[code] OTScanIt logfile created on: 8/24/2008 5:28:28 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Compaq_Administrator\Desktop\OTScanIt Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 958.48 Mb Total Physical Memory | 477.61 Mb Available Physical Memory | 49.83% Memory free 2.26 Gb Paging File | 1.84 Gb Available in Paging File | 81.30% Paging File free Paging file location(s): C:\pagefile.sys 1440 2880; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 224.68 Gb Total Space | 152.62 Gb Free Space | 67.93% Space Free | Partition Type: NTFS Drive D: | 8.18 Gb Total Space | 0.52 Gb Free Space | 6.34% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TROYTANAKA Current User Name: Compaq_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2/11/2008 8:30:12 PM | Attr = ] lvprcsrv.exe -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 9.5.0.1098 | Size = 81920 bytes | Modified Date = 12/9/2005 3:37:42 PM | Attr = ] apdproxy.exe -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ] hptlbxfx.exe -> %ProgramFiles%\HP\ToolBoxFX\bin\HPTLBXFX.exe -> HP [Ver = 1.2.139.0 | Size = 45056 bytes | Modified Date = 2/2/2006 8:12:30 AM | Attr = ] hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 4:24:20 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] arservice.exe -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 1:19:16 PM | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ] teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS] avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 8/23/2008 3:00:49 AM | Attr = ] aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/2/2006 9:17:27 PM | Attr = ] lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.84.1 | Size = 73728 bytes | Modified Date = 3/23/2006 3:48:44 PM | Attr = ] pifsvc.exe -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 3/12/2007 6:30:14 PM | Attr = ] avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 287000 bytes | Modified Date = 8/23/2008 3:00:52 AM | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ] hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/8/2007 9:27:52 PM | Attr = ] viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 11:38:08 AM | Attr = ] avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 8/23/2008 3:00:51 AM | Attr = ] viewmgr.exe -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 112336 bytes | Modified Date = 1/4/2007 11:38:18 AM | Attr = ] acrord32.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 7.0.8.2006051600 | Size = 71288 bytes | Modified Date = 5/16/2006 11:15:10 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft [Ver = 7,0,2,6 | Size = 587096 bytes | Modified Date = 2/11/2008 8:30:12 PM | Attr = ] (ARSVC) ARSVC [Win32_Own | Auto | Running] -> %SystemRoot%\arservice.exe -> Microsoft [Ver = 6.0.0160.0 | Size = 58880 bytes | Modified Date = 8/2/2005 1:19:16 PM | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.2.0.68 | Size = 554352 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ] (avg8emc) AVG Free8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 8/23/2008 3:00:51 AM | Attr = ] (avg8wd) AVG Free8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 8/23/2008 3:00:49 AM | Attr = ] (cmdAgent) COMODO Firewall Pro Helper Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\COMODO\Firewall\cmdagent.exe -> [Ver = | Size = 519936 bytes | Modified Date = 8/23/2008 2:57:09 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 3:40:21 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 1:06:04 AM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.2.0.35 | Size = 501312 bytes | Modified Date = 6/1/2007 4:51:22 PM | Attr = ] (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> Hewlett-Packard Company [Ver = 1.4.84.1 | Size = 73728 bytes | Modified Date = 3/23/2006 3:48:44 PM | Attr = ] (LiveUpdate) LiveUpdate [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_2.EXE -> Symantec Corporation [Ver = 3.2.0.68 | Size = 2999664 bytes | Modified Date = 9/12/2007 6:27:24 PM | Attr = ] (LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Win32_Shared | Auto | Stopped] -> -> File not found (LiveUpdate Notice Service) LiveUpdate Notice Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -> Symantec Corporation [Ver = 1.2.0.18 | Size = 517768 bytes | Modified Date = 3/12/2007 6:30:14 PM | Attr = ] (LVPrcSrv) Logitech Process Monitor [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Logitech\LVMVFM\LVPrcSrv.exe -> Logitech Inc. [Ver = 9.5.0.1098 | Size = 81920 bytes | Modified Date = 12/9/2005 3:37:42 PM | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 155716 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Modified Date = 8/8/2007 9:27:52 PM | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1252232 bytes | Modified Date = 11/30/2007 1:10:17 AM | Attr = ] (Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 11:38:08 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Photo Downloader -> %ProgramFiles%\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"] -> Adobe Systems Incorporated [Ver = 3.0.0.49815 | Size = 57344 bytes | Modified Date = 6/6/2005 11:46:24 PM | Attr = ] AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 8/23/2008 3:00:51 AM | Attr = ] COMODO Firewall Pro -> %ProgramFiles%\COMODO\Firewall\cfp.exe ["C:\Program Files\COMODO\Firewall\cfp.exe" -h] -> [Ver = | Size = 1655552 bytes | Modified Date = 8/23/2008 2:57:09 AM | Attr = ] COMODO SafeSurf -> %ProgramFiles%\COMODO\SafeSurf\cssurf.exe ["C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s] -> COMODO [Ver = 1, 0, 0, 5 | Size = 278264 bytes | Modified Date = 8/23/2008 2:57:52 AM | Attr = ] HP Software Update -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe] -> Hewlett-Packard [Ver = 80, 1, 0, 0 | Size = 54840 bytes | Modified Date = 5/8/2007 4:24:20 PM | Attr = ] NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6371 | Size = 8491008 bytes | Modified Date = 9/17/2007 1:07:00 AM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 6/29/2007 6:24:52 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] ToolBoxFX -> %ProgramFiles%\HP\ToolBoxFX\bin\HPTLBXFX.exe ["C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on] -> HP [Ver = 1.2.139.0 | Size = 45056 bytes | Modified Date = 2/2/2006 8:12:30 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 5:20:54 AM | Attr = ] I.R.I.S. Desktop Search -> %ProgramFiles%\IRIS Desktop Search\IRISDesktopSearch.exe ["C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.exe" /tray] -> Copernic Technologies Inc. [Ver = 1.6.3.910 | Size = 5193512 bytes | Modified Date = 1/11/2006 3:37:54 AM | Attr = ] Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.49 | Size = 443968 bytes | Modified Date = 2/25/2008 3:23:34 PM | Attr = ] SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS] < Run [HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\] > -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 5:20:54 AM | Attr = ] I.R.I.S. Desktop Search -> %ProgramFiles%\IRIS Desktop Search\IRISDesktopSearch.exe ["C:\Program Files\IRIS Desktop Search\IRISDesktopSearch.exe" /tray] -> Copernic Technologies Inc. [Ver = 1.6.3.910 | Size = 5193512 bytes | Modified Date = 1/11/2006 3:37:54 AM | Attr = ] Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.49 | Size = 443968 bytes | Modified Date = 2/25/2008 3:23:34 PM | Attr = ] SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS] < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Compaq_Administrator Startup Folder > -> C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> %SystemDrive%\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk -> %SystemDrive%\hp\bin\cloaker.exe -> Hewlett-Packard Co. [Ver = 3, 1, 0, 0 | Size = 27136 bytes | Modified Date = 11/6/1999 1:11:14 PM | Attr = ] < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\WINDOWS\system32\guard32.dll -> %SystemRoot%\system32\guard32.dll -> [Ver = | Size = 143104 bytes | Modified Date = 8/23/2008 2:57:09 AM | Attr = ] C:\WINDOWS\system32\cssdll32.dll -> %SystemRoot%\system32\cssdll32.dll -> COMODO [Ver = 1, 0, 0, 7 | Size = 249592 bytes | Modified Date = 8/23/2008 2:57:52 AM | Attr = ] avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 8/23/2008 3:01:06 AM | Attr = ] *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> msapsspc.dll schannel.dll digest.dll msnsspc.dll -> -> File not found *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 12:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 5:34:01 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008] > -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> AtiExtEvent -> -> File not found WgaLogon -> -> File not found < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoComputersNearMe -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallVisualStyle -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\InstallTheme -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetHood -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoComputersNearMe -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008] > -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoNetHood -> 0 -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoComputersNearMe -> 0 -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHL-DT-ST_DVDRRW_GSA-H20L________________S632____\5&3b3c1941&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 8/30/2005 11:02:02 AM | Attr = ] AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [Ver = | Size = 0 bytes | Modified Date = 7/27/2001 3:07:38 PM | Attr = HS] Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [Ver = | Size = 53 bytes | Modified Date = 4/30/2004 7:01:14 AM | Attr = HS] < HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com/ -> HKEY_CURRENT_USER\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 11:39:26 AM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 1 -> HKEY_CURRENT_USER\: ProxyOverride -> -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop -> HKEY_USERS\.DEFAULT\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop -> HKEY_USERS\.DEFAULT\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 1 -> HKEY_USERS\.DEFAULT\: ProxyOverride -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Default_Page_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop -> HKEY_USERS\S-1-5-18\: Main\\Default_Search_URL -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop -> HKEY_USERS\S-1-5-18\: Main\\Search Bar -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 1 -> HKEY_USERS\S-1-5-18\: ProxyOverride -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\] > -> -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\: Main\\Search Page -> http://www.google.com -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\: Main\\Start Page -> http://www.google.com/ -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 11:39:26 AM | Attr = ] HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\: ProxyEnable -> 1 -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\: ProxyOverride -> -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\] > -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\] > -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 11:39:26 AM | Attr = ] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.136 | Size = 455960 bytes | Modified Date = 8/23/2008 3:00:52 AM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskSBar\bar\1.bin\ASKSBAR.DLL [Ask Toolbar BHO] -> Ask.com [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 8/23/2008 2:57:51 AM | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll [I.R.I.S. Desktop Search] -> Copernic Technologies Inc. [Ver = 1.6.3.910 | Size = 1385768 bytes | Modified Date = 1/11/2006 3:37:46 AM | Attr = ] {D5045198-55C2-46ED-87F4-17E31BE72A33} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll [I.R.I.S. Desktop Search] -> Copernic Technologies Inc. [Ver = 1.6.3.910 | Size = 1385768 bytes | Modified Date = 1/11/2006 3:37:46 AM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {577EBCA9-8ED3-45FC-A514-55B3817D4BCF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll [I.R.I.S. Desktop Search] -> Copernic Technologies Inc. [Ver = 1.6.3.910 | Size = 1385768 bytes | Modified Date = 1/11/2006 3:37:46 AM | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 11:39:26 AM | Attr = ] {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskSBar\bar\1.bin\ASKSBAR.DLL [Ask Toolbar] -> Ask.com [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 8/23/2008 2:57:51 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{577EBCA9-8ED3-45FC-A514-55B3817D4BCF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll [I.R.I.S. Desktop Search] -> Copernic Technologies Inc. [Ver = 1.6.3.910 | Size = 1385768 bytes | Modified Date = 1/11/2006 3:37:46 AM | Attr = ] WebBrowser\\{A057A204-BACC-4D26-CEC4-75A487FD6484} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 11:39:26 AM | Attr = ] WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskSBar\bar\1.bin\ASKSBAR.DLL [Ask Toolbar] -> Ask.com [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 8/23/2008 2:57:51 AM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\] > -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{577EBCA9-8ED3-45FC-A514-55B3817D4BCF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll [I.R.I.S. Desktop Search] -> Copernic Technologies Inc. [Ver = 1.6.3.910 | Size = 1385768 bytes | Modified Date = 1/11/2006 3:37:46 AM | Attr = ] WebBrowser\\{A057A204-BACC-4D26-CEC4-75A487FD6484} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 3, 20, 1 | Size = 803864 bytes | Modified Date = 3/20/2007 11:39:26 AM | Attr = ] WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AskSBar\bar\1.bin\ASKSBAR.DLL [Ask Toolbar] -> Ask.com [Ver = 2, 3, 0, 11 | Size = 262144 bytes | Modified Date = 8/23/2008 2:57:51 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> PokerStars [Ver = 1.120 | Size = 603416 bytes | Modified Date = 8/10/2008 7:49:33 AM | Attr = ] {94148DB5-B42D-4915-95DA-2CBB4F7095BF}:Exec -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet] -> UltimateBet [Ver = 2008, 7, 29, 3 | Size = 3732808 bytes | Modified Date = 7/29/2008 2:15:23 PM | Attr = ] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 1/28/2008 11:43:28 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> PokerStars [Ver = 1.120 | Size = 603416 bytes | Modified Date = 8/10/2008 7:49:33 AM | Attr = ] CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{94148DB5-B42D-4915-95DA-2CBB4F7095BF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet] -> UltimateBet [Ver = 2008, 7, 29, 3 | Size = 3732808 bytes | Modified Date = 7/29/2008 2:15:23 PM | Attr = ] CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> Yahoo! Inc. [Ver = 8,0,0,716 | Size = 4621816 bytes | Modified Date = 9/13/2006 2:17:28 PM | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> Yahoo! Inc. [Ver = 8,0,0,716 | Size = 4621816 bytes | Modified Date = 9/13/2006 2:17:28 PM | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> Yahoo! Inc. [Ver = 8,0,0,716 | Size = 4621816 bytes | Modified Date = 9/13/2006 2:17:28 PM | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\] > -> HKEY_USERS\S-1-5-21-432461343-1916560831-170414058-1008\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] CmdMapping\\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [PokerStars] -> PokerStars [Ver = 1.120 | Size = 603416 bytes | Modified Date = 8/10/2008 7:49:33 AM | Attr = ] CmdMapping\\{4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{94148DB5-B42D-4915-95DA-2CBB4F7095BF} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\UltimateBet\UltimateBet.exe [UltimateBet] -> UltimateBet [Ver = 2008, 7, 29, 3 | Size = 3732808 bytes | Modified Date = 7/29/2008 2:15:23 PM | Attr = ] CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [Messenger Class] -> Yahoo! Inc. [Ver = 8,0,0,716 | Size = 4621816 bytes | Modified Date = 9/13/2006 2:17:28 PM | Attr = ] CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {38ADD0E0-2C7C-4D48-87D7-C94B2BF8084C} -> () -> {892900FC-9814-4488-99C0-81491C1EE93D} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) -> {D7C08D1D-171A-421B-8AE0-7B96223B6503} -> () -> {F81F7AC8-104D-42DD-8742-839A70BA1881} -> (NVIDIA nForce Networking Controller) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 8/23/2008 3:00:56 AM | Attr = ] msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218134000551&h=4232583b9835acaa81995f90f0a37e6c/&filename=jinstall-6u7-windows-i586-jc.cab[Java Plug-in 1.6.0_07] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab[Java Plug-in 1.5.0_05] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[Java Plug-in 1.5.0_09] -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HMAtchmt.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HMAtchmt.ocx\\.Owner -> {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HMAtchmt.ocx\\{F04A8AE2-A59D-11D2-8792-00C04F8EF29D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pcpitstop2.