51:48 AM | Attr = ] gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[gopher: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 12/7/2007 7:51:48 AM | Attr = ] http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[http: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 12/7/2007 7:51:48 AM | Attr = ] http\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\System\OLE DB\msdaipp.dll[MSDAMON.BINDER] -> Microsoft Corporation [Ver = 10.145.3812.0 | Size = 1187840 bytes | Modified Date = 2/12/2001 3:25:24 AM | Attr = ] http\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\System\OLE DB\msdaipp.dll[MSDAIPP.BINDER] -> Microsoft Corporation [Ver = 10.145.3812.0 | Size = 1187840 bytes | Modified Date = 2/12/2001 3:25:24 AM | Attr = ] https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[https: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 12/7/2007 7:51:48 AM | Attr = ] https\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\System\OLE DB\msdaipp.dll[MSDAMON.BINDER] -> Microsoft Corporation [Ver = 10.145.3812.0 | Size = 1187840 bytes | Modified Date = 2/12/2001 3:25:24 AM | Attr = ] https\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\System\OLE DB\msdaipp.dll[MSDAIPP.BINDER] -> Microsoft Corporation [Ver = 10.145.3812.0 | Size = 1187840 bytes | Modified Date = 2/12/2001 3:25:24 AM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\System\OLE DB\msdaipp.dll[MSDAMON.BINDER] -> Microsoft Corporation [Ver = 10.145.3812.0 | Size = 1187840 bytes | Modified Date = 2/12/2001 3:25:24 AM | Attr = ] its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\itss.dll[Microsoft InfoTech Protocols for IE 4.0] -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 137216 bytes | Modified Date = 5/27/2005 7:34:28 AM | Attr = ] javascript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML Javascript Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 12/8/2007 10:51:48 AM | Attr = ] local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[file:, local: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 12/7/2007 7:51:48 AM | Attr = ] mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML Mailto Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 12/8/2007 10:51:48 AM | Attr = ] mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\inetcomm.dll[MHTML Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 6.00.2900.3198 (xpsp_sp2_gdr.070820-1448) | Size = 683520 bytes | Modified Date = 8/21/2007 11:45:44 AM | Attr = ] mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[mk: Asychronous Pluggable Protocol Handler] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 12/7/2007 7:51:48 AM | Attr = ] msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\System\OLE DB\msdaipp.dll[MSDAMON.BINDER] -> Microsoft Corporation [Ver = 10.145.3812.0 | Size = 1187840 bytes | Modified Date = 2/12/2001 3:25:24 AM | Attr = ] msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\System\OLE DB\msdaipp.dll[MSDAIPP.BINDER] -> Microsoft Corporation [Ver = 10.145.3812.0 | Size = 1187840 bytes | Modified Date = 2/12/2001 3:25:24 AM | Attr = ] ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\itss.dll[Microsoft InfoTech Protocols for IE 4.0] -> Microsoft Corporation [Ver = 5.2.3790.2453 (srv03_sp1_gdr.050525-1542) | Size = 137216 bytes | Modified Date = 5/27/2005 7:34:28 AM | Attr = ] mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL[Data Page Pluggable Protocol mso-offdap Handler] -> Microsoft Corporation [Ver = 10.0.2621 | Size = 7436272 bytes | Modified Date = 2/23/2001 6:36:24 PM | Attr = ] res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML Resource Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 12/8/2007 10:51:48 AM | Attr = ] sysimage:{76E67A63-06E9-11D2-A840-006008059382} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML Resource Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 12/8/2007 10:51:48 AM | Attr = ] tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\msvidctl.dll[TV: Pluggable Protocol] -> Microsoft Corporation [Ver = 6.05.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 1428480 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mshtml.dll[Microsoft HTML Javascript Pluggable Protocol] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 3592192 bytes | Modified Date = 12/8/2007 10:51:48 AM | Attr = ] wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\wiascr.dll[WiaProtocol Class] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 75776 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] < Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> application/octet-stream:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mscoree.dll[Cor MIME Filter, CorFltr, CorFltr 1] -> Microsoft Corporation [Ver = 2.0.50727.1433 (REDBITS.050727-1400) | Size = 282112 bytes | Modified Date = 10/24/2007 1:47:38 AM | Attr = ] application/x-complus:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mscoree.dll[Cor MIME Filter, CorFltr, CorFltr 1] -> Microsoft Corporation [Ver = 2.0.50727.1433 (REDBITS.050727-1400) | Size = 282112 bytes | Modified Date = 10/24/2007 1:47:38 AM | Attr = ] application/x-msdownload:{1E66F26B-79EE-11D2-8710-00C04F79ED0D}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\mscoree.dll[Cor MIME Filter, CorFltr, CorFltr 1] -> Microsoft Corporation [Ver = 2.0.50727.1433 (REDBITS.050727-1400) | Size = 282112 bytes | Modified Date = 10/24/2007 1:47:38 AM | Attr = ] Class Install Handler:{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[AP Class Install Handler filter] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 12/7/2007 7:51:48 AM | Attr = ] deflate:{8f6b0360-b80d-11d0-a9b3-006097942311}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[AP encoding/decoding Filters] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 12/7/2007 7:51:48 AM | Attr = ] gzip:{8f6b0360-b80d-11d0-a9b3-006097942311}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[AP encoding/decoding Filters] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 12/7/2007 7:51:48 AM | Attr = ] lzdhtml:{8f6b0360-b80d-11d0-a9b3-006097942311}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\urlmon.dll[AP encoding/decoding Filters] -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 1159680 bytes | Modified Date = 12/7/2007 7:51:48 AM | Attr = ] text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1}[HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\SHELL32.dll[WebView MIME Filter] -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/26/2007 9:04:02 AM | Attr = ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab[Office Genuine Advantage Validation Tool] -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab[CKAVWebScan Object] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {1E3F1348-4370-4BBE-A67A-CC7ED824CA85}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab[Microsoft Genuine Advantage Self Support Tool] -> {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> {54BE6B6F-3056-470B-97E1-BB92E051B6C4}[HKEY_LOCAL_MACHINE] -> http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab[DeviceEnum Class] -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}[HKEY_LOCAL_MACHINE] -> http://www.eset.eu/buxus/docs/OnlineScanner.cab[Reg Error: Key does not exist or could not be opened.] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211991369343[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_15] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiA.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32apiW.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32umc.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/lnod32upd.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScanner.ocx\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLA.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerDLLW.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerLang.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OnlineScannerUninstaller.exe\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/SelfHelpControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/SelfHelpControl.DLL\\.Owner -> {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/SelfHelpControl.DLL\\{1E3F1348-4370-4BBE-A67A-CC7ED824CA85} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] nwprovau -> %SystemRoot%\System32\nwprovau.dll -> Microsoft Corporation [Ver = 5.1.2600.3015 (xpsp_sp2_gdr.061013-0145) | Size = 142336 bytes | Modified Date = 10/13/2006 6:05:12 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\System32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:19:30 PM | Attr = ] msv1_0 -> %SystemRoot%\System32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] schannel -> %SystemRoot%\System32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 7:51:16 PM | Attr = ] wdigest -> %SystemRoot%\System32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/24/2006 10:07:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 744 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\System32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> FF 2A 4C 2D 27 07 3F F7 1D 4E 41 BB 84 AC C6 0E 63 36 34 62 35 30 64 34 00 FD 07 00 6B 2D 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 34 39 95 A6 EF C0 4B C7 C5 A6 FF C6 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> B9 6C 05 7A 1A 5A 29 82 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> B5 23 09 A6 5E 72 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\System32\IISSUBA.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> BA 8E 47 09 D0 A3 41 F2 C3 21 8E 2B F4 3F C5 20 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> F2 60 EC 6D 5E 01 C9 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 64 5B 66 30 3C C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 64 5B 66 30 3C C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 64 5B 66 30 3C C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 11477 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 6:14:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\PROGRA~1\eScan\DOWNLOAD.EXE -> %SystemDrive%\PROGRA~1\eScan\DOWNLOAD.EXE [C:\PROGRA~1\eScan\DOWNLOAD.EXE:*:Enabled:eScan Update Downloader] -> MicroWorld Technologies Inc. [Ver = 4.0.2.29 | Size = 505344 bytes | Modified Date = 7/1/2008 6:00:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\PROGRA~1\eScan\TRAYICOS.EXE -> %SystemDrive%\PROGRA~1\eScan\TRAYICOS.EXE [C:\PROGRA~1\eScan\TRAYICOS.EXE:*:Enabled:eScan Server Updater] -> MicroWorld Technologies Inc. [Ver = 4.0.1.55 | Size = 1772032 bytes | Modified Date = 7/11/2008 4:35:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE -> %SystemDrive%\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE [C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent] -> MicroWorld Technologies Inc. [Ver = 4.0.2.2 | Size = 531968 bytes | Modified Date = 12/13/2007 6:43:28 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\PROGRA~1\eScan\LICENSE.EXE -> %SystemDrive%\PROGRA~1\eScan\LICENSE.EXE [C:\PROGRA~1\eScan\LICENSE.EXE:*:Enabled:eScan Registration Service] -> MicroWorld Technologies Inc. [Ver = 4.0.1.47 | Size = 1485312 bytes | Modified Date = 6/26/2008 5:18:22 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\PROGRA~1\eScan\MAILADM.EXE -> %SystemDrive%\PROGRA~1\eScan\MAILADM.EXE [C:\PROGRA~1\eScan\MAILADM.EXE:*:Enabled:eScan Administration Service] -> MicroWorld Technologies Inc. [Ver = 4.0.1.102 | Size = 5650944 bytes | Modified Date = 7/17/2008 3:44:38 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE -> %SystemDrive%\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE [C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool] -> MicroWorld Technologies Inc. [Ver = 4, 1, 0, 5 | Size = 655360 bytes | Modified Date = 12/20/2007 6:22:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Tally\tally72.exe -> %SystemDrive%\Tally\tally72.exe [C:\Tally\tally72.exe:*:Enabled:tally72] -> [Ver = | Size = 6369744 bytes | Modified Date = 11/14/2007 1:37:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 6:14:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 1 | Size = 91376 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/2/2007 2:52:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\mIRC\mirc.exe -> %ProgramFiles%\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> mIRC Co. Ltd. [Ver = 6.33 | Size = 2808320 bytes | Modified Date = 7/18/2008 2:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\System32\java.exe -> %SystemRoot%\System32\java.exe [C:\WINDOWS\System32\java.exe:*:Enabled:Java(TM) Platform SE binary] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 6/10/2008 1:21:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [Ver = | Size = 219952 bytes | Modified Date = 2/24/2008 10:35:58 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PROGRA~1\eScan\DOWNLOAD.EXE -> %SystemDrive%\PROGRA~1\eScan\DOWNLOAD.EXE [C:\PROGRA~1\eScan\DOWNLOAD.EXE:*:Enabled:eScan Update Downloader] -> MicroWorld Technologies Inc. [Ver = 4.0.2.29 | Size = 505344 bytes | Modified Date = 7/1/2008 6:00:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PROGRA~1\eScan\TRAYICOS.EXE -> %SystemDrive%\PROGRA~1\eScan\TRAYICOS.EXE [C:\PROGRA~1\eScan\TRAYICOS.EXE:*:Enabled:eScan Server Updater] -> MicroWorld Technologies Inc. [Ver = 4.0.1.55 | Size = 1772032 bytes | Modified Date = 7/11/2008 4:35:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE -> %SystemDrive%\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE [C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE:*:Enabled:MicroWorld Management Agent] -> MicroWorld Technologies Inc. [Ver = 4.0.2.2 | Size = 531968 bytes | Modified Date = 12/13/2007 6:43:28 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PROGRA~1\eScan\LICENSE.EXE -> %SystemDrive%\PROGRA~1\eScan\LICENSE.EXE [C:\PROGRA~1\eScan\LICENSE.EXE:*:Enabled:eScan Registration Service] -> MicroWorld Technologies Inc. [Ver = 4.0.1.47 | Size = 1485312 bytes | Modified Date = 6/26/2008 5:18:22 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PROGRA~1\eScan\MAILADM.EXE -> %SystemDrive%\PROGRA~1\eScan\MAILADM.EXE [C:\PROGRA~1\eScan\MAILADM.EXE:*:Enabled:eScan Administration Service] -> MicroWorld Technologies Inc. [Ver = 4.0.1.102 | Size = 5650944 bytes | Modified Date = 7/17/2008 3:44:38 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE -> %SystemDrive%\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE [C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE:*:Enabled:eScan Remote Administration Tool] -> MicroWorld Technologies Inc. [Ver = 4, 1, 0, 5 | Size = 655360 bytes | Modified Date = 12/20/2007 6:22:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 2/28/2006 5:30:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\System32\RPCSS.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 10:09:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 2/28/2006 12:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\System32\RPCSS.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 10:09:50 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] ie-spyad -> %SystemDrive%\ie-spyad -> [Folder | Created Date = 8/8/2008 10:37:26 PM | Attr = ] ost -> %SystemDrive%\ost -> [Folder | Created Date = 8/19/2008 12:38:30 AM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 8/19/2008 12:00:20 AM | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 8/9/2008 12:19:45 AM | Attr = ] Combo-Fix -> %SystemDrive%\Combo-Fix -> [Folder | Created Date = 8/8/2008 10:49:31 PM | Attr = ] Beagled.exe -> %SystemDrive%\Beagled.exe -> [Ver = | Size = 231999 bytes | Created Date = 8/14/2008 12:24:50 AM | Attr = ] Qoobox -> %SystemDrive%\Qoobox -> [Folder | Created Date = 8/18/2008 10:39:58 PM | Attr = ] acadminidump.dmp -> %SystemDrive%\acadminidump.dmp -> [Ver = | Size = 56293 bytes | Created Date = 7/13/2008 2:48:07 PM | Attr = ] pdfedit -> %SystemDrive%\pdfedit -> [Folder | Created Date = 7/15/2008 9:41:14 PM | Attr = ] pdfedit2 -> %SystemDrive%\pdfedit2 -> [Folder | Created Date = 7/15/2008 9:46:11 PM | Attr = ] AVPDOS -> %SystemDrive%\AVPDOS -> [Folder | Created Date = 8/3/2008 2:24:10 PM | Attr = ] bootini.ins -> %SystemDrive%\bootini.ins -> [Ver = | Size = 211 bytes | Created Date = 8/3/2008 2:24:49 PM | Attr = ] 23990098.$$$ -> %SystemDrive%\23990098.$$$ -> [Ver = | Size = 0 bytes | Created Date = 8/3/2008 2:26:01 PM | Attr = ] PUB -> %SystemDrive%\PUB -> [Folder | Created Date = 8/3/2008 2:26:02 PM | Attr = ] eamon.sys -> %SystemRoot%\System32\drivers\eamon.sys -> ESET [Ver = 3.0.642 | Size = 39944 bytes | Created Date = 6/18/2008 12:14:28 AM | Attr = ] easdrv.sys -> %SystemRoot%\System32\drivers\easdrv.sys -> ESET [Ver = 3.0.642 | Size = 29704 bytes | Created Date = 6/18/2008 12:16:28 AM | Attr = ] epfwtdir.sys -> %SystemRoot%\System32\drivers\epfwtdir.sys -> [Ver = | Size = 33800 bytes | Created Date = 6/18/2008 12:14:28 AM | Attr = ] escanmxx.sys -> %SystemRoot%\System32\drivers\escanmxx.sys -> MicroWorld Technologies Inc. - www.mwti.net [Ver = 4.97.0.0 built by: WinDDK | Size = 33792 bytes | Created Date = 8/9/2008 1:07:32 AM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 7/11/2008 10:08:43 PM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 7/11/2008 10:08:43 PM | Attr = ] wbocx.ocx -> %SystemRoot%\System32\wbocx.ocx -> Stardock.Net, Inc [Ver = 3.01 | Size = 479298 bytes | Created Date = 7/15/2008 10:56:20 PM | Attr = ] spupdsvc.inf -> %SystemRoot%\System32\spupdsvc.inf -> [Ver = | Size = 142 bytes | Created Date = 8/19/2008 12:05:49 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 7/11/2008 10:08:43 PM | Attr = ] CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Created Date = 8/18/2008 11:48:02 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Created Date = 6/20/2008 11:58:44 AM | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 5/24/2008 10:00:39 PM | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 5/24/2008 10:00:41 PM | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 5/24/2008 10:00:41 PM | Attr = ] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2846 | Size = 185688 bytes | Created Date = 5/24/2008 10:00:49 PM | Attr = ] wbhelp2.dll -> %SystemRoot%\System32\wbhelp2.dll -> Stardock.Net, Inc [Ver = 1.5 | Size = 50688 bytes | Created Date = 7/15/2008 10:56:20 PM | Attr = ] ES_SETUP -> %SystemRoot%\System32\ES_SETUP -> [Folder | Created Date = 8/3/2008 2:24:10 PM | Attr = ] avgrsstx.dll.old -> %SystemRoot%\System32\avgrsstx.dll.old -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Created Date = 6/19/2008 2:29:29 PM | Attr = ] FLCSS.EXE -> %SystemRoot%\System32\FLCSS.EXE -> [Folder | Created Date = 8/3/2008 2:24:10 PM | Attr = ] mwtsp.dll -> %SystemRoot%\System32\mwtsp.dll -> MicroWorld Technologies Inc. [Ver = 966, 0, 0, 0 | Size = 425984 bytes | Created Date = 8/3/2008 2:24:12 PM | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 7/11/2008 9:55:55 PM | Attr = ] Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Created Date = 7/12/2008 9:31:58 PM | Attr = ] AniGIF.ocx -> %SystemRoot%\System32\AniGIF.ocx -> Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com [Ver = 2, 2, 5, 5 | Size = 172032 bytes | Created Date = 7/15/2008 10:56:20 PM | Attr = ] ICCProfiles.dll -> %SystemRoot%\System32\ICCProfiles.dll -> [Ver = | Size = 509208 bytes | Created Date = 7/10/2008 1:59:42 PM | Attr = ] eInstall.exe -> %SystemRoot%\System32\eInstall.exe -> MicroWorld Technologies Inc. [Ver = 4.0.0.1 | Size = 509952 bytes | Created Date = 8/3/2008 2:24:14 PM | Attr = ] ZIPDLL.DLL -> %SystemRoot%\System32\ZIPDLL.DLL -> [Ver = 1, 6, 0 | Size = 130560 bytes | Created Date = 8/3/2008 2:24:12 PM | Attr = ] UNZDLL.DLL -> %SystemRoot%\System32\UNZDLL.DLL -> [Ver = 1, 6, 0 | Size = 125440 bytes | Created Date = 8/3/2008 2:24:12 PM | Attr = ] esmxlog.dll -> %SystemRoot%\System32\esmxlog.dll -> [Ver = | Size = 32768 bytes | Created Date = 8/3/2008 2:24:12 PM | Attr = ] mwnsp.dll -> %SystemRoot%\System32\mwnsp.dll -> MicroWorld Technologies Inc. [Ver = 966, 0, 0, 0 | Size = 155648 bytes | Created Date = 8/3/2008 2:24:13 PM | Attr = ] contfilt.dll -> %SystemRoot%\System32\contfilt.dll -> MicroWorld Technologies Inc. [Ver = 4, 0, 0, 71 | Size = 1540096 bytes | Created Date = 8/3/2008 2:24:13 PM | Attr = ] temp -> %SystemRoot%\temp -> [Folder | Created Date = 8/18/2008 11:48:58 PM | Attr = ] 7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Created Date = 5/22/2008 9:26:03 PM | Attr = ] WIN.PRO -> %SystemRoot%\WIN.PRO -> [Ver = | Size = 20 bytes | Created Date = 8/3/2008 2:48:11 PM | Attr = ] gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 14, 14536 | Size = 811008 bytes | Created Date = 7/11/2008 9:50:10 PM | Attr = ] escan.dbf -> %SystemRoot%\escan.dbf -> [Ver = | Size = 22 bytes | Created Date = 8/3/2008 2:50:38 PM | Attr = ] inst_tsp.exe -> %SystemRoot%\inst_tsp.exe -> MicroWorld Technologies Inc. [Ver = 4, 0, 0, 13 | Size = 57344 bytes | Created Date = 8/3/2008 2:24:12 PM | Attr = ] inst_tspx.exe -> %SystemRoot%\inst_tspx.exe -> MicroWorld Technologies Inc. [Ver = 4, 0, 0, 13 | Size = 97280 bytes | Created Date = 8/3/2008 2:24:12 PM | Attr = ] killproc.exe -> %SystemRoot%\killproc.exe -> MicroWorld Technologies Inc. [Ver = 4, 0, 0, 9 | Size = 49152 bytes | Created Date = 8/3/2008 2:24:20 PM | Attr = ] nod32restoretemdono.reg -> %SystemRoot%\nod32restoretemdono.reg -> [Ver = | Size = 5702 bytes | Created Date = 6/18/2008 10:16:10 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Created Date = 6/20/2008 12:30:01 AM | Attr = ] choice.exe -> %SystemRoot%\choice.exe -> [Ver = | Size = 21312 bytes | Created Date = 8/8/2008 10:37:47 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 8/9/2008 12:19:56 AM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 8/18/2008 11:40:34 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 8/18/2008 11:40:34 PM | Attr = ] fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 8/18/2008 11:40:34 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 8/18/2008 11:40:34 PM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 8/18/2008 11:40:34 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 8/18/2008 11:40:34 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 8/18/2008 11:40:34 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 8/18/2008 11:40:34 PM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 8/18/2008 11:40:34 PM | Attr = ] winsbak.reg -> %SystemRoot%\winsbak.reg -> [Ver = | Size = 14936 bytes | Created Date = 8/3/2008 2:24:50 PM | Attr = ] winsbak2.reg -> %SystemRoot%\winsbak2.reg -> [Ver = | Size = 136730 bytes | Created Date = 8/3/2008 2:24:50 PM | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Created Date = 8/19/2008 12:05:21 AM | Attr = ] REGBK00.ZIP -> %SystemRoot%\REGBK00.ZIP -> [Ver = | Size = 6033007 bytes | Created Date = 8/3/2008 2:31:22 PM | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 7/11/2008 9:50:14 PM | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Created Date = 5/22/2008 9:21:08 PM | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] Nero -> %AllUsersProfile%\Application Data\Nero -> [Folder | Created Date = 7/5/2008 11:07:23 PM | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Created Date = 7/11/2008 9:55:58 PM | Attr = ] Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage -> [Folder | Created Date = 7/12/2008 10:28:11 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 7/15/2008 10:56:44 PM | Attr = ] Nitro PDF -> %AllUsersProfile%\Application Data\Nitro PDF -> [Folder | Created Date = 7/16/2008 12:37:45 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 8/7/2008 11:34:10 PM | Attr = ] Avg8 -> %AllUsersProfile%\Application Data\Avg8 -> [Folder | Created Date = 8/18/2008 11:59:01 PM | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Created Date = 5/22/2008 9:25:57 PM | Attr = ] Talkback -> %AppData%\Talkback -> [Folder | Created Date = 5/22/2008 9:26:24 PM | Attr = ] Real -> %AppData%\Real -> [Folder | Created Date = 5/24/2008 10:00:27 PM | Attr = ] vlc -> %AppData%\vlc -> [Folder | Created Date = 6/5/2008 12:23:05 AM | Attr = ] Nitro PDF -> %AppData%\Nitro PDF -> [Folder | Created Date = 7/16/2008 12:39:27 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 8/7/2008 11:34:14 PM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Created Date = 5/22/2008 9:25:57 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4294986 bytes | Created Date = 5/25/2008 1:07:10 PM | Attr = ] Downloaded Installations -> %UserProfile%\Local Settings\Application Data\Downloaded Installations -> [Folder | Created Date = 7/16/2008 12:37:03 AM | Attr = ] insrana1.jpg -> %UserProfile%\My Documents\insrana1.jpg -> [Ver = | Size = 69520 bytes | Created Date = 7/15/2008 11:49:50 PM | Attr = ] INCHARGE.xls -> %UserProfile%\My Documents\INCHARGE.xls -> [Ver = | Size = 16896 bytes | Created Date = 6/16/2008 2:57:11 PM | Attr = ] mis.rtf -> %UserProfile%\My Documents\mis.rtf -> [Ver = | Size = 381 bytes | Created Date = 6/19/2008 11:15:08 PM | Attr = ] wall -> %UserProfile%\My Documents\wall -> [Folder | Created Date = 7/3/2008 10:02:40 PM | Attr = ] stock.xls -> %UserProfile%\My Documents\stock.xls -> [Ver = | Size = 15360 bytes | Created Date = 7/10/2008 11:21:07 PM | Attr = ] 4961_Solitarioxxx_en_m2_176_gen_6630.jad -> %UserProfile%\My Documents\4961_Solitarioxxx_en_m2_176_gen_6630.jad -> [Ver = | Size = 256 bytes | Created Date = 5/26/2008 11:12:15 PM | Attr = ] googlehostedservice.html -> %UserProfile%\My Documents\googlehostedservice.html -> [Ver = | Size = 22 bytes | Created Date = 5/25/2008 10:10:59 PM | Attr = ] 1554_TheDonaldTrumpetShow_6630.jad -> %UserProfile%\My Documents\1554_TheDonaldTrumpetShow_6630.jad -> [Ver = | Size = 300 bytes | Created Date = 5/26/2008 11:19:10 PM | Attr = ] 4961_Solitarioxxx_en_m2_176_gen_6630.jar -> %UserProfile%\My Documents\4961_Solitarioxxx_en_m2_176_gen_6630.jar -> [Ver = | Size = 120850 bytes | Created Date = 5/26/2008 11:12:01 PM | Attr = ] 1554_TheDonaldTrumpetShow_6630.jar -> %UserProfile%\My Documents\1554_TheDonaldTrumpetShow_6630.jar -> [Ver = | Size = 123224 bytes | Created Date = 5/26/2008 11:19:05 PM | Attr = ] interview.doc -> %UserProfile%\My Documents\interview.doc -> [Ver = | Size = 25088 bytes | Created Date = 7/3/2008 11:29:44 PM | Attr = ] 5069_26232329.gif -> %UserProfile%\My Documents\5069_26232329.gif -> [Ver = | Size = 28111 bytes | Created Date = 5/26/2008 11:23:42 PM | Attr = ] Software_mapilai.pdf -> %UserProfile%\My Documents\Software_mapilai.pdf -> [Ver = | Size = 45775 bytes | Created Date = 7/3/2008 9:53:30 PM | Attr = ] karthikeyan result.doc -> %UserProfile%\My