[code] OTScanIt logfile created on: 08/26/2008 11:05:52 OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\Nij Vyas\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: MM/dd/yyyy 1023.22 Mb Total Physical Memory | 542.50 Mb Available Physical Memory | 53.02% Memory free 2.40 Gb Paging File | 1.95 Gb Available in Paging File | 81.30% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.52 Gb Total Space | 56.67 Gb Free Space | 76.05% Space Free | Partition Type: NTFS Drive D: | 298.09 Gb Total Space | 230.06 Gb Free Space | 77.18% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NIJ-1AB4062F538 Current User Name: Nij Vyas Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] ccsvchst.exe -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 01/25/2008 17:47:02 | Attr = ] symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 06/24/2008 22:34:49 | Attr = ] schedul2.exe -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,240 | Size = 411168 bytes | Modified Date = 02/16/2007 19:49:50 | Attr = ] aluschedulersvc.exe -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 02/09/2008 16:06:32 | Attr = ] mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 02/28/2006 13:42:38 | Attr = ] lxrjd31s.exe -> %SystemRoot%\system32\LxrJD31s.exe -> [Ver = | Size = 71168 bytes | Modified Date = 11/02/2007 13:10:00 | Attr = ] vprosvc.exe -> %ProgramFiles%\Norton Ghost\Agent\VProSvc.exe -> Symantec Corporation [Ver = 12.0.4.26321 | Size = 3425632 bytes | Modified Date = 05/07/2008 16:11:22 | Attr = ] nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9424 | Size = 159810 bytes | Modified Date = 04/19/2007 05:26:00 | Attr = ] ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 01/31/2005 09:45:20 | Attr = ] ustorsrv.exe -> %SystemRoot%\system32\UStorSrv.exe -> OTi [Ver = 2, 0, 0, 4 | Size = 139264 bytes | Modified Date = 02/17/2006 12:19:55 | Attr = ] teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 08/18/2008 18:41:00 | Attr = RHS] simain.exe -> %ProgramFiles%\GIANT Company Software\Spam Inspector\siMain.exe -> GIANT Company Software inc. [Ver = 4.00.0450 | Size = 2256896 bytes | Modified Date = 09/15/2004 00:37:00 | Attr = ] sispamfilterengine.exe -> %ProgramFiles%\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe -> GIANT Company Software [Ver = 1.00.0271 | Size = 806912 bytes | Modified Date = 08/03/2004 09:07:28 | Attr = ] ebaytbdaemon.exe -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTBDaemon.exe -> eBay Inc. [Ver = 2.5000.11.3 | Size = 652528 bytes | Modified Date = 08/20/2008 15:23:53 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 07/12/2008 09:29:54 | Attr = ] [Win32 Services - Non-Microsoft Only] (AcrSch2Svc) Acronis Scheduler2 Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Acronis\Schedule2\schedul2.exe -> Acronis [Ver = 1,0,0,240 | Size = 411168 bytes | Modified Date = 02/16/2007 19:49:50 | Attr = ] (Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec\LiveUpdate\AluSchedulerSvc.exe -> Symantec Corporation [Ver = 3.4.1.232 | Size = 238968 bytes | Modified Date = 02/09/2008 16:06:32 | Attr = ] (Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 02/28/2006 13:42:38 | Attr = ] (ccEvtMgr) Symantec Event Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 01/25/2008 17:47:02 | Attr = ] (ccSetMgr) Symantec Settings Manager [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 01/25/2008 17:47:02 | Attr = ] (CLTNetCnService) Symantec Lic NetConnect service [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 01/25/2008 17:47:02 | Attr = ] (comHost) COM Host [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\VAScanner\comHost.exe -> Symantec Corporation [Ver = 3.0.0.71 | Size = 55640 bytes | Modified Date = 08/22/2007 08:21:30 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 03/03/2008 20:04:19 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.734.29932.beta | Size = 138168 bytes | Modified Date = 02/14/2008 19:28:15 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 01:06:04 | Attr = ] (LiveUpdate) LiveUpdate [Win32_Shared | On_Demand | Stopped] -> %ProgramFiles%\Symantec\LiveUpdate\LuComServer_3_4.EXE -> Symantec Corporation [Ver = 3.4.1.238 | Size = 3220856 bytes | Modified Date = 08/04/2008 11:20:16 | Attr = ] (LiveUpdate Notice) LiveUpdate Notice [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSvcHst.exe -> Symantec Corporation [Ver = 107.0.4.2 | Size = 149864 bytes | Modified Date = 01/25/2008 17:47:02 | Attr = ] (LxrJD31s) Lexar JD31 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LxrJD31s.exe -> [Ver = | Size = 71168 bytes | Modified Date = 11/02/2007 13:10:00 | Attr = ] (Norton Ghost) Norton Ghost [Win32_Own | Auto | Running] -> %ProgramFiles%\Norton Ghost\Agent\VProSvc.exe -> Symantec Corporation [Ver = 12.0.4.26321 | Size = 3425632 bytes | Modified Date = 05/07/2008 16:11:22 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9424 | Size = 159810 bytes | Modified Date = 04/19/2007 05:26:00 | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [Ver = | Size = 1245064 bytes | Modified Date = 06/24/2008 22:34:49 | Attr = ] (Symantec RemoteAssist) Symantec RemoteAssist [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\Support Controls\ssrc.exe -> Symantec, Inc. [Ver = 6.9.2894.0 | Size = 394704 bytes | Modified Date = 01/29/2008 17:09:02 | Attr = ] (UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 01/31/2005 09:45:20 | Attr = ] (UStorage Server Service) UStorage Server Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\UStorSrv.exe -> OTi [Ver = 2, 0, 0, 4 | Size = 139264 bytes | Modified Date = 02/17/2006 12:19:55 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.9424 | Size = 7700480 bytes | Modified Date = 04/19/2007 05:26:00 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 08/18/2008 18:41:00 | Attr = RHS] < Run [HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 08/18/2008 18:41:00 | Attr = RHS] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < Nij Vyas Startup Folder > -> C:\Documents and Settings\Nij Vyas\Start Menu\Programs\Startup -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 06/13/2007 11:23:07 | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/26/2007 04:34:01 | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003] > -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\disableregistrytools -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003] > -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ComDlg32\ -> -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\disableregistrytools -> 0 -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPLEXTOR_DVDR___PX-716A__________________1.09____\6&18af58a8&0&0.1.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_FN7319P&Prod_BNO251U&Rev_1.01\5&36e5972&0&000 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 10/18/2007 23:42:49 | Attr = ] < HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.virginmedia.com/ -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> *.local -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\] > -> -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\: Main\\Start Page -> http://www.virginmedia.com/ -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\: ProxyEnable -> 0 -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\: ProxyOverride -> *.local -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/23/2006 00:08:42 | Attr = ] {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll [eBay Toolbar Helper] -> eBay Inc. [Ver = 2.5000.11.3 | Size = 562416 bytes | Modified Date = 08/20/2008 15:23:46 | Attr = ] {3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Real\RealPlayer\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.1.57 | Size = 308856 bytes | Modified Date = 07/30/2008 23:48:48 | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 08/14/2008 13:39:52 | Attr = ] {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Reg Error: Value does not exist or could not be read.] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 06/30/2008 13:44:04 | Attr = ] {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\EWPBrowseLoader.dll [EWPBrowseObject Class] -> [Ver = 2, 6, 4, 1 | Size = 34304 bytes | Modified Date = 06/09/2006 14:37:54 | Attr = ] {6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\IDS\IPSBHO.dll [Symantec Intrusion Prevention] -> Symantec Corporation [Ver = 8.2.0.81 | Size = 116088 bytes | Modified Date = 06/24/2008 22:35:39 | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {327C2873-E90D-4c37-AA9D-10AC9BABA46C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll [Easy-WebPrint] -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 06/09/2006 14:39:38 | Attr = ] {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 06/30/2008 13:44:04 | Attr = ] {92085AD4-F48A-450D-BD93-B28CC7DF67CE} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll [eBay Toolbar] -> eBay Inc. [Ver = 2.5000.11.3 | Size = 562416 bytes | Modified Date = 08/20/2008 15:23:46 | Attr = ] SITEguard [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 06/30/2008 13:44:04 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 06/30/2008 13:44:04 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 06/30/2008 13:44:04 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [Show Norton Toolbar] -> Symantec Corporation [Ver = 2008.2.7.7 | Size = 349552 bytes | Modified Date = 06/30/2008 13:44:04 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 08/14/2008 13:39:52 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 08/14/2008 13:39:52 | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 06/09/2006 14:39:38 | Attr = ] Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 06/09/2006 14:39:38 | Attr = ] Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 06/09/2006 14:39:38 | Attr = ] Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 06/09/2006 14:39:38 | Attr = ] eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll -> eBay Inc. [Ver = 2.5000.11.3 | Size = 562416 bytes | Modified Date = 08/20/2008 15:23:46 | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll -> eBay Inc. [Ver = 2.5000.11.3 | Size = 562416 bytes | Modified Date = 08/20/2008 15:23:46 | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll -> eBay Inc. [Ver = 2.5000.11.3 | Size = 562416 bytes | Modified Date = 08/20/2008 15:23:46 | Attr = ] < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 08/14/2008 13:39:52 | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\] > -> HKEY_USERS\S-1-5-21-2025429265-884357618-839522115-1003\Software\Microsoft\Internet Explorer\MenuExt\ -> Easy-WebPrint Add To Print List -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 06/09/2006 14:39:38 | Attr = ] Easy-WebPrint High Speed Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 06/09/2006 14:39:38 | Attr = ] Easy-WebPrint Preview -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 06/09/2006 14:39:38 | Attr = ] Easy-WebPrint Print -> %ProgramFiles%\Canon\Easy-WebPrint\Toolband.dll -> [Ver = 2, 6, 4, 1 | Size = 552960 bytes | Modified Date = 06/09/2006 14:39:38 | Attr = ] eBay Search -> %ProgramFiles%\eBay\eBay Toolbar2\eBayTb.dll -> eBay Inc. [Ver = 2.5000.11.3 | Size = 562416 bytes | Modified Date = 08/20/2008 15:23:46 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {218F41A3-3B78-472E-8F92-85934DE51EBE} -> (Sony Ericsson Device 616 USB Ethernet Emulation (NDIS 5)) -> {22673BC1-AC39-447D-B9E9-5FD3E9633C2A} -> (1394 Net Adapter) -> {58180F86-696A-417A-B352-86BA571BB2A9} -> (Realtek RTL8169/8110 Family Gigabit Ethernet NIC) -> {ADE17E5B-1BC4-4A30-BC0D-419FFCB17532} -> () -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 