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pcpitstop2.dll\\.Owner -> {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/pcpitstop2.dll\\{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 7:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 4:21:15 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 6:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 912 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 02 DB 94 87 46 42 F7 8D 73 A8 F4 74 54 AE 02 32 63 33 66 65 64 30 66 30 00 00 00 00 3B 48 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 0E B4 EB 38 30 E0 FE 7E B8 55 DA C3 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 87 05 0C 6D 07 F5 EB 63 A9 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 7A F0 F5 C7 62 8C [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> AA 1B 4C F9 BC FB 23 34 AB 0D 07 BF 89 E1 F8 3B [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 00 47 BF 9F 36 03 C9 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 60 DB 8F D1 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 48 59 D5 53 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 60 DB 8F D1 7E C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 8780 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 9/26/2006 8:33:49 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 2:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DISC\DISCover.exe -> %ProgramFiles%\DISC\DISCover.exe [C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System] -> Digital Interactive Systems Corporation [Ver = 3.31.2005.0315 | Size = 1077248 bytes | Modified Date = 3/15/2006 4:12:40 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DISC\DiscStreamHub.exe -> %ProgramFiles%\DISC\DiscStreamHub.exe [C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub] -> Digital Interactive Systems Corporation, Inc. [Ver = 3.31.2005.315 | Size = 57344 bytes | Modified Date = 3/15/2006 4:11:54 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DISC\myFTP.exe -> %ProgramFiles%\DISC\myFTP.exe [C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP] -> Digital Interactive Systems Corporation, Inc. [Ver = 3.31.2005.315 | Size = 94208 bytes | Modified Date = 3/15/2006 4:11:50 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\EarthLink TotalAccess\TaskPanl.exe -> %ProgramFiles%\EarthLink TotalAccess\TaskPanl.exe [C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/2/2006 9:17:27 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1157956347\ee\aolsoftware.exe -> %CommonProgramFiles%\AOL\1157956347\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1157956347\ee\aolsoftware.exe:*:Enabled:AOL Services] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1157956347\ee\aim6.exe -> %CommonProgramFiles%\AOL\1157956347\ee\aim6.exe [C:\Program Files\Common Files\AOL\1157956347\ee\aim6.exe:*:Enabled:AIM] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,0,0,716 | Size = 4621816 bytes | Modified Date = 9/13/2006 2:17:28 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YServer.exe -> %ProgramFiles%\Yahoo!\Messenger\YServer.exe [C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server] -> Yahoo! Inc. [Ver = 3, 0, 0, 0 | Size = 91128 bytes | Modified Date = 9/13/2006 2:17:34 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Compaq_Administrator\Desktop\WoW-1.12.0.5595-to-0.12.1.5803-enUS-downloader.exe -> %UserProfile%\Desktop\WoW-1.12.0.5595-to-0.12.1.5803-enUS-downloader.exe [C:\Documents and Settings\Compaq_Administrator\Desktop\WoW-1.12.0.5595-to-0.12.1.5803-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> Logitech [Ver = 2.30.04 | Size = 36864 bytes | Modified Date = 9/26/2006 8:33:49 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe -> %ProgramFiles%\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe [C:\Program Files\World of Warcraft\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader] -> Blizzard Entertainment [Ver = 1, 6, 3, 127 | Size = 763219 bytes | Modified Date = 9/26/2006 9:14:15 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Valve\Steam\SteamApps\sthirteenturbo\counter-strike source\hl2.exe -> %ProgramFiles%\Valve\Steam\SteamApps\sthirteenturbo\counter-strike source\hl2.exe [C:\Program Files\Valve\Steam\SteamApps\sthirteenturbo\counter-strike source\hl2.exe:*:Enabled:hl2] -> [Ver = | Size = 106496 bytes | Modified Date = 10/18/2007 7:10:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> %ProgramFiles%\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 10/4/2007 5:20:54 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe -> %ProgramFiles%\Turbine\The Lord of the Rings Online\lotroclient.exe [C:\Program Files\Turbine\The Lord of the Rings Online\lotroclient.exe:*:Enabled:lotroclient.exe] -> Turbine, Inc. [Ver = 01.08.00.8136 | Size = 11932944 bytes | Modified Date = 8/9/2008 10:02:39 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\THQ\Dawn Of War\W40k.exe -> %ProgramFiles%\THQ\Dawn Of War\W40k.exe [C:\Program Files\THQ\Dawn Of War\W40k.exe:*:Enabled:W40k] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Warcraft III\Warcraft III.exe -> %ProgramFiles%\Warcraft III\Warcraft III.exe [C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III] -> Blizzard Entertainment [Ver = 1, 0, 0, 1 | Size = 274432 bytes | Modified Date = 7/5/2007 8:19:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ubisoft\Chessmaster 10th Edition\game.exe -> %ProgramFiles%\Ubisoft\Chessmaster 10th Edition\game.exe [C:\Program Files\Ubisoft\Chessmaster 10th Edition\game.exe:*:Enabled:Chessmaster 10th Edition] -> Ubi Soft Entertainment [Ver = v1.0.0 | Size = 5628592 bytes | Modified Date = 7/1/2004 6:12:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Morpheus\Morpheus.exe -> %ProgramFiles%\Morpheus\Morpheus.exe [C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Codemasters\Overlord\Overlord.exe -> %ProgramFiles%\Codemasters\Overlord\Overlord.exe [C:\Program Files\Codemasters\Overlord\Overlord.exe:*:Enabled:Overlord] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe -> %ProgramFiles%\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe [C:\Program Files\Ubisoft\Ghost Recon Advanced Warfighter\GRAW.exe:*:Enabled:GRAW] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Valve\Steam\steam.exe -> %ProgramFiles%\Valve\Steam\steam.exe [C:\Program Files\Valve\Steam\steam.exe:*:Enabled:Steam] -> Valve Corporation [Ver = 1.0.0.0 | Size = 1271032 bytes | Modified Date = 10/4/2007 7:59:11 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 6:24:37 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 2:44:50 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\iTunes\iTunes.exe -> %ProgramFiles%\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> Apple Inc. [Ver = 7.2.0.35 | Size = 14778432 bytes | Modified Date = 6/1/2007 4:51:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\setup\HPZNET01.EXE -> E:\setup\HPZNET01.EXE [E:\setup\HPZNET01.EXE:*:Enabled:hpznet01.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\setup\hppapd.exe -> E:\setup\hppapd.exe [E:\setup\hppapd.exe:*:Enabled:hppapd.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\setup\HPPNICIFS01.EXE -> E:\setup\HPPNICIFS01.EXE [E:\setup\HPPNICIFS01.EXE:*:Enabled:hppnicifs01.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\setup\HPNTWKEXE.EXE -> E:\setup\HPNTWKEXE.EXE [E:\setup\HPNTWKEXE.EXE:*:Enabled:hpntwkexe.exe] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 8/23/2008 3:00:51 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> %ProgramFiles%\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 640280 bytes | Modified Date = 8/23/2008 3:00:51 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3724:TCP -> 3724:TCP:*:Enabled:Blizzard Downloader -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6112:TCP -> 6112:TCP:*:Enabled:Blizzard Downloader -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6881:TCP -> 6881:TCP:*:Enabled:Blizzard Downloader -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6882:TCP -> 6882:TCP:*:Enabled:Blizzard Downloader -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6883:TCP -> 6883:TCP:*:Enabled:Blizzard Downloader -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 6:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/9/2004 11:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 6:39:49 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 1 -> < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = -> 0 -> Source = -> 0 -> SubscribedURL = -> < Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> ccISPwdSvc -> -> ccProxy -> -> navapsvc -> -> NSCService -> -> SAVScan -> -> SNDSrvc -> -> SPBBCSvc -> -> WMPNetworkSvc -> -> < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> [Files/Folders - Created Within 90 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Created Date = 8/23/2008 3:12:19 AM | Attr = H ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 6/7/2008 12:40:58 PM | Attr = H ] Fraps -> %SystemDrive%\Fraps -> [Folder | Created Date = 8/15/2008 4:51:45 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005113344 bytes | Created Date = 8/20/2008 5:10:01 PM | Attr = HS] ijji -> %SystemDrive%\ijji -> [Folder | Created Date = 7/4/2008 11:45:02 PM | Attr = ] SDFix -> %SystemDrive%\SDFix -> [Folder | Created Date = 8/20/2008 4:32:06 PM | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Created Date = 8/23/2008 3:00:57 AM | Attr = ] avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 6061540 bytes | Created Date = 8/23/2008 3:00:57 AM | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 26574096 bytes | Created Date = 8/23/2008 3:00:57 AM | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 67349 bytes | Created Date = 8/23/2008 3:00:57 AM | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 211986 bytes | Created Date = 8/23/2008 3:00:57 AM | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 96520 bytes | Created Date = 8/23/2008 3:01:02 AM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.132 | Size = 26824 bytes | Created Date = 8/23/2008 3:01:00 AM | Attr = ] avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 76040 bytes | Created Date = 8/23/2008 3:01:06 AM | Attr = ] cmdguard.sys -> %SystemRoot%\System32\drivers\cmdguard.sys -> COMODO [Ver = 3, 0, 23, 359 built by: WinDDK | Size = 87056 bytes | Created Date = 8/23/2008 2:57:10 AM | Attr = ] cmdhlp.sys -> %SystemRoot%\System32\drivers\cmdhlp.sys -> COMODO [Ver = 3, 0, 23, 359 built by: WinDDK | Size = 24208 bytes | Created Date = 8/23/2008 2:57:10 AM | Attr = ] hpfxbulk.sys -> %SystemRoot%\System32\drivers\hpfxbulk.sys -> Hewlett Packard [Ver = 1, 0, 0, 10 | Size = 9344 bytes | Created Date = 6/7/2008 12:48:13 PM | Attr = R ] hpfxgen.sys -> %SystemRoot%\System32\drivers\hpfxgen.sys -> Hewlett Packard [Ver = 2, 1, 0, 10 | Size = 17024 bytes | Created Date = 6/7/2008 12:48:13 PM | Attr = R ] HPZid412.sys -> %SystemRoot%\System32\drivers\HPZid412.sys -> HP [Ver = 10, 1, 0, 3 | Size = 49920 bytes | Created Date = 6/7/2008 12:48:17 PM | Attr = R ] HPZipr12.sys -> %SystemRoot%\System32\drivers\HPZipr12.sys -> HP [Ver = 10, 1, 0, 3 | Size = 16496 bytes | Created Date = 6/7/2008 12:49:02 PM | Attr = R ] inspect.sys -> %SystemRoot%\System32\drivers\inspect.sys -> COMODO [Ver = 3, 0, 23, 359 | Size = 79760 bytes | Created Date = 8/23/2008 2:57:11 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/20/2008 2:00:31 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/20/2008 2:00:31 PM | Attr = ] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Created Date = 8/23/2008 3:01:06 AM | Attr = ] C-XLS.dll -> %SystemRoot%\System32\C-XLS.dll -> Softinterface, Inc. [Ver = 1, 2, 3, 0 | Size = 720896 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] Convert-XLS.CNT -> %SystemRoot%\System32\Convert-XLS.CNT -> [Ver = | Size = 14933 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] Convert-XLS.GID -> %SystemRoot%\System32\Convert-XLS.GID -> [Ver = | Size = 56110 bytes | Created Date = 7/15/2008 9:52:40 PM | Attr = H ] Convert-XLS.HLP -> %SystemRoot%\System32\Convert-XLS.HLP -> [Ver = | Size = 1241347 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] cssdll32.dll -> %SystemRoot%\System32\cssdll32.dll -> COMODO [Ver = 1, 0, 0, 7 | Size = 249592 bytes | Created Date = 8/23/2008 2:57:53 AM | Attr = ] CSVSpecialProcessing.dll -> %SystemRoot%\System32\CSVSpecialProcessing.dll -> [Ver = | Size = 131072 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] DVM.dll -> %SystemRoot%\System32\DVM.dll -> [Ver = | Size = 98304 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] guard32.dll -> %SystemRoot%\System32\guard32.dll -> [Ver = | Size = 143104 bytes | Created Date = 8/23/2008 2:57:11 AM | Attr = ] hpfxbulk.dll -> %SystemRoot%\System32\hpfxbulk.dll -> Hewlett Packard [Ver = 2, 0, 0, 1 | Size = 102400 bytes | Created Date = 6/7/2008 12:48:13 PM | Attr = R ] hpgwiamd.dll -> %SystemRoot%\System32\hpgwiamd.dll -> Hewlett-Packard [Ver = 3.2.2.807 | Size = 278528 bytes | Created Date = 6/7/2008 12:48:24 PM | Attr = R ] HPPADT40.DLL -> %SystemRoot%\System32\HPPADT40.DLL -> HP [Ver = 10, 1, 0, 3 | Size = 36864 bytes | Created Date = 6/7/2008 12:49:06 PM | Attr = ] HPPAMON0.DLL -> %SystemRoot%\System32\HPPAMON0.DLL -> HP [Ver = 10, 1, 0, 3 | Size = 32768 bytes | Created Date = 6/7/2008 12:49:06 PM | Attr = ] HPPAPML0.DLL -> %SystemRoot%\System32\HPPAPML0.DLL -> HP [Ver = 10, 1, 0, 3 | Size = 36864 bytes | Created Date = 6/7/2008 12:49:06 PM | Attr = ] HPPAPR01.DAT -> %SystemRoot%\System32\HPPAPR01.DAT -> [Ver = | Size = 508 bytes | Created Date = 6/7/2008 12:49:06 PM | Attr = ] HPPAPR01.DLL -> %SystemRoot%\System32\HPPAPR01.DLL -> [Ver = 1.0.7.0 | Size = 208896 bytes | Created Date = 6/7/2008 12:49:06 PM | Attr = ] HPPAPTS0.DLL -> %SystemRoot%\System32\HPPAPTS0.DLL -> HP [Ver = 10, 1, 0, 3 | Size = 45056 bytes | Created Date = 6/7/2008 12:49:06 PM | Attr = ] hppasc01.dll -> %SystemRoot%\System32\hppasc01.dll -> Hewlett-Packard [Ver = 2.9.4.158 | Size = 266240 bytes | Created Date = 6/7/2008 12:48:24 PM | Attr = R ] HPPASNM0.DLL -> %SystemRoot%\System32\HPPASNM0.DLL -> HP [Ver = 10, 1, 0, 3 | Size = 36864 bytes | Created Date = 6/7/2008 12:49:06 PM | Attr = ] hpptpml3.dll -> %SystemRoot%\System32\hpptpml3.dll -> Hewlett-Packard [Ver = 1.0.17.0 | Size = 765952 bytes | Created Date = 6/7/2008 12:48:25 PM | Attr = R ] HPZidr12.dll -> %SystemRoot%\System32\HPZidr12.dll -> HP [Ver = 10, 1, 0, 3 | Size = 278584 bytes | Created Date = 6/7/2008 12:48:26 PM | Attr = ] HPZinw12.exe -> %SystemRoot%\System32\HPZinw12.exe -> HP [Ver = 10, 1, 0, 3 | Size = 65536 bytes | Created Date = 6/7/2008 12:50:20 PM | Attr = ] HPZipm12.exe -> %SystemRoot%\System32\HPZipm12.exe -> HP [Ver = 10, 1, 1, 6 | Size = 73728 bytes | Created Date = 6/7/2008 12:48:26 PM | Attr = ] HPZipr12.dll -> %SystemRoot%\System32\HPZipr12.dll -> HP [Ver = 10, 1, 0, 3 | Size = 204800 bytes | Created Date = 6/7/2008 12:48:26 PM | Attr = ] HPZipt12.dll -> %SystemRoot%\System32\HPZipt12.dll -> HP [Ver = 10, 1, 0, 3 | Size = 94208 bytes | Created Date = 6/7/2008 12:50:20 PM | Attr = ] HPZisn12.dll -> %SystemRoot%\System32\HPZisn12.dll -> HP [Ver = 10, 1, 0, 3 | Size = 57344 bytes | Created Date = 6/7/2008 12:50:20 PM | Attr = ] ijjiPlugin2.dll -> %SystemRoot%\System32\ijjiPlugin2.dll -> NHN USA Corp. [Ver = 2, 0, 0, 1 | Size = 58800 bytes | Created Date = 7/4/2008 11:44:49 PM | Attr = ] ijjiSetup.exe -> %SystemRoot%\System32\ijjiSetup.exe -> NHN USA [Ver = 1, 0, 0, 31 | Size = 710064 bytes | Created Date = 7/4/2008 11:44:49 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/7/2008 8:34:18 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Created Date = 8/7/2008 8:34:18 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Created Date = 8/7/2008 8:34:18 AM | Attr = ] nppt9x.vxd -> %SystemRoot%\System32\nppt9x.vxd -> [Ver = | Size = 5174 bytes | Created Date = 7/4/2008 11:51:14 PM | Attr = ] npptNT2.sys -> %SystemRoot%\System32\npptNT2.sys -> INCA Internet Co., Ltd. [Ver = 2005, 1, 5, 1 | Size = 4682 bytes | Created Date = 7/4/2008 11:51:14 PM | Attr = ] RegisterExe.exe -> %SystemRoot%\System32\RegisterExe.exe -> [Ver = 1, 6, 1, 0 | Size = 53248 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] SARzilla.dll -> %SystemRoot%\System32\SARzilla.dll -> [Ver = | Size = 102400 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] SeeThroughPicture.ocx -> %SystemRoot%\System32\SeeThroughPicture.ocx -> Skogen [Ver = 1.00.0001 | Size = 106496 bytes | Created Date = 7/15/2008 9:52:26 PM | Attr = ] tx13.dll -> %SystemRoot%\System32\tx13.dll -> The Imaging Source Europe GmbH [Ver = 13.0.1303.500 | Size = 679936 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_bmp.flt -> %SystemRoot%\System32\tx13_bmp.flt -> The Imaging Source Europe GmbH [Ver = 13.0.203.500 | Size = 53248 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_css.dll -> %SystemRoot%\System32\tx13_css.dll -> The Imaging Source Europe GmbH [Ver = 13.0.204.501 | Size = 274432 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_doc.dll -> %SystemRoot%\System32\tx13_doc.dll -> The Imaging Source Europe GmbH [Ver = 13.0.501.502 | Size = 479232 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_gif.flt -> %SystemRoot%\System32\tx13_gif.flt -> The Imaging Source Europe GmbH [Ver = 13.0.105.500 | Size = 53248 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_htm.dll -> %SystemRoot%\System32\tx13_htm.dll -> The Imaging Source Europe GmbH [Ver = 13.0.234.501 | Size = 225280 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_ic.dll -> %SystemRoot%\System32\tx13_ic.dll -> The Imaging Source Europe GmbH [Ver = 13.0.330.501 | Size = 114688 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_ic.ini -> %SystemRoot%\System32\tx13_ic.ini -> [Ver = | Size = 530 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_jpg.flt -> %SystemRoot%\System32\tx13_jpg.flt -> The Imaging Source Europe GmbH [Ver = 13.0.114.500 | Size = 172032 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_obj.dll -> %SystemRoot%\System32\tx13_obj.dll -> The Imaging Source Europe GmbH [Ver = 13.0.122.500 | Size = 327680 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_pdf.dll -> %SystemRoot%\System32\tx13_pdf.dll -> The Imaging Source Europe GmbH [Ver = 13.0.120.500 | Size = 577536 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_png.flt -> %SystemRoot%\System32\tx13_png.flt -> The Imaging