Documents\karthikeyan result.doc -> [Ver = | Size = 35840 bytes | Created Date = 7/14/2008 11:05:12 PM | Attr = ] cvjava.doc -> %UserProfile%\My Documents\cvjava.doc -> [Ver = | Size = 36864 bytes | Created Date = 7/15/2008 4:42:01 PM | Attr = ] insjyoti.jpg -> %UserProfile%\My Documents\insjyoti.jpg -> [Ver = | Size = 71916 bytes | Created Date = 7/15/2008 11:58:44 PM | Attr = ] My Completed Downloads -> %UserProfile%\My Documents\My Completed Downloads -> [Folder | Created Date = 7/15/2008 10:56:31 PM | Attr = ] adm_vinogradov_01.jpg -> %UserProfile%\My Documents\adm_vinogradov_01.jpg -> [Ver = | Size = 113834 bytes | Created Date = 7/16/2008 12:27:34 AM | Attr = ] marshal_shaposhnikov.jpg -> %UserProfile%\My Documents\marshal_shaposhnikov.jpg -> [Ver = | Size = 117613 bytes | Created Date = 7/16/2008 12:03:48 AM | Attr = ] ka-27-heli.jpg -> %UserProfile%\My Documents\ka-27-heli.jpg -> [Ver = | Size = 57739 bytes | Created Date = 7/16/2008 12:11:03 AM | Attr = ] dubhna.jpg -> %UserProfile%\My Documents\dubhna.jpg -> [Ver = | Size = 22207 bytes | Created Date = 7/16/2008 12:31:28 AM | Attr = ] Ka-28_Indian_Navy.jpg -> %UserProfile%\My Documents\Ka-28_Indian_Navy.jpg -> [Ver = | Size = 36098 bytes | Created Date = 7/16/2008 12:25:07 AM | Attr = ] Seaking1.jpg -> %UserProfile%\My Documents\Seaking1.jpg -> [Ver = | Size = 45005 bytes | Created Date = 7/16/2008 12:16:29 AM | Attr = ] flotilla.jpg -> %UserProfile%\My Documents\flotilla.jpg -> [Ver = | Size = 78920 bytes | Created Date = 7/15/2008 11:44:17 PM | Attr = ] cvjava.pdf -> %UserProfile%\My Documents\cvjava.pdf -> [Ver = | Size = 391600 bytes | Created Date = 7/27/2008 9:27:18 PM | Attr = ] Vitsa InfoTech P Ltd.ppt -> %UserProfile%\My Documents\Vitsa InfoTech P Ltd.ppt -> [Ver = | Size = 185856 bytes | Created Date = 8/11/2008 11:40:44 PM | Attr = ] Mesh Network.ppt -> %UserProfile%\My Documents\Mesh Network.ppt -> [Ver = | Size = 135680 bytes | Created Date = 8/12/2008 1:04:05 AM | Attr = ] Everything_you_want_to_know_in_chennai.xls -> %UserProfile%\My Documents\Everything_you_want_to_know_in_chennai.xls -> [Ver = | Size = 701952 bytes | Created Date = 7/3/2008 9:49:17 PM | Attr = ] idcard.JPG -> %UserProfile%\My Documents\idcard.JPG -> [Ver = | Size = 15842 bytes | Created Date = 8/14/2008 10:50:27 AM | Attr = ] GST Road - As buit drg 18[1].06.08.dwg -> %UserProfile%\My Documents\GST Road - As buit drg 18[1].06.08.dwg -> [Ver = | Size = 954956 bytes | Created Date = 8/12/2008 8:36:18 AM | Attr = ] Vitsa InfoTech.doc -> %UserProfile%\My Documents\Vitsa InfoTech.doc -> [Ver = | Size = 19968 bytes | Created Date = 8/12/2008 12:03:13 AM | Attr = ] wmnTutorial.ppt -> %UserProfile%\My Documents\wmnTutorial.ppt -> [Ver = | Size = 11500544 bytes | Created Date = 8/12/2008 10:46:56 PM | Attr = ] vivithacv.doc -> %UserProfile%\My Documents\vivithacv.doc -> [Ver = | Size = 33280 bytes | Created Date = 7/15/2008 8:37:50 PM | Attr = ] mesh-scenario.gif -> %UserProfile%\My Documents\mesh-scenario.gif -> [Ver = | Size = 38387 bytes | Created Date = 8/12/2008 12:42:29 AM | Attr = ] Self-form-self-heal.gif -> %UserProfile%\My Documents\Self-form-self-heal.gif -> [Ver = | Size = 18710 bytes | Created Date = 8/12/2008 12:35:03 AM | Attr = ] Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 8704 bytes | Created Date = 8/15/2008 1:28:30 AM | Attr = HS] Ha-Ha_by_Pooja.part1.rar -> %UserProfile%\My Documents\Ha-Ha_by_Pooja.part1.rar -> [Ver = | Size = 22020096 bytes | Created Date = 8/15/2008 2:34:08 AM | Attr = ] Ha-Ha_by_Pooja.part2.rar -> %UserProfile%\My Documents\Ha-Ha_by_Pooja.part2.rar -> [Ver = | Size = 20051818 bytes | Created Date = 8/15/2008 2:48:38 AM | Attr = ] The_Bastard_of_Venus_by_Pooja.rar -> %UserProfile%\My Documents\The_Bastard_of_Venus_by_Pooja.rar -> [Ver = | Size = 27998468 bytes | Created Date = 8/15/2008 3:11:15 AM | Attr = ] House_Calls_by_Pooja.rar -> %UserProfile%\My Documents\House_Calls_by_Pooja.rar -> [Ver = | Size = 7530813 bytes | Created Date = 8/15/2008 3:51:35 AM | Attr = ] Mother_Rule_by_Pooja.rar -> %UserProfile%\My Documents\Mother_Rule_by_Pooja.rar -> [Ver = | Size = 30940387 bytes | Created Date = 8/15/2008 4:15:34 AM | Attr = ] pinfect.zip -> %UserProfile%\My Documents\pinfect.zip -> [Ver = | Size = 113898 bytes | Created Date = 8/18/2008 10:37:23 PM | Attr = ] mIRC.lnk -> %AllUsersProfile%\Desktop\mIRC.lnk -> [Ver = | Size = 530 bytes | Created Date = 7/26/2008 12:10:27 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 8/19/2008 12:38:06 AM | Attr = ] cvjava.doc -> %UserProfile%\Desktop\cvjava.doc -> [Ver = | Size = 38400 bytes | Created Date = 7/15/2008 4:44:00 PM | Attr = ] greatmailz_org.htm -> %UserProfile%\Desktop\greatmailz_org.htm -> [Ver = | Size = 7937 bytes | Created Date = 7/3/2008 11:56:34 PM | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 8192 bytes | Created Date = 8/12/2008 12:35:35 AM | Attr = HS] RENTAL AGREEMENT.doc -> %UserProfile%\Desktop\RENTAL AGREEMENT.doc -> [Ver = | Size = 28672 bytes | Created Date = 8/13/2008 10:55:09 PM | Attr = ] vitsa'sS Wireless Networking Projects and Proposals[1].doc -> %UserProfile%\Desktop\vitsa'sS Wireless Networking Projects and Proposals[1].doc -> [Ver = | Size = 65536 bytes | Created Date = 8/11/2008 11:45:41 PM | Attr = ] Vitsa InfoTech P Ltd.ppt -> %UserProfile%\Desktop\Vitsa InfoTech P Ltd.ppt -> [Ver = | Size = 185856 bytes | Created Date = 8/12/2008 12:20:32 AM | Attr = ] amendmentpg.doc.dap -> %UserProfile%\Desktop\amendmentpg.doc.dap -> [Ver = | Size = 101376 bytes | Created Date = 8/14/2008 4:39:05 PM | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Created Date = 5/24/2008 10:00:34 PM | Attr = ] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Created Date = 5/24/2008 10:00:57 PM | Attr = ] Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Created Date = 7/5/2008 11:07:23 PM | Attr = ] Nitro PDF -> %CommonProgramFiles%\Nitro PDF -> [Folder | Created Date = 7/16/2008 12:37:45 AM | Attr = ] BCL Technologies -> %CommonProgramFiles%\BCL Technologies -> [Folder | Created Date = 7/16/2008 12:37:45 AM | Attr = ] MicroWorld -> %CommonProgramFiles%\MicroWorld -> [Folder | Created Date = 8/3/2008 2:24:47 PM | Attr = ] VideoLAN -> %ProgramFiles%\VideoLAN -> [Folder | Created Date = 6/5/2008 12:19:36 AM | Attr = ] DAP -> %ProgramFiles%\DAP -> [Folder | Created Date = 7/15/2008 10:56:17 PM | Attr = ] Ahead -> %ProgramFiles%\Ahead -> [Folder | Created Date = 6/19/2008 11:37:20 PM | Attr = ] Real -> %ProgramFiles%\Real -> [Folder | Created Date = 5/24/2008 10:00:40 PM | Attr = ] Nitro PDF -> %ProgramFiles%\Nitro PDF -> [Folder | Created Date = 7/16/2008 12:37:45 AM | Attr = ] TheLearningPit -> %ProgramFiles%\TheLearningPit -> [Folder | Created Date = 6/23/2008 11:54:37 PM | Attr = ] mIRC -> %ProgramFiles%\mIRC -> [Folder | Created Date = 7/26/2008 12:10:24 AM | Attr = ] eScan -> %ProgramFiles%\eScan -> [Folder | Created Date = 8/3/2008 2:24:10 PM | Attr = ] CDisplay -> %ProgramFiles%\CDisplay -> [Folder | Created Date = 8/3/2008 9:33:45 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 8/8/2008 11:36:41 PM | Attr = ] [Files/Folders - Modified Within 90 days] ie-spyad -> %SystemDrive%\ie-spyad -> [Folder | Modified Date = 8/8/2008 10:37:28 PM | Attr = ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 203 bytes | Modified Date = 8/3/2008 2:24:50 PM | Attr = ] ost -> %SystemDrive%\ost -> [Folder | Modified Date = 8/19/2008 12:38:32 AM | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/19/2008 12:00:22 AM | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 8/9/2008 12:19:46 AM | Attr = ] Combo-Fix -> %SystemDrive%\Combo-Fix -> [Folder | Modified Date = 8/8/2008 10:49:32 PM | Attr = ] Beagled.exe -> %SystemDrive%\Beagled.exe -> [Ver = | Size = 231999 bytes | Modified Date = 8/14/2008 12:25:04 AM | Attr = ] Qoobox -> %SystemDrive%\Qoobox -> [Folder | Modified Date = 8/18/2008 10:40:00 PM | Attr = ] acadminidump.dmp -> %SystemDrive%\acadminidump.dmp -> [Ver = | Size = 56293 bytes | Modified Date = 7/13/2008 2:48:10 PM | Attr = ] pdfedit -> %SystemDrive%\pdfedit -> [Folder | Modified Date = 7/15/2008 9:41:16 PM | Attr = ] pdfedit2 -> %SystemDrive%\pdfedit2 -> [Folder | Modified Date = 7/15/2008 9:46:12 PM | Attr = ] AVPDOS -> %SystemDrive%\AVPDOS -> [Folder | Modified Date = 8/3/2008 2:24:12 PM | Attr = ] 23990098.$$$ -> %SystemDrive%\23990098.$$$ -> [Ver = | Size = 0 bytes | Modified Date = 8/9/2008 11:56:54 PM | Attr = ] PUB -> %SystemDrive%\PUB -> [Folder | Modified Date = 8/3/2008 2:26:04 PM | Attr = ] hpfr3420.xml -> %SystemDrive%\hpfr3420.xml -> [Ver = | Size = 522 bytes | Modified Date = 8/15/2008 7:38:18 PM | Attr = ] escanmxx.sys -> %SystemRoot%\System32\drivers\escanmxx.sys -> MicroWorld Technologies Inc. - www.mwti.net [Ver = 4.97.0.0 built by: WinDDK | Size = 33792 bytes | Modified Date = 8/9/2008 1:07:32 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 8/19/2008 12:09:46 AM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 59984 bytes | Modified Date = 8/5/2008 11:36:08 PM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 397890 bytes | Modified Date = 8/5/2008 11:36:08 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 6/10/2008 1:21:02 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 6/10/2008 1:21:04 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 464376 bytes | Modified Date = 8/5/2008 11:36:08 PM | Attr = ] wbocx.ocx -> %SystemRoot%\System32\wbocx.ocx -> Stardock.Net, Inc [Ver = 3.01 | Size = 479298 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] spupdsvc.inf -> %SystemRoot%\System32\spupdsvc.inf -> [Ver = | Size = 142 bytes | Modified Date = 8/19/2008 12:05:50 AM | Attr = ] CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2577 bytes | Modified Date = 6/18/2008 10:00:44 PM | Attr = ] mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 90876 bytes | Modified Date = 7/26/2008 12:19:16 AM | Attr = H ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Modified Date = 6/10/2008 2:32:34 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Modified Date = 6/10/2008 2:32:34 AM | Attr = ] CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak -> [Folder | Modified Date = 8/18/2008 11:48:04 PM | Attr = ] 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 6/20/2008 11:58:46 AM | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 5/24/2008 10:00:40 PM | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 5/24/2008 10:00:42 PM | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 5/24/2008 10:00:42 PM | Attr = ] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2846 | Size = 185688 bytes | Modified Date = 5/24/2008 10:00:50 PM | Attr = ] wbhelp2.dll -> %SystemRoot%\System32\wbhelp2.dll -> Stardock.Net, Inc [Ver = 1.5 | Size = 50688 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] ES_SETUP -> %SystemRoot%\System32\ES_SETUP -> [Folder | Modified Date = 8/3/2008 2:24:12 PM | Attr = ] avgrsstx.dll.old -> %SystemRoot%\System32\avgrsstx.dll.old -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 6/19/2008 2:29:30 PM | Attr = ] FLCSS.EXE -> %SystemRoot%\System32\FLCSS.EXE -> [Folder | Modified Date = 8/3/2008 2:24:12 PM | Attr = ] mwtsp.dll -> %SystemRoot%\System32\mwtsp.dll -> MicroWorld Technologies Inc. [Ver = 966, 0, 0, 0 | Size = 425984 bytes | Modified Date = 7/16/2008 5:03:40 PM | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 7/11/2008 9:55:56 PM | Attr = ] Adobe -> %SystemRoot%\System32\Adobe -> [Folder | Modified Date = 7/12/2008 9:32:00 PM | Attr = ] AniGIF.ocx -> %SystemRoot%\System32\AniGIF.ocx -> Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com [Ver = 2, 2, 5, 5 | Size = 172032 bytes | Modified Date = 7/15/2008 10:56:22 PM | Attr = ] ICCProfiles.dll -> %SystemRoot%\System32\ICCProfiles.dll -> [Ver = | Size = 509208 bytes | Modified Date = 7/10/2008 1:59:42 PM | Attr = ] mwnsp.dll -> %SystemRoot%\System32\mwnsp.dll -> MicroWorld Technologies Inc. [Ver = 966, 0, 0, 0 | Size = 155648 bytes | Modified Date = 7/16/2008 4:57:16 PM | Attr = ] contfilt.dll -> %SystemRoot%\System32\contfilt.dll -> MicroWorld Technologies Inc. [Ver = 4, 0, 0, 71 | Size = 1540096 bytes | Modified Date = 7/16/2008 5:47:58 PM | Attr = ] temp -> %SystemRoot%\temp -> [Folder | Modified Date = 8/18/2008 11:49:00 PM | Attr = ] 7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 256 bytes | Modified Date = 8/18/2008 11:46:46 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 3294 bytes | Modified Date = 8/19/2008 12:47:20 AM | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 0 bytes | Modified Date = 5/22/2008 9:26:04 PM | Attr = ] WIN.PRO -> %SystemRoot%\WIN.PRO -> [Ver = | Size = 20 bytes | Modified Date = 8/3/2008 2:48:12 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1355 bytes | Modified Date = 7/7/2008 9:08:22 PM | Attr = ] escan.dbf -> %SystemRoot%\escan.dbf -> [Ver = | Size = 22 bytes | Modified Date = 8/3/2008 2:50:40 PM | Attr = ] inst_tsp.exe -> %SystemRoot%\inst_tsp.exe -> MicroWorld Technologies Inc. [Ver = 4, 0, 0, 13 | Size = 57344 bytes | Modified Date = 7/16/2008 5:04:00 PM | Attr = ] inst_tspx.exe -> %SystemRoot%\inst_tspx.exe -> MicroWorld Technologies Inc. [Ver = 4, 0, 0, 13 | Size = 97280 bytes | Modified Date = 7/16/2008 6:34:22 PM | Attr = ] killproc.exe -> %SystemRoot%\killproc.exe -> MicroWorld Technologies