02/28/2006 13:42:30 | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {4E62C4DE-627D-4604-B157-4B7D6B09F02E}[HKEY_LOCAL_MACHINE] -> https://moneymanager.egg.com/Pinsafe/accounttracking.cab[AccountTracking Profile Manager Class] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\\.Owner -> {4E62C4DE-627D-4604-B157-4B7D6B09F02E} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/accounttracking.dll\\{4E62C4DE-627D-4604-B157-4B7D6B09F02E} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 06/15/2005 18:49:30 | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 04/25/2007 15:21:15 | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 03/24/2006 05:37:50 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1212 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 31 65 45 14 0A 25 FF 7B 66 E9 34 9F 33 CA C2 B8 62 37 37 39 38 65 39 34 00 FD 07 00 87 18 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 5A 0F E3 FC 50 94 79 99 3E FE 2B B7 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 0D 68 7F 68 F9 99 D9 96 57 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 9C 6A 53 2A 7F CD [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 01 35 EC 34 CE 13 2C 43 4F D8 B9 91 4F 84 33 EF [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 82 EA 00 42 11 F2 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 12032 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Bonjour\mDNSResponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 02/28/2006 13:42:38 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe -> %ProgramFiles%\DNA\btdna.exe [C:\Program Files\DNA\btdna.exe:*:Enabled:DNA] -> BitTorrent, Inc. [Ver = 2.0.1.9795 | Size = 289088 bytes | Modified Date = 05/13/2008 21:00:56 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> [Ver = | Size = 587568 bytes | Modified Date = 04/29/2008 18:51:26 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/13/2004 17:24:37 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 07/26/2005 05:39:49 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 08/04/2004 13:00:00 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 07/26/2005 05:39:49 | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 06/24/2008 22:57:07 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 08/05/2008 23:55:13 | Attr = ] ISIS -> %SystemDrive%\ISIS -> [Folder | Created Date = 06/04/2008 13:26:05 | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 06/24/2008 21:32:38 | Attr = HS] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 08/06/2008 00:08:42 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 06/17/2008 12:00:56 | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 07/29/2008 16:03:42 | Attr = ] s616bus.sys -> %SystemRoot%\System32\drivers\s616bus.sys -> MCCI Corporation [Ver = V4.40 | Size = 83208 bytes | Created Date = 08/06/2008 14:59:05 | Attr = ] s616cm.sys -> %SystemRoot%\System32\drivers\s616cm.sys -> MCCI Corporation [Ver = V4.40 | Size = 12424 bytes | Created Date = 08/06/2008 14:59:06 | Attr = ] s616cmnt.sys -> %SystemRoot%\System32\drivers\s616cmnt.sys -> MCCI Corporation [Ver = V4.40 | Size = 12424 bytes | Created Date = 08/06/2008 14:59:06 | Attr = ] s616cr.sys -> %SystemRoot%\System32\drivers\s616cr.sys -> MCCI Corporation [Ver = V4.40 | Size = 11016 bytes | Created Date = 08/06/2008 14:59:07 | Attr = ] s616mdfl.sys -> %SystemRoot%\System32\drivers\s616mdfl.sys -> MCCI Corporation [Ver = V4.40 | Size = 15112 bytes | Created Date = 08/06/2008 14:59:06 | Attr = ] s616mdm.sys -> %SystemRoot%\System32\drivers\s616mdm.sys -> MCCI Corporation [Ver = V4.40 | Size = 108680 bytes | Created Date = 08/06/2008 14:59:06 | Attr = ] s616mgmt.sys -> %SystemRoot%\System32\drivers\s616mgmt.sys -> MCCI Corporation [Ver = V4.40 | Size = 100360 bytes | Created Date = 08/06/2008 14:59:07 | Attr = ] s616nd5.sys -> %SystemRoot%\System32\drivers\s616nd5.sys -> MCCI Corporation [Ver = V4.40 | Size = 23176 bytes | Created Date = 08/06/2008 14:59:06 | Attr = ] s616obex.sys -> %SystemRoot%\System32\drivers\s616obex.sys -> MCCI Corporation [Ver = V4.40 | Size = 98568 bytes | Created Date = 08/06/2008 14:59:07 | Attr = ] s616unic.sys -> %SystemRoot%\System32\drivers\s616unic.sys -> MCCI Corporation [Ver = V4.40 | Size = 99080 bytes | Created Date = 08/06/2008 14:59:07 | Attr = ] s616wh.sys -> %SystemRoot%\System32\drivers\s616wh.sys -> MCCI Corporation [Ver = V4.40 | Size = 12424 bytes | Created Date = 08/06/2008 14:59:05 | Attr = ] s616whnt.sys -> %SystemRoot%\System32\drivers\s616whnt.sys -> MCCI Corporation [Ver = V4.40 | Size = 12424 bytes | Created Date = 08/06/2008 14:59:05 | Attr = ] sptd.sys -> %SystemRoot%\System32\drivers\sptd.sys -> [Ver = | Size = 717296 bytes | Created Date = 06/04/2008 13:00:30 | Attr = ] symdns.sys -> %SystemRoot%\System32\drivers\symdns.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 13616 bytes | Created Date = 06/13/2008 14:13:38 | Attr = ] SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10671 bytes | Created Date = 06/24/2008 22:33:12 | Attr = ] SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Created Date = 06/24/2008 22:33:12 | Attr = ] SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Created Date = 06/24/2008 22:33:12 | Attr = ] symfw.sys -> %SystemRoot%\System32\drivers\symfw.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 96432 bytes | Created Date = 06/13/2008 14:13:38 | Attr = ] symids.sys -> %SystemRoot%\System32\drivers\symids.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 38576 bytes | Created Date = 06/13/2008 14:13:38 | Attr = ] SymIM.sys -> %SystemRoot%\System32\drivers\SymIM.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 31280 bytes | Created Date = 06/13/2008 14:14:02 | Attr = ] symndis.sys -> %SystemRoot%\System32\drivers\symndis.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 37424 bytes | Created Date = 06/13/2008 14:13:38 | Attr = ] symndisv.sys -> %SystemRoot%\System32\drivers\symndisv.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 41008 bytes | Created Date = 06/13/2008 14:13:40 | Attr = ] SymRedir.cat -> %SystemRoot%\System32\drivers\SymRedir.cat -> [Ver = | Size = 13093 bytes | Created Date = 06/13/2008 14:14:02 | Attr = ] SymRedir.inf -> %SystemRoot%\System32\drivers\SymRedir.inf -> [Ver = | Size = 1611 bytes | Created Date = 06/13/2008 14:14:02 | Attr = ] symredrv.sys -> %SystemRoot%\System32\drivers\symredrv.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 22320 bytes | Created Date = 06/13/2008 14:13:38 | Attr = ] symtdi.sys -> %SystemRoot%\System32\drivers\symtdi.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 184240 bytes | Created Date = 06/13/2008 14:13:40 | Attr = ] DivXCodecVersionChecker.exe -> %SystemRoot%\System32\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 0,0,0,0 | Size = 161096 bytes | Created Date = 06/18/2008 18:52:28 | Attr = ] FORDLINE.TTF -> %SystemRoot%\System32\FORDLINE.TTF -> [Ver = | Size = 46020 bytes | Created Date = 06/10/2008 21:09:04 | Attr = ] lame_enc.dll -> %SystemRoot%\System32\lame_enc.dll -> [Ver = | Size = 237568 bytes | Created Date = 06/13/2008 16:10:53 | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 118 bytes | Created Date = 06/11/2008 08:23:33 | Attr = ] S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.4.2 | Size = 60800 bytes | Created Date = 06/24/2008 22:33:12 | Attr = ] SymNeti.dll -> %SystemRoot%\System32\SymNeti.dll -> Symantec Corporation [Ver = 8.0.2.6 | Size = 579464 bytes | Created Date = 06/13/2008 14:45:48 | Attr = ] SymRedir.dll -> %SystemRoot%\System32\SymRedir.dll -> Symantec Corporation [Ver = 8.0.2.6 | Size = 207240 bytes | Created Date = 06/13/2008 14:45:44 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Created