Source Europe GmbH [Ver = 13.0.114.500 | Size = 221184 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_rtf.dll -> %SystemRoot%\System32\tx13_rtf.dll -> The Imaging Source Europe GmbH [Ver = 13.0.501.502 | Size = 360448 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_tif.flt -> %SystemRoot%\System32\tx13_tif.flt -> The Imaging Source Europe GmbH [Ver = 13.0.246.500 | Size = 61440 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_tls.dll -> %SystemRoot%\System32\tx13_tls.dll -> The Imaging Source Europe GmbH [Ver = 13.0.300.501 | Size = 196608 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_wmf.flt -> %SystemRoot%\System32\tx13_wmf.flt -> The Imaging Source Europe GmbH [Ver = 13.0.115.500 | Size = 45056 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx13_wnd.dll -> %SystemRoot%\System32\tx13_wnd.dll -> The Imaging Source Europe GmbH [Ver = 13.0.202.500 | Size = 53248 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] tx4ole13.ocx -> %SystemRoot%\System32\tx4ole13.ocx -> The Imaging Source Europe GmbH [Ver = 13.0.220.500 | Size = 348160 bytes | Created Date = 7/15/2008 9:52:25 PM | Attr = ] XLSConverterX.ocx -> %SystemRoot%\System32\XLSConverterX.ocx -> [Ver = 1.04.0005 | Size = 507904 bytes | Created Date = 7/15/2008 9:52:26 PM | Attr = ] XLSConverterX_07.ocx -> %SystemRoot%\System32\XLSConverterX_07.ocx -> [Ver = 1.04.0005 | Size = 339968 bytes | Created Date = 7/15/2008 9:52:26 PM | Attr = ] CX_SearchHistory.INI -> %SystemRoot%\CX_SearchHistory.INI -> [Ver = | Size = 3451 bytes | Created Date = 7/15/2008 9:52:35 PM | Attr = ] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 8/20/2008 4:51:34 PM | Attr = ] GunzLauncher.INI -> %SystemRoot%\GunzLauncher.INI -> [Ver = | Size = 31 bytes | Created Date = 7/6/2008 9:24:00 PM | Attr = ] hpbvnstp.his -> %SystemRoot%\hpbvnstp.his -> [Ver = | Size = 3927 bytes | Created Date = 6/7/2008 12:49:25 PM | Attr = ] hpbvnstp.ini -> %SystemRoot%\hpbvnstp.ini -> [Ver = | Size = 1432 bytes | Created Date = 6/7/2008 12:49:25 PM | Attr = ] hpbvspst.his -> %SystemRoot%\hpbvspst.his -> [Ver = | Size = 940 bytes | Created Date = 6/7/2008 12:49:36 PM | Attr = ] hpbvspst.ini -> %SystemRoot%\hpbvspst.ini -> [Ver = | Size = 560 bytes | Created Date = 6/7/2008 12:49:36 PM | Attr = ] hpntwksetup.ini -> %SystemRoot%\hpntwksetup.ini -> [Ver = | Size = 258 bytes | Created Date = 6/7/2008 12:45:33 PM | Attr = ] hppins02.dat -> %SystemRoot%\hppins02.dat -> [Ver = | Size = 53631 bytes | Created Date = 6/7/2008 12:40:17 PM | Attr = ] hppmdl02.dat -> %SystemRoot%\hppmdl02.dat -> [Ver = | Size = 2037 bytes | Created Date = 6/7/2008 12:40:17 PM | Attr = ] Readiris.ini -> %SystemRoot%\Readiris.ini -> [Ver = | Size = 138 bytes | Created Date = 6/7/2008 1:07:17 PM | Attr = ] SW_Win2146X32.DLL -> %SystemRoot%\SW_Win2146X32.DLL -> [Ver = | Size = 27 bytes | Created Date = 7/15/2008 9:57:48 PM | Attr = ] unins001.dat -> %SystemRoot%\unins001.dat -> [Ver = | Size = 2560 bytes | Created Date = 6/6/2008 11:28:14 PM | Attr = ] unins001.exe -> %SystemRoot%\unins001.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Created Date = 6/6/2008 11:28:14 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Created Date = 8/23/2008 3:00:49 AM | Attr = ] comodo -> %AllUsersProfile%\Application Data\comodo -> [Folder | Created Date = 8/23/2008 2:57:11 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 8/20/2008 2:00:30 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 7/25/2008 5:06:00 AM | Attr = ] @Alternate Data Stream - 498 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 Trymedia -> %AllUsersProfile%\Application Data\Trymedia -> [Folder | Created Date = 8/7/2008 9:02:59 AM | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [Folder | Created Date = 8/7/2008 10:54:32 AM | Attr = ] Comodo -> %AppData%\Comodo -> [Folder | Created Date = 8/23/2008 2:57:11 AM | Attr = ] HP -> %AppData%\HP -> [Folder | Created Date = 6/7/2008 12:57:43 PM | Attr = ] ijjigame -> %AppData%\ijjigame -> [Folder | Created Date = 7/4/2008 11:44:58 PM | Attr = H ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 8/20/2008 2:00:33 PM | Attr = ] WinBatch -> %AppData%\WinBatch -> [Folder | Created Date = 6/7/2008 1:16:43 PM | Attr = ] Xfire -> %AppData%\Xfire -> [Folder | Created Date = 7/6/2008 9:21:57 PM | Attr = ] IRIS Desktop Search -> %UserProfile%\Local Settings\Application Data\IRIS Desktop Search -> [Folder | Created Date = 6/7/2008 1:07:53 PM | Attr = ] WMTools Downloaded Files -> %UserProfile%\Local Settings\Application Data\WMTools Downloaded Files -> [Folder | Created Date = 8/15/2008 4:15:27 PM | Attr = ] ChadPhoto -> %UserProfile%\My Documents\ChadPhoto -> [Folder | Created Date = 7/21/2008 7:54:38 PM | Attr = ] ChadPhoto2 -> %UserProfile%\My Documents\ChadPhoto2 -> [Folder | Created Date = 7/21/2008 7:55:07 PM | Attr = ] ChadWedding -> %UserProfile%\My Documents\ChadWedding -> [Folder | Created Date = 7/26/2008 5:34:06 PM | Attr = ] Child Prodigies.doc -> %UserProfile%\My Documents\Child Prodigies.doc -> [Ver = | Size = 31232 bytes | Created Date = 6/4/2008 9:34:05 PM | Attr = ] DSC01231.JPG -> %UserProfile%\My Documents\DSC01231.JPG -> [Ver = | Size = 2144790 bytes | Created Date = 7/26/2008 5:36:09 PM | Attr = ] DSC01232.JPG -> %UserProfile%\My Documents\DSC01232.JPG -> [Ver = | Size = 2270510 bytes | Created Date = 7/26/2008 5:36:10 PM | Attr = ] DSC01234.JPG -> %UserProfile%\My Documents\DSC01234.JPG -> [Ver = | Size = 1955064 bytes | Created Date = 7/26/2008 5:36:10 PM | Attr = ] DSC01235.JPG -> %UserProfile%\My Documents\DSC01235.JPG -> [Ver = | Size = 2346054 bytes | Created Date = 7/26/2008 5:36:10 PM | Attr = ] DSC01236.JPG -> %UserProfile%\My Documents\DSC01236.JPG -> [Ver = | Size = 2253217 bytes | Created Date = 7/26/2008 5:36:10 PM | Attr = ] DSC01237.JPG -> %UserProfile%\My Documents\DSC01237.JPG -> [Ver = | Size = 2206019 bytes | Created Date = 7/26/2008 5:36:10 PM | Attr = ] Gunz -> %UserProfile%\My Documents\Gunz -> [Folder | Created Date = 7/6/2008 9:24:07 PM | Attr = ] LimeWire -> %UserProfile%\My Documents\LimeWire -> [Folder | Created Date = 6/18/2008 9:51:47 PM | Attr = ] My Scans -> %UserProfile%\My Documents\My Scans -> [Folder | Created Date = 7/21/2008 7:56:18 PM | Attr = ] My_side.xlsx -> %UserProfile%\My Documents\My_side.xlsx -> [Ver = | Size = 11376 bytes | Created Date = 7/15/2008 9:32:09 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\My_side.xlsx:Zone.Identifier Nest of Time 2.doc -> %UserProfile%\My Documents\Nest of Time 2.doc -> [Ver = | Size = 33280 bytes | Created Date = 6/19/2008 8:49:14 PM | Attr = ] Readiris -> %UserProfile%\My Documents\Readiris -> [Folder | Created Date = 6/7/2008 1:08:10 PM | Attr = ] SilkroadOnline_GlobalOfficial_v1_150.exe -> %UserProfile%\My Documents\SilkroadOnline_GlobalOfficial_v1_150.exe -> [Ver = | Size = 389464064 bytes | Created Date = 8/5/2008 10:09:13 PM | Attr = ] Adobe Media Player.lnk -> %AllUsersProfile%\Desktop\Adobe Media Player.lnk -> [Ver = | Size = 738 bytes | Created Date = 8/20/2008 1:09:04 PM | Attr = ] AVG Free 8.0.lnk -> %AllUsersProfile%\Desktop\AVG Free 8.0.lnk -> [Ver = | Size = 1515 bytes | Created Date = 8/23/2008 3:01:07 AM | Attr = ] COMODO Firewall Pro.lnk -> %AllUsersProfile%\Desktop\COMODO Firewall Pro.lnk -> [Ver = | Size = 726 bytes | Created Date = 8/23/2008 3:22:39 AM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 704 bytes | Created Date = 8/20/2008 2:00:31 PM | Attr = ] PokerStars.lnk -> %AllUsersProfile%\Desktop\PokerStars.lnk -> [Ver = | Size = 744 bytes | Created Date = 8/10/2008 7:49:37 AM | Attr = ] Readiris Pro 11.lnk -> %AllUsersProfile%\Desktop\Readiris Pro 11.lnk -> [Ver = | Size = 757 bytes | Created Date = 6/7/2008 1:07:17 PM | Attr = ] SCANNER.lnk -> %AllUsersProfile%\Desktop\SCANNER.lnk -> [Ver = | Size = 1726 bytes | Created Date = 6/7/2008 1:07:42 PM | Attr = ] Xfire.lnk -> %AllUsersProfile%\Desktop\Xfire.lnk -> [Ver = | Size = 646 bytes | Created Date = 7/6/2008 9:21:57 PM | Attr = ] Clare Papers -> %UserProfile%\Desktop\Clare Papers -> [Folder | Created Date = 6/18/2008 8:15:39 AM | Attr = ] 1 C:\Documents and Settings\Compaq_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\Desktop\*.tmp -> Convert XLS.lnk -> %UserProfile%\Desktop\Convert XLS.lnk -> [Ver = | Size = 804 bytes | Created Date = 7/15/2008 9:52:26 PM | Attr = ] Fraps.lnk -> %UserProfile%\Desktop\Fraps.lnk -> [Ver = | Size = 486 bytes | Created Date = 8/15/2008 4:51:45 PM | Attr = ] Gunbound Revolution.lnk -> %UserProfile%\Desktop\Gunbound Revolution.lnk -> [Ver = | Size = 1415 bytes | Created Date = 7/4/2008 11:50:15 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1742 bytes | Created Date = 8/20/2008 12:09:39 AM | Attr = ] i j j i.lnk -> %UserProfile%\Desktop\i j j i.lnk -> [Ver = | Size = 1457 bytes | Created Date = 7/6/2008 9:13:13 PM | Attr = ] LimeWire 4.16.6.lnk -> %UserProfile%\Desktop\LimeWire 4.16.6.lnk -> [Ver = | Size = 1588 bytes | Created Date = 6/18/2008 9:51:42 PM | Attr = ] Ok Go - Here it Goes Again.mp3 -> %UserProfile%\Desktop\Ok Go - Here it Goes Again.mp3 -> [Ver = | Size = 4320227 bytes | Created Date = 8/15/2008 8:24:55 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 8/24/2008 5:26:13 PM | Attr = ] SDFix -> %UserProfile%\Desktop\SDFix -> [Folder | Created Date = 8/20/2008 4:33:30 PM | Attr = ] Troy Important Documents -> %UserProfile%\Desktop\Troy Important Documents -> [Folder | Created Date = 6/18/2008 8:16:46 AM | Attr = ] ~$are_memoir.doc -> %UserProfile%\Desktop\~$are_memoir.doc -> [Ver = | Size = 162 bytes | Created Date = 6/14/2008 1:04:40 PM | Attr = H ] Adobe AIR -> %CommonProgramFiles%\Adobe AIR -> [Folder | Created Date = 8/20/2008 1:09:00 PM | Attr = ] Hewlett-Packard -> %CommonProgramFiles%\Hewlett-Packard -> [Folder | Created Date = 6/7/2008 12:52:11 PM | Attr = ] INCA Shared -> %CommonProgramFiles%\INCA Shared -> [Folder | Created Date = 7/4/2008 11:51:17 PM | Attr = ] SWF Studio -> %CommonProgramFiles%\SWF Studio -> [Folder | Created Date = 6/7/2008 12:40:04 PM | Attr = ] Adobe Media Player -> %ProgramFiles%\Adobe Media Player -> [Folder | Created Date = 8/20/2008 1:09:04 PM | Attr = ] AskSBar -> %ProgramFiles%\AskSBar -> [Folder | Created Date = 8/23/2008 2:57:51 AM | Attr = ] AVG -> %ProgramFiles%\AVG -> [Folder | Created Date = 8/23/2008 3:00:49 AM | Attr = ] COMODO -> %ProgramFiles%\COMODO -> [Folder | Created Date = 8/23/2008 2:57:09 AM | Attr = ] IRIS Desktop Search -> %ProgramFiles%\IRIS Desktop Search -> [Folder | Created Date = 6/7/2008 1:07:40 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 8/20/2008 2:00:30 PM | Attr = ] mypoints -> %ProgramFiles%\mypoints -> [Folder | Created Date = 7/16/2008 12:59:35 PM | Attr = ] NHN USA -> %ProgramFiles%\NHN USA -> [Folder | Created Date = 7/4/2008 11:44:49 PM | Attr = ] Readiris Pro 11 -> %ProgramFiles%\Readiris Pro 11 -> [Folder | Created Date = 6/7/2008 1:05:26 PM | Attr = ] Softinterface, Inc -> %ProgramFiles%\Softinterface, Inc -> [Folder | Created Date = 7/15/2008 9:52:24 PM | Attr = ] softnyx -> %ProgramFiles%\softnyx -> [Folder | Created Date = 7/4/2008 11:08:03 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 8/20/2008 12:09:30 AM | Attr = ] Xfire -> %ProgramFiles%\Xfire -> [Folder | Created Date = 7/6/2008 9:21:56 PM | Attr = S] [Files/Folders - Modified Within 90 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Modified Date = 8/24/2008 12:53:26 AM | Attr = H ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 8/23/2008 3:00:24 AM | Attr = H ] Fraps -> %SystemDrive%\Fraps -> [Folder | Modified Date = 8/21/2008 11:42:36 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1005113344 bytes | Modified Date = 8/24/2008 3:46:24 PM | Attr = HS] ijji -> %SystemDrive%\ijji -> [Folder | Modified Date = 7/4/2008 11:45:02 PM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 8/23/2008 10:33:33 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 8/20/2008 4:51:17 PM | Attr = HS] SDFix -> %SystemDrive%\SDFix -> [Folder | Modified Date = 8/18/2008 10:49:30 PM | Attr = ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 8/19/2008 11:55:49 PM | Attr = HS] temp -> %SystemDrive%\temp -> [Folder | Modified Date = 6/7/2008 12:44:22 PM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 8/24/2008 3:48:10 PM | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Modified Date = 8/24/2008 11:49:40 AM | Attr = ] avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 6061540 bytes | Modified Date = 8/23/2008 3:00:57 AM | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 26574096 bytes | Modified Date = 8/24/2008 11:49:38 AM | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 67349 bytes | Modified Date = 8/23/2008 3:02:57 AM | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 211986 bytes | Modified Date = 8/23/2008 3:02:57 AM | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 96520 bytes | Modified Date = 8/23/2008 3:01:02 AM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.132 | Size = 26824 bytes | Modified Date = 8/23/2008 3:01:00 AM | Attr = ] avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 76040 bytes | Modified Date = 8/23/2008 3:01:06 AM | Attr = ] cmdguard.sys -> %SystemRoot%\System32\drivers\cmdguard.sys -> COMODO [Ver = 3, 0, 23, 359 built by: WinDDK | Size = 87056 bytes | Modified Date = 8/23/2008 2:57:09 AM | Attr = ] cmdhlp.sys -> %SystemRoot%\System32\drivers\cmdhlp.sys -> COMODO [Ver = 3, 0, 23, 359 built by: WinDDK | Size = 24208 bytes | Modified Date = 8/23/2008 2:57:09 AM | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 8/20/2008 4:57:27 PM | Attr = ] HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [Ver = | Size = 686 bytes | Modified Date = 8/20/2008 4:57:27 PM | Attr = ] hosts.20080819-235019.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080819-235019.backup -> [Ver = | Size = 759 bytes | Modified Date = 8/19/2008 11:22:07 PM | Attr = ] inspect.sys -> %SystemRoot%\System32\drivers\inspect.sys -> COMODO [Ver = 3, 0, 23, 359 | Size = 79760 bytes | Modified Date = 8/23/2008 2:57:09 AM | Attr = ] lvuvc.hs -> %SystemRoot%\System32\drivers\lvuvc.hs -> [Ver = | Size = 0 bytes | Modified Date = 8/24/2008 3:46:21 PM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 8/17/2008 3:05:22 PM | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 8/17/2008 3:05:26 PM | Attr = ] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 8/23/2008 3:01:06 AM | Attr = ] C-XLS.dll -> %SystemRoot%\System32\C-XLS.dll -> Softinterface, Inc. [Ver = 1, 2, 3, 0 | Size = 720896 bytes | Modified Date = 6/18/2008 11:34:26 AM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 8/20/2008 9:00:48 PM | Attr = ] 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> Convert-XLS.GID -> %SystemRoot%\System32\Convert-XLS.GID -> [Ver = | Size = 56110 bytes | Modified Date = 7/15/2008 10:01:58 PM | Attr = H ] cssdll32.dll -> %SystemRoot%\System32\cssdll32.dll -> COMODO [Ver = 1, 0, 0, 7 | Size = 249592 bytes | Modified Date = 8/23/2008 2:57:52 AM | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 8/14/2008 1:02:53 AM | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 8/23/2008 10:33:26 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 345016 bytes | Modified Date = 6/7/2008 12:56:10 PM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 6/7/2008 12:49:19 PM | Attr = ] guard32.dll -> %SystemRoot%\System32\guard32.dll -> [Ver = | Size = 143104 bytes | Modified Date = 8/23/2008 2:57:09 AM | Attr = ] ijjiPlugin2.dll -> %SystemRoot%\System32\ijjiPlugin2.dll -> NHN USA Corp. [Ver = 2, 0, 0, 1 | Size = 58800 bytes | Modified Date = 6/11/2008 11:01:48 PM | Attr = ] ijjiSetup.exe -> %SystemRoot%\System32\ijjiSetup.exe -> NHN USA [Ver = 1, 0, 0, 31 | Size = 710064 bytes | Modified Date = 6/17/2008 7:28:42 PM | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 6/10/2008 1:21:01 AM | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 73728 bytes | Modified Date = 6/10/2008 2:32:34 AM | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 135168 bytes | Modified Date = 6/10/2008 1:21:04 AM | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 139264 bytes | Modified Date = 6/10/2008 2:32:34 AM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 8/20/2008 1:07:22 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 64404 bytes | Modified Date = 7/25/2008 5:07:25 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 408000 bytes | Modified Date = 7/25/2008 5:07:25 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 479984 bytes | Modified Date = 7/25/2008 5:07:25 AM | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 8/19/2008 11:55:50 PM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 7/19/2008 2:05:58 AM | Attr = ] XLSConverterX.ocx -> %SystemRoot%\System32\XLSConverterX.ocx -> [Ver = 1.04.0005 | Size = 507904 bytes | Modified Date = 6/9/2008 11:20:52 AM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 8/14/2008 1:02:43 AM | Attr = H ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 8/24/2008 3:46:34 PM | Attr = S] CX_SearchHistory.INI -> %SystemRoot%\CX_SearchHistory.INI -> [Ver = | Size = 3451 bytes | Modified Date = 7/15/2008 9:59:28 PM | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 8/20/2008 1:07:24 PM | Attr = S] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 8/20/2008 4:51:45 PM | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 6/7/2008 12:53:37 PM | Attr = S] GunzLauncher.INI -> %SystemRoot%\GunzLauncher.INI -> [Ver = | Size = 31 bytes | Modified Date = 7/6/2008 9:24:00 PM | Attr = ] hpbvnstp.his -> %SystemRoot%\hpbvnstp.his -> [Ver = | Size = 3927 bytes | Modified Date = 6/7/2008 12:49:36 PM | Attr = ] hpbvnstp.ini -> %SystemRoot%\hpbvnstp.ini -> [Ver = | Size = 1432 bytes | Modified Date = 6/7/2008 12:49:36 PM | Attr = ] hpbvspst.his -> %SystemRoot%\hpbvspst.his -> [Ver = | Size = 940 bytes | Modified Date = 6/7/2008 12:49:52 PM | Attr = ] hpbvspst.ini -> %SystemRoot%\hpbvspst.ini -> [Ver = | Size = 560 bytes | Modified Date = 6/7/2008 12:49:52 PM | Attr = ] hpntwksetup.ini -> %SystemRoot%\hpntwksetup.ini -> [Ver = | Size = 258 bytes | Modified Date = 6/7/2008 12:46:33 PM | Attr = ] hppins02.dat -> %SystemRoot%\hppins02.dat -> [Ver = | Size = 53631 bytes | Modified Date = 6/7/2008 12:57:52 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 8/14/2008 1:02:48 AM | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 8/20/2008 9:00:49 PM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 8/23/2008 3:00:42 AM | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 8/24/2008 5:26:19 PM | Attr = ] Readiris.ini -> %SystemRoot%\Readiris.ini -> [Ver = | Size = 138 bytes | Modified Date = 6/7/2008 1:07:17 PM | Attr = ] Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 8/24/2008 3:48:27 PM | Attr = ] SW_Win2146X32.DLL -> %SystemRoot%\SW_Win2146X32.DLL -> [Ver = | Size = 27 bytes | Modified Date = 7/15/2008 9:59:24 PM | Attr = ] system -> %SystemRoot%\system -> [Folder | Modified Date = 8/23/2008 2:44:40 AM | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 8/23/2008 3:01:06 AM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 8/24/2008 5:28:52 PM | Attr = ] twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 6/7/2008 12:52:11 PM | Attr = ] unins001.dat -> %SystemRoot%\unins001.dat -> [Ver = | Size = 2560 bytes | Modified Date = 6/6/2008 11:28:14 PM | Attr = ] unins001.exe -> %SystemRoot%\unins001.exe -> [Ver = 51.49.0.0 | Size = 691545 bytes | Modified Date = 6/6/2008 11:24:51 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 628 bytes | Modified Date = 6/7/2008 1:08:38 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 8/24/2008 3:46:53 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 5/4/2006 4:47:54 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5524 bytes | Modified Date = 8/24/2008 3:49:17 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5524 bytes | Modified Date = 8/24/2008 3:49:17 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 11/7/2006 2:52:20 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat -> [Ver = | Size = 3804 bytes | Modified Date = 11/30/2007 4:08:22 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8286 bytes | Modified Date = 9/18/2006 4:38:45 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 10/29/2007 1:21:54 PM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 10/29/2007 1:10:52 PM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 166221 bytes | Modified Date = 10/29/2007 1:21:54 PM | Attr = ] C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\ -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp -> [Folder | Modified Date = 8/24/2008 5:24:01 PM | Attr = ] war3_install.exe -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\war3_install.exe -> Blizzard Entertainment [Ver = 1, 5, 0, 0 | Size = 299008 bytes | Modified Date = 5/18/2003 8:55:04 AM | Attr = ] _hpcdb_2_0.exe -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\_hpcdb_2_0.exe -> Hewlett-Packard [Ver = 02.02.0001 | Size = 698256 bytes | Modified Date = 6/7/2008 12:40:03 PM | Attr = ] _unps.exe -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\_unps.exe -> [Ver = | Size = 270336 bytes | Modified Date = 9/30/2007 6:31:29 PM | Attr = ] 32 C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~vis0000\ -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~vis0000 -> [Folder | Modified Date = 4/21/2008 6:45:41 PM | Attr = ] rebootnt.exe -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~vis0000\rebootnt.exe -> [Ver = | Size = 20992 bytes | Modified Date = 9/11/2003 9:09:10 AM | Attr = ] C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\ -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries -> [Folder | Modified Date = 8/20/2008 4:15:44 PM | Attr = ] ScanningProcess.exe -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\ScanningProcess.exe -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 8/20/2008 2:08:34 PM | Attr = ] 44 C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\*.tmp -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\ -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp -> [Folder | Modified Date = 8/24/2008 5:24:01 PM | Attr = ] swt-awt-win32-3346.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\swt-awt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 | Size = 32768 bytes | Modified Date = 6/18/2008 9:58:52 PM | Attr = ] swt-win32-3346.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\swt-win32-3346.dll -> Eclipse Foundation [Ver = 3.346 | Size = 307200 bytes | Modified Date = 6/18/2008 9:58:52 PM | Attr = ] twapi-2.0a7.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\twapi-2.0a7.dll -> Ashok P. Nadkarni [Ver = 2.0.7 | Size = 417884 bytes | Modified Date = 12/4/2007 11:19:59 PM | Attr = ] 32 C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~vis0000\ -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~vis0000 -> [Folder | Modified Date = 4/21/2008 6:45:41 PM | Attr = ] jpeg.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~vis0000\jpeg.dll -> [Ver = | Size = 106496 bytes | Modified Date = 7/22/1999 2:32:26 PM | Attr = ] vise32ex.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\~vis0000\vise32ex.dll -> [Ver = | Size = 507904 bytes | Modified Date = 5/3/2000 1:58:54 PM | Attr = ] C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\ -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries -> [Folder | Modified Date = 8/20/2008 4:15:44 PM | Attr = ] FSSync.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\FSSync.dll -> Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 8/20/2008 2:08:34 PM | Attr = ] ikave.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\ikave.dll -> [Ver = 5, 0, 1, 83 | Size = 65536 bytes | Modified Date = 8/20/2008 4:15:35 PM | Attr = ] kave.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\kave.dll -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 8/20/2008 2:08:34 PM | Attr = ] kosglue-7.0.25.0.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\kosglue-7.0.25.0.dll -> Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 8/20/2008 2:08:34 PM | Attr = ] msvcm80.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 479232 bytes | Modified Date = 8/20/2008 4:15:33 PM | Attr = ] msvcp80.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 548864 bytes | Modified Date = 8/20/2008 4:15:35 PM | Attr = ] msvcr80.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Modified Date = 8/20/2008 4:15:36 PM | Attr = ] prLoader.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\prLoader.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 184320 bytes | Modified Date = 8/20/2008 2:08:34 PM | Attr = ] prremote.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\prremote.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 90112 bytes | Modified Date = 8/20/2008 4:15:36 PM | Attr = ] 44 C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\*.tmp -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\nsk311.tmp\ -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\nsk311.tmp\ -> [Folder | Modified Date = 5/23/2008 12:52:45 PM | Attr = ] NSIS_Picasa.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\nsk311.tmp\NSIS_Picasa.dll -> [Ver = | Size = 51200 bytes | Modified Date = 5/23/2008 12:51:56 PM | Attr = ] C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\nskF.tmp\ -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\nskF.tmp\ -> [Folder | Modified Date = 8/20/2008 10:06:20 PM | Attr = ] NSIS_Picasa.dll -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\nskF.tmp\NSIS_Picasa.dll -> [Ver = | Size = 51200 bytes | Modified Date = 8/20/2008 10:06:07 PM | Attr = ] C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\engine\bases\ -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\engine\bases -> [Folder | Modified Date = 8/20/2008 2:20:09 PM | Attr = ] sfdb.dat -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\engine\bases\sfdb.dat -> [Ver = | Size = 500344 bytes | Modified Date = 8/20/2008 4:15:42 PM | Attr = ] C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\CDISafeSurf\ -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\CDISafeSurf -> [Folder | Modified Date = 8/23/2008 2:57:53 AM | Attr = ] InCompatSw.ini -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\CDISafeSurf\InCompatSw.ini -> [Ver = | Size = 2 bytes | Modified Date = 8/23/2008 2:57:52 AM | Attr = ] Script.ini -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\CDISafeSurf\Script.ini -> [Ver = | Size = 1890 bytes | Modified Date = 8/23/2008 2:57:52 AM | Attr = ] C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\ -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries -> [Folder | Modified Date = 8/20/2008 4:15:44 PM | Attr = ] _kave.ini -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\_kave.ini -> [Ver = | Size = 102 bytes | Modified Date = 8/20/2008 4:15:35 PM | Attr = ] 44 C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\binaries\*.tmp -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\engine\bases\ -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\engine\bases -> [Folder | Modified Date = 8/20/2008 2:20:09 PM | Attr = ] verdicts.ini -> C:\Documents and Settings\Compaq_Administrator\Local Settings\Temp\jkos-Compaq_Administrator\engine\bases\verdicts.ini -> [Ver = | Size = 4181 bytes | Modified Date = 8/20/2008 2:20:03 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] Adobe -> %AllUsersProfile%\Application Data\Adobe -> [Folder | Modified Date = 8/20/2008 1:09:09 PM | Attr = ] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Modified Date = 8/23/2008 3:00:49 AM | Attr = ] comodo -> %AllUsersProfile%\Application Data\comodo -> [Folder | Modified Date = 8/23/2008 8:41:40 PM | Attr = ] Grisoft -> %AllUsersProfile%\Application Data\Grisoft -> [Folder | Modified Date = 8/23/2008 2:44:23 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 8/20/2008 2:00:30 PM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 6/6/2008 11:33:00 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 8/23/2008 10:33:21 PM | Attr = ] @Alternate Data Stream - 498 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF @Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2 Trymedia -> %AllUsersProfile%\Application Data\Trymedia -> [Folder | Modified Date = 8/7/2008 9:02:59 AM | Attr = ] Yahoo! Companion -> %AllUsersProfile%\Application Data\Yahoo! Companion -> [Folder | Modified Date = 8/7/2008 10:54:32 AM | Attr = ] Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 8/20/2008 1:09:10 PM | Attr = ] Comodo -> %AppData%\Comodo -> [Folder | Modified Date = 8/23/2008 2:57:11 AM | Attr = ] HP -> %AppData%\HP -> [Folder | Modified Date = 6/7/2008 12:57:43 PM | Attr = ] ijjigame -> %AppData%\ijjigame -> [Folder | Modified Date = 7/6/2008 9:13:16 PM | Attr = H ] LimeWire -> %AppData%\LimeWire -> [Folder | Modified Date = 8/15/2008 8:28:31 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 8/20/2008 2:00:33 PM | Attr = ] Move Networks -> %AppData%\Move Networks -> [Folder | Modified Date = 8/1/2008 4:32:24 PM | Attr = ] SecondLife -> %AppData%\SecondLife -> [Folder | Modified Date = 6/30/2008 9:28:12 PM | Attr = ] WinBatch -> %AppData%\WinBatch -> [Folder | Modified Date = 6/7/2008 1:16:43 PM | Attr = ] Xfire -> %AppData%\Xfire -> [Folder | Modified Date = 7/6/2008 9:22:09 PM | Attr = ] yahoo! -> %AppData%\yahoo! -> [Folder | Modified Date = 8/7/2008 10:54:32 AM | Attr = RH ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 8/9/2008 10:30:34 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 98816 bytes | Modified Date = 8/21/2008 11:42:42 PM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 3180800 bytes | Modified Date = 8/20/2008 4:37:08 PM | Attr = H ] IRIS Desktop Search -> %UserProfile%\Local Settings\Application Data\IRIS Desktop Search -> [Folder | Modified Date = 8/24/2008 3:56:06 PM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 8/20/2008 4:17:16 PM | Attr = ] WMTools Downloaded Files -> %UserProfile%\Local Settings\Application Data\WMTools Downloaded Files -> [Folder | Modified Date = 8/16/2008 8:01:25 PM | Attr = ] ChadPhoto -> %UserProfile%\My Documents\ChadPhoto -> [Folder | Modified Date = 8/20/2008 10:04:27 PM | Attr = ] ChadPhoto2 -> %UserProfile%\My Documents\ChadPhoto2 -> [Folder | Modified Date = 7/21/2008 7:55:07 PM | Attr = ] ChadWedding -> %UserProfile%\My Documents\ChadWedding -> [Folder | Modified Date = 7/26/2008 5:53:22 PM | Attr = ] Child Prodigies.doc -> %UserProfile%\My Documents\Child Prodigies.doc -> [Ver = | Size = 31232 bytes | Modified Date = 6/4/2008 9:34:06 PM | Attr = ] Gunz -> %UserProfile%\My Documents\Gunz -> [Folder | Modified Date = 7/6/2008 9:24:07 PM | Attr = ] LimeWire -> %UserProfile%\My Documents\LimeWire -> [Folder | Modified Date = 6/18/2008 9:52:19 PM | Attr = ] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 8/15/2008 8:29:31 PM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 8/20/2008 9:12:04 PM | Attr = R ] My Scans -> %UserProfile%\My Documents\My Scans -> [Folder | Modified Date = 7/21/2008 7:56:18 PM | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 8/15/2008 9:51:35 PM | Attr = R ] My_side.xlsx -> %UserProfile%\My Documents\My_side.xlsx -> [Ver = | Size = 11376 bytes | Modified Date = 7/15/2008 9:55:35 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\My Documents\My_side.xlsx:Zone.Identifier Nest of Time 2.doc -> %UserProfile%\My Documents\Nest of Time 2.doc -> [Ver = | Size = 33280 bytes | Modified Date = 6/19/2008 9:07:32 PM | Attr = ] Readiris -> %UserProfile%\My Documents\Readiris -> [Folder | Modified Date = 6/7/2008 1:08:10 PM | Attr = ] SilkroadOnline_GlobalOfficial_v1_150.exe -> %UserProfile%\My Documents\SilkroadOnline_GlobalOfficial_v1_150.exe -> [Ver = | Size = 389464064 bytes | Modified Date = 8/5/2008 10:12:57 PM | Attr = ] Adobe Media Player.lnk -> %AllUsersProfile%\Desktop\Adobe Media Player.lnk -> [Ver = | Size = 738 bytes | Modified Date = 8/20/2008 1:09:04 PM | Attr = ] AVG Free 8.0.lnk -> %AllUsersProfile%\Desktop\AVG Free 8.0.lnk -> [Ver = | Size = 1515 bytes | Modified Date = 8/23/2008 3:01:07 AM | Attr = ] COMODO Firewall Pro.lnk -> %AllUsersProfile%\Desktop\COMODO Firewall Pro.lnk -> [Ver = | Size = 726 bytes | Modified Date = 8/23/2008 3:22:39 AM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 704 bytes | Modified Date = 8/20/2008 2:00:31 PM | Attr = ] PokerStars.lnk -> %AllUsersProfile%\Desktop\PokerStars.lnk -> [Ver = | Size = 744 bytes | Modified Date = 8/10/2008 7:49:37 AM | Attr = ] Readiris Pro 11.lnk -> %AllUsersProfile%\Desktop\Readiris Pro 11.lnk -> [Ver = | Size = 757 bytes | Modified Date = 6/7/2008 1:07:17 PM | Attr = ] SCANNER.lnk -> %AllUsersProfile%\Desktop\SCANNER.lnk -> [Ver = | Size = 1726 bytes | Modified Date = 6/7/2008 1:07:42 PM | Attr = ] UltimateBet.lnk -> %AllUsersProfile%\Desktop\UltimateBet.lnk -> [Ver = | Size = 1540 bytes | Modified Date = 8/9/2008 10:26:25 AM | Attr = ] Xfire.lnk -> %AllUsersProfile%\Desktop\Xfire.lnk -> [Ver = | Size = 646 bytes | Modified Date = 7/6/2008 9:21:57 PM | Attr = ] Clare Papers -> %UserProfile%\Desktop\Clare Papers -> [Folder | Modified Date = 8/3/2008 10:39:20 PM | Attr = ] 1 C:\Documents and Settings\Compaq_Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Compaq_Administrator\Desktop\*.tmp -> Convert XLS.lnk -> %UserProfile%\Desktop\Convert XLS.lnk -> [Ver = | Size = 804 bytes | Modified Date = 7/15/2008 9:52:26 PM | Attr = ] Fraps.lnk -> %UserProfile%\Desktop\Fraps.lnk -> [Ver = | Size = 486 bytes | Modified Date = 8/15/2008 4:51:45 PM | Attr = ] Gunbound Revolution.lnk -> %UserProfile%\Desktop\Gunbound Revolution.lnk -> [Ver = | Size = 1415 bytes | Modified Date = 7/4/2008 11:50:15 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1742 bytes | Modified Date = 8/20/2008 12:22:08 PM | Attr = ] i j j i.lnk -> %UserProfile%\Desktop\i j j i.lnk -> [Ver = | Size = 1457 bytes | Modified Date = 8/4/2008 5:36:34 PM | Attr = ] LimeWire 4.16.6.lnk -> %UserProfile%\Desktop\LimeWire 4.16.6.lnk -> [Ver = | Size = 1588 bytes | Modified Date = 6/18/2008 9:51:42 PM | Attr = ] Ok Go - Here it Goes Again.mp3 -> %UserProfile%\Desktop\Ok Go - Here it Goes Again.mp3 -> [Ver = | Size = 4320227 bytes | Modified Date = 8/15/2008 8:26:59 PM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 8/24/2008 5:26:17 PM | Attr = ] SDFix -> %UserProfile%\Desktop\SDFix -> [Folder | Modified Date = 8/20/2008 5:18:18 PM | Attr = ] Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 941 bytes | Modified Date = 6/6/2008 11:32:53 PM | Attr = ] Troy Important Documents -> %UserProfile%\Desktop\Troy Important Documents -> [Folder | Modified Date = 8/24/2008 5:23:54 PM | Attr = ] Troys -> %UserProfile%\Desktop\Troys -> [Folder | Modified Date = 8/15/2008 10:36:18 PM | Attr = ] ~$are_memoir.doc -> %UserProfile%\Desktop\~$are_memoir.doc -> [Ver = | Size = 162 bytes | Modified Date = 6/14/2008 1:04:40 PM | Attr = H ] Adobe AIR -> %CommonProgramFiles%\Adobe AIR -> [Folder | Modified Date = 8/20/2008 1:09:00 PM | Attr = ] Hewlett-Packard -> %CommonProgramFiles%\Hewlett-Packard -> [Folder | Modified Date = 6/7/2008 12:52:11 PM | Attr = ] INCA Shared -> %CommonProgramFiles%\INCA Shared -> [Folder | Modified Date = 7/4/2008 11:51:17 PM | Attr = ] SWF Studio -> %CommonProgramFiles%\SWF Studio -> [Folder | Modified Date = 6/7/2008 12:40:04 PM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]