Inc. [Ver = 4, 0, 0, 9 | Size = 49152 bytes | Modified Date = 7/16/2008 4:09:24 PM | Attr = ] SoftwareDistribution -> %SystemRoot%\SoftwareDistribution -> [Folder | Modified Date = 6/20/2008 12:30:02 AM | Attr = ] ODBCINST.INI -> %SystemRoot%\ODBCINST.INI -> [Ver = | Size = 4297 bytes | Modified Date = 8/18/2008 11:46:10 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 8/9/2008 12:19:58 AM | Attr = ] winsbak.reg -> %SystemRoot%\winsbak.reg -> [Ver = | Size = 14936 bytes | Modified Date = 8/3/2008 2:24:52 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/18/2008 11:45:44 PM | Attr = ] winsbak2.reg -> %SystemRoot%\winsbak2.reg -> [Ver = | Size = 136730 bytes | Modified Date = 8/3/2008 2:24:52 PM | Attr = ] LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 8/19/2008 12:05:22 AM | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 459 bytes | Modified Date = 8/18/2008 11:46:10 PM | Attr = ] REGBK00.ZIP -> %SystemRoot%\REGBK00.ZIP -> [Ver = | Size = 6033007 bytes | Modified Date = 8/3/2008 2:32:24 PM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 69 bytes | Modified Date = 8/9/2008 2:13:26 AM | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 7/11/2008 9:50:16 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/18/2008 11:45:48 PM | Attr = H ] FRU Task #Hewlett-Packard#hp psc 1200 series#1204915249.job -> %SystemRoot%\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1204915249.job -> [Ver = | Size = 346 bytes | Modified Date = 6/18/2008 12:12:58 AM | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 8/15/2008 8:00:02 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 11/14/2007 8:16:14 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 48517 bytes | Modified Date = 8/19/2008 12:29:56 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 48517 bytes | Modified Date = 8/19/2008 12:29:54 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 11/14/2007 1:26:30 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1388 bytes | Modified Date = 8/14/2008 4:24:28 PM | Attr = ] C:\Documents and Settings\Welcome\Local Settings\temp\ -> C:\Documents and Settings\Welcome\Local Settings\temp -> [Folder | Modified Date = 8/18/2008 11:49:00 PM | Attr = ] setup.exe -> C:\Documents and Settings\Welcome\Local Settings\temp\setup.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 2539800 bytes | Modified Date = 7/3/2008 10:46:24 PM | Attr = ] 3 C:\Documents and Settings\Welcome\Local Settings\temp\*.tmp files -> C:\Documents and Settings\Welcome\Local Settings\temp\*.tmp -> C:\Documents and Settings\Welcome\Local Settings\temp\~nsu.tmp\ -> C:\Documents and Settings\Welcome\Local Settings\temp\~nsu.tmp\ -> [Folder | Modified Date = 8/18/2008 11:59:30 PM | Attr = ] Au_.exe -> C:\Documents and Settings\Welcome\Local Settings\temp\~nsu.tmp\Au_.exe -> Yahoo! Inc. [Ver = 2008.02.13.01 | Size = 34295 bytes | Modified Date = 6/28/2008 12:11:22 AM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Nero -> %AllUsersProfile%\Application Data\Nero -> [Folder | Modified Date = 7/5/2008 11:07:24 PM | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Application Data\Kaspersky Lab -> [Folder | Modified Date = 7/11/2008 9:56:00 PM | Attr = ] Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage -> [Folder | Modified Date = 7/12/2008 10:28:12 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 7/15/2008 10:56:46 PM | Attr = ] Nitro PDF -> %AllUsersProfile%\Application Data\Nitro PDF -> [Folder | Modified Date = 7/16/2008 12:37:46 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 8/7/2008 11:34:12 PM | Attr = ] Avg8 -> %AllUsersProfile%\Application Data\Avg8 -> [Folder | Modified Date = 8/18/2008 11:59:02 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %AppData%\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 126376 bytes | Modified Date = 8/13/2008 2:04:02 AM | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 5/22/2008 9:25:58 PM | Attr = ] Talkback -> %AppData%\Talkback -> [Folder | Modified Date = 5/22/2008 9:26:26 PM | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 5/24/2008 10:00:28 PM | Attr = ] vlc -> %AppData%\vlc -> [Folder | Modified Date = 6/5/2008 12:23:06 AM | Attr = ] Nitro PDF -> %AppData%\Nitro PDF -> [Folder | Modified Date = 7/16/2008 12:39:28 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 8/7/2008 11:34:16 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 102912 bytes | Modified Date = 8/9/2008 1:40:00 AM | Attr = ] Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [Folder | Modified Date = 5/22/2008 9:25:58 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 4294986 bytes | Modified Date = 5/25/2008 1:07:12 PM | Attr = ] Downloaded Installations -> %UserProfile%\Local Settings\Application Data\Downloaded Installations -> [Folder | Modified Date = 7/16/2008 12:37:04 AM | Attr = ] insrana1.jpg -> %UserProfile%\My Documents\insrana1.jpg -> [Ver = | Size = 69520 bytes | Modified Date = 7/15/2008 11:49:36 PM | Attr = ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 8/14/2008 10:45:20 AM | Attr = ] INCHARGE.xls -> %UserProfile%\My Documents\INCHARGE.xls -> [Ver = | Size = 16896 bytes | Modified Date = 6/16/2008 3:50:56 PM | Attr = ] mis.rtf -> %UserProfile%\My Documents\mis.rtf -> [Ver = | Size = 381 bytes | Modified Date = 6/19/2008 11:15:10 PM | Attr = ] wall -> %UserProfile%\My Documents\wall -> [Folder | Modified Date = 7/3/2008 10:02:42 PM | Attr = ] stock.xls -> %UserProfile%\My Documents\stock.xls -> [Ver = | Size = 15360 bytes | Modified Date = 7/10/2008 11:21:08 PM | Attr = ] 4961_Solitarioxxx_en_m2_176_gen_6630.jad -> %UserProfile%\My Documents\4961_Solitarioxxx_en_m2_176_gen_6630.jad -> [Ver = | Size = 256 bytes | Modified Date = 5/26/2008 11:12:14 PM | Attr = ] googlehostedservice.html -> %UserProfile%\My Documents\googlehostedservice.html -> [Ver = | Size = 22 bytes | Modified Date = 5/25/2008 10:11:00 PM | Attr = ] 1554_TheDonaldTrumpetShow_6630.jad -> %UserProfile%\My Documents\1554_TheDonaldTrumpetShow_6630.jad -> [Ver = | Size = 300 bytes | Modified Date = 5/26/2008 11:19:08 PM | Attr = ] 4961_Solitarioxxx_en_m2_176_gen_6630.jar -> %UserProfile%\My Documents\4961_Solitarioxxx_en_m2_176_gen_6630.jar -> [Ver = | Size = 120850 bytes | Modified Date = 5/26/2008 11:12:04 PM | Attr = ] 1554_TheDonaldTrumpetShow_6630.jar -> %UserProfile%\My Documents\1554_TheDonaldTrumpetShow_6630.jar -> [Ver = | Size = 123224 bytes | Modified Date = 5/26/2008 11:19:06 PM | Attr = ] interview.doc -> %UserProfile%\My Documents\interview.doc -> [Ver = | Size = 25088 bytes | Modified Date = 7/3/2008 11:30:42 PM | Attr = ] 5069_26232329.gif -> %UserProfile%\My Documents\5069_26232329.gif -> [Ver = | Size = 28111 bytes | Modified Date = 5/26/2008 11:23:42 PM | Attr = ] Software_mapilai.pdf -> %UserProfile%\My Documents\Software_mapilai.pdf -> [Ver = | Size = 45775 bytes | Modified Date = 7/3/2008 9:53:32 PM | Attr = ] karthikeyan result.doc -> %UserProfile%\My Documents\karthikeyan result.doc -> [Ver = | Size = 35840 bytes | Modified Date = 7/14/2008 11:06:06 PM | Attr = ] cvjava.doc -> %UserProfile%\My Documents\cvjava.doc -> [Ver = | Size = 36864 bytes | Modified Date = 7/15/2008 4:42:02 PM | Attr = ] insjyoti.jpg -> %UserProfile%\My Documents\insjyoti.jpg -> [Ver = | Size = 71916 bytes | Modified Date = 7/15/2008 11:57:44 PM | Attr = ] My Completed Downloads -> %UserProfile%\My Documents\My Completed Downloads -> [Folder | Modified Date = 7/15/2008 10:56:32 PM | Attr = ] adm_vinogradov_01.jpg -> %UserProfile%\My Documents\adm_vinogradov_01.jpg -> [Ver = | Size = 113834 bytes | Modified Date = 7/16/2008 12:26:34 AM | Attr = ] marshal_shaposhnikov.jpg -> %UserProfile%\My Documents\marshal_shaposhnikov.jpg -> [Ver = | Size = 117613 bytes | Modified Date = 7/16/2008 12:03:22 AM | Attr = ] ka-27-heli.jpg -> %UserProfile%\My Documents\ka-27-heli.jpg -> [Ver = | Size = 57739 bytes | Modified Date = 7/16/2008 12:10:44 AM | Attr = ] dubhna.jpg -> %UserProfile%\My Documents\dubhna.jpg -> [Ver = | Size = 22207 bytes | Modified Date = 7/16/2008 12:31:56 AM | Attr = ] Ka-28_Indian_Navy.jpg -> %UserProfile%\My Documents\Ka-28_Indian_Navy.jpg -> [Ver = | Size = 36098 bytes | Modified Date = 7/16/2008 12:24:56 AM | Attr = ] Seaking1.jpg -> %UserProfile%\My Documents\Seaking1.jpg -> [Ver = | Size = 45005 bytes | Modified Date = 7/16/2008 12:16:12 AM | Attr = ] flotilla.jpg -> %UserProfile%\My Documents\flotilla.jpg -> [Ver = | Size = 78920 bytes | Modified Date = 7/15/2008 11:44:02 PM | Attr = ] cvjava.pdf -> %UserProfile%\My Documents\cvjava.pdf -> [Ver = | Size = 391600 bytes | Modified Date = 7/27/2008 9:29:34 PM | Attr = ] Vitsa InfoTech P Ltd.ppt -> %UserProfile%\My Documents\Vitsa InfoTech P Ltd.ppt -> [Ver = | Size = 185856 bytes | Modified Date = 8/12/2008 12:20:00 AM | Attr = ] Mesh Network.ppt -> %UserProfile%\My Documents\Mesh Network.ppt -> [Ver = | Size = 135680 bytes | Modified Date = 8/13/2008 1:53:10 AM | Attr = ] Everything_you_want_to_know_in_chennai.xls -> %UserProfile%\My Documents\Everything_you_want_to_know_in_chennai.xls -> [Ver = | Size = 701952 bytes | Modified Date = 7/3/2008 9:49:18 PM | Attr = ] idcard.JPG -> %UserProfile%\My Documents\idcard.JPG -> [Ver = | Size = 15842 bytes | Modified Date = 8/14/2008 10:50:28 AM | Attr = ] GST Road - As buit drg 18[1].06.08.dwg -> %UserProfile%\My Documents\GST Road - As buit drg 18[1].06.08.dwg -> [Ver = | Size = 954956 bytes | Modified Date = 8/12/2008 8:36:52 AM | Attr = ] Vitsa InfoTech.doc -> %UserProfile%\My Documents\Vitsa InfoTech.doc -> [Ver = | Size = 19968 bytes | Modified Date = 8/12/2008 12:03:16 AM | Attr = ] wmnTutorial.ppt -> %UserProfile%\My Documents\wmnTutorial.ppt -> [Ver = | Size = 11500544 bytes | Modified Date = 8/12/2008 10:54:44 PM | Attr = ] vivithacv.doc -> %UserProfile%\My Documents\vivithacv.doc -> [Ver = | Size = 33280 bytes | Modified Date = 7/15/2008 8:37:52 PM | Attr = ] mesh-scenario.gif -> %UserProfile%\My Documents\mesh-scenario.gif -> [Ver = | Size = 38387 bytes | Modified Date = 8/12/2008 12:42:10 AM | Attr = ] Self-form-self-heal.gif -> %UserProfile%\My Documents\Self-form-self-heal.gif -> [Ver = | Size = 18710 bytes | Modified Date = 8/12/2008 12:34:48 AM | Attr = ] Thumbs.db -> %UserProfile%\My Documents\Thumbs.db -> [Ver = | Size = 8704 bytes | Modified Date = 8/19/2008 12:09:12 AM | Attr = HS] Ha-Ha_by_Pooja.part1.rar -> %UserProfile%\My Documents\Ha-Ha_by_Pooja.part1.rar -> [Ver = | Size = 22020096 bytes | Modified Date = 8/15/2008 2:34:10 AM | Attr = ] Ha-Ha_by_Pooja.part2.rar -> %UserProfile%\My Documents\Ha-Ha_by_Pooja.part2.rar -> [Ver = | Size = 20051818 bytes | Modified Date = 8/15/2008 2:48:40 AM | Attr = ] The_Bastard_of_Venus_by_Pooja.rar -> %UserProfile%\My Documents\The_Bastard_of_Venus_by_Pooja.rar -> [Ver = | Size = 27998468 bytes | Modified Date = 8/15/2008 3:11:16 AM | Attr = ] House_Calls_by_Pooja.rar -> %UserProfile%\My Documents\House_Calls_by_Pooja.rar -> [Ver = | Size = 7530813 bytes | Modified Date = 8/15/2008 3:51:36 AM | Attr = ] Mother_Rule_by_Pooja.rar -> %UserProfile%\My Documents\Mother_Rule_by_Pooja.rar -> [Ver = | Size = 30940387 bytes | Modified Date = 8/15/2008 4:15:36 AM | Attr = ] pinfect.zip -> %UserProfile%\My Documents\pinfect.zip -> [Ver = | Size = 113898 bytes | Modified Date = 8/18/2008 10:37:24 PM | Attr = ] mIRC.lnk -> %AllUsersProfile%\Desktop\mIRC.lnk -> [Ver = | Size = 530 bytes | Modified Date = 7/26/2008 12:10:28 AM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 8/19/2008 12:38:08 AM | Attr = ] cvjava.doc -> %UserProfile%\Desktop\cvjava.doc -> [Ver = | Size = 38400 bytes | Modified Date = 7/18/2008 8:25:40 PM | Attr = ] greatmailz_org.htm -> %UserProfile%\Desktop\greatmailz_org.htm -> [Ver = | Size = 7937 bytes | Modified Date = 7/3/2008 11:56:36 PM | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 8192 bytes | Modified Date = 8/12/2008 12:42:50 AM | Attr = HS] RENTAL AGREEMENT.doc -> %UserProfile%\Desktop\RENTAL AGREEMENT.doc -> [Ver = | Size = 28672 bytes | Modified Date = 8/15/2008 7:42:50 PM | Attr = ] vitsa'sS Wireless Networking Projects and Proposals[1].doc -> %UserProfile%\Desktop\vitsa'sS Wireless Networking Projects and Proposals[1].doc -> [Ver = | Size = 65536 bytes | Modified Date = 8/11/2008 11:45:48 PM | Attr = ] Vitsa InfoTech P Ltd.ppt -> %UserProfile%\Desktop\Vitsa InfoTech P Ltd.ppt -> [Ver = | Size = 185856 bytes | Modified Date = 8/12/2008 12:20:34 AM | Attr = ] amendmentpg.doc.dap -> %UserProfile%\Desktop\amendmentpg.doc.dap -> [Ver = | Size = 101376 bytes | Modified Date = 8/14/2008 4:39:40 PM | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Modified Date = 5/24/2008 10:00:36 PM | Attr = ] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Modified Date = 5/24/2008 10:00:58 PM | Attr = ] Ahead -> %CommonProgramFiles%\Ahead -> [Folder | Modified Date = 7/5/2008 11:07:24 PM | Attr = ] Nitro PDF -> %CommonProgramFiles%\Nitro PDF -> [Folder | Modified Date = 7/16/2008 12:37:46 AM | Attr = ] BCL Technologies -> %CommonProgramFiles%\BCL Technologies -> [Folder | Modified Date = 7/16/2008 12:37:46 AM | Attr = ] MicroWorld -> %CommonProgramFiles%\MicroWorld -> [Folder | Modified Date = 8/3/2008 2:24:48 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... scan completed successfully hidden files: 0 < End of report > [/code]