Date = 06/13/2008 16:09:57 | Attr = ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Minidump -> %SystemRoot%\Minidump -> [Folder | Created Date = 06/14/2008 18:31:41 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Created Date = 07/19/2008 18:23:53 | Attr = ] TACMMRmm.dat -> %SystemRoot%\TACMMRmm.dat -> [Ver = | Size = 12 bytes | Created Date = 06/13/2008 16:10:53 | Attr = ] UNINST16.EXE -> %SystemRoot%\UNINST16.EXE -> Stirling Technologies, Inc. [Ver = 2.20.908.0 | Size = 246272 bytes | Created Date = 06/04/2008 13:12:55 | Attr = ] Norton Internet Security - Run Full System Scan - Nij Vyas.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Nij Vyas.job -> [Ver = | Size = 628 bytes | Created Date = 06/24/2008 22:52:22 | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] BVRP Software -> %AllUsersProfile%\Application Data\BVRP Software -> [Folder | Created Date = 08/06/2008 14:59:37 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 06/17/2008 12:00:56 | Attr = ] DAEMON Tools -> %AppData%\DAEMON Tools -> [Folder | Created Date = 06/04/2008 13:00:24 | Attr = ] DivX -> %AppData%\DivX -> [Folder | Created Date = 08/04/2008 19:26:31 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 06/17/2008 12:00:59 | Attr = ] MSNInstaller -> %AppData%\MSNInstaller -> [Folder | Created Date = 08/06/2008 14:53:20 | Attr = ] Sun -> %AppData%\Sun -> [Folder | Created Date = 07/19/2008 18:23:52 | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Created Date = 08/04/2008 13:52:12 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 3768376 bytes | Created Date = 08/08/2008 00:03:33 | Attr = H ] Sony Ericsson -> %UserProfile%\Local Settings\Application Data\Sony Ericsson -> [Folder | Created Date = 08/06/2008 15:02:06 | Attr = ] My Picture Messages -> %UserProfile%\My Documents\My Picture Messages -> [Folder | Created Date = 08/06/2008 15:09:03 | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 06/17/2008 12:00:57 | Attr = ] Norton Internet Security.lnk -> %AllUsersProfile%\Desktop\Norton Internet Security.lnk -> [Ver = | Size = 2007 bytes | Created Date = 06/24/2008 22:37:36 | Attr = ] RealPlayer.lnk -> %AllUsersProfile%\Desktop\RealPlayer.lnk -> [Ver = | Size = 897 bytes | Created Date = 07/30/2008 23:48:49 | Attr = ] Sony Ericsson PC Suite 3.2.lnk -> %AllUsersProfile%\Desktop\Sony Ericsson PC Suite 3.2.lnk -> [Ver = | Size = 1853 bytes | Created Date = 08/06/2008 14:58:45 | Attr = ] DSCF3715.JPG -> %UserProfile%\Desktop\DSCF3715.JPG -> [Ver = | Size = 67865 bytes | Created Date = 07/21/2008 17:44:54 | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 08/05/2008 23:58:21 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 07/28/2008 23:22:50 | Attr = ] Nero - Burning Rom.lnk -> %UserProfile%\Desktop\Nero - Burning Rom.lnk -> [Ver = | Size = 774 bytes | Created Date = 06/04/2008 11:26:01 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Created Date = 08/06/2008 00:06:34 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 08/26/2008 11:01:37 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Created Date = 08/26/2008 11:02:10 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> Safer Networking Limited [Ver = 1.6.0 | Size = 14968808 bytes | Created Date = 08/21/2008 08:31:45 | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 07/29/2008 16:03:22 | Attr = ] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Created Date = 07/30/2008 23:48:51 | Attr = ] Avanquest update -> %ProgramFiles%\Avanquest update -> [Folder | Created Date = 08/06/2008 14:59:38 | Attr = ] DAEMON Tools Lite -> %ProgramFiles%\DAEMON Tools Lite -> [Folder | Created Date = 06/04/2008 13:26:02 | Attr = H ] DIFX -> %ProgramFiles%\DIFX -> [Folder | Created Date = 06/10/2008 13:33:36 | Attr = ] DivX -> %ProgramFiles%\DivX -> [Folder | Created Date = 08/04/2008 19:25:20 | Attr = ] HIJACKTHIS -> %ProgramFiles%\HIJACKTHIS -> [Folder | Created Date = 08/06/2008 00:00:49 | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 06/17/2008 12:00:56 | Attr = ] MSXML 4.0 -> %ProgramFiles%\MSXML 4.0 -> [Folder | Created Date = 08/08/2008 00:08:00 | Attr = ] Norton Internet Security -> %ProgramFiles%\Norton Internet Security -> [Folder | Created Date = 06/24/2008 22:34:52 | Attr = ] Sony Ericsson -> %ProgramFiles%\Sony Ericsson -> [Folder | Created Date = 08/06/2008 14:40:28 | Attr = ] TeaTimer (Spybot - Search & Destroy) -> %ProgramFiles%\TeaTimer (Spybot - Search & Destroy) -> [Folder | Created Date = 08/21/2008 08:31:39 | Attr = ] Total Audio Capture -> %ProgramFiles%\Total Audio Capture -> [Folder | Created Date = 06/13/2008 16:10:11 | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 07/28/2008 23:22:48 | Attr = ] Windows Sidebar -> %ProgramFiles%\Windows Sidebar -> [Folder | Created Date = 06/24/2008 22:35:56 | Attr = ] WinRAR -> %ProgramFiles%\WinRAR -> [Folder | Created Date = 08/04/2008 13:52:05 | Attr = ] [Files/Folders - Modified Within 90 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 06/24/2008 22:57:18 | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 08/05/2008 23:55:13 | Attr = ] ISIS -> %SystemDrive%\ISIS -> [Folder | Modified Date = 06/04/2008 13:26:05 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 08/21/2008 08:31:39 | Attr = R ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 06/24/2008 21:32:38 | Attr = HS] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 06/24/2008 22:57:59 | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 08/21/2008 08:35:58 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 08/06/2008 00:08:42 | Attr = ] coh_mon.cat -> %SystemRoot%\System32\drivers\coh_mon.cat -> [Ver = | Size = 10537 bytes | Modified Date = 07/30/2008 17:28:04 | Attr = ] COH_Mon.inf -> %SystemRoot%\System32\drivers\COH_Mon.inf -> [Ver = | Size = 706 bytes | Modified Date = 07/30/2008 17:28:04 | Attr = ] COH_Mon.sys -> %SystemRoot%\System32\drivers\COH_Mon.sys -> Symantec Corporation [Ver = 6,1,4,10 | Size = 23888 bytes | Modified Date = 07/30/2008 17:42:12 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 06/20/2008 17:04:10 | Attr = ] hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [Ver = | Size = 27 bytes | Modified Date = 06/20/2008 17:04:10 | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 07/30/2008 20:07:52 | Attr = ] mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 07/30/2008 20:07:56 | Attr = ] PxHelp20.sys -> %SystemRoot%\System32\drivers\PxHelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 06/11/2008 01:07:16 | Attr = ] sptd.sys -> %SystemRoot%\System32\drivers\sptd.sys -> [Ver = | Size = 717296 bytes | Modified Date = 06/04/2008 13:00:31 | Attr = ] symdns.sys -> %SystemRoot%\System32\drivers\symdns.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 13616 bytes | Modified Date = 06/13/2008 14:13:38 | Attr = ] SYMEVENT.CAT -> %SystemRoot%\System32\drivers\SYMEVENT.CAT -> [Ver = | Size = 10671 bytes | Modified Date = 06/24/2008 23:02:11 | Attr = ] SYMEVENT.INF -> %SystemRoot%\System32\drivers\SYMEVENT.INF -> [Ver = | Size = 805 bytes | Modified Date = 06/24/2008 23:02:11 | Attr = ] SYMEVENT.SYS -> %SystemRoot%\System32\drivers\SYMEVENT.SYS -> Symantec Corporation [Ver = 12.5.4.1 | Size = 123952 bytes | Modified Date = 06/24/2008 23:02:11 | Attr = ] symfw.sys -> %SystemRoot%\System32\drivers\symfw.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 96432 bytes | Modified Date = 06/13/2008 14:13:38 | Attr = ] symids.sys -> %SystemRoot%\System32\drivers\symids.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 38576 bytes | Modified Date = 06/13/2008 14:13:38 | Attr = ] SymIM.sys -> %SystemRoot%\System32\drivers\SymIM.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 31280 bytes | Modified Date = 06/13/2008 14:14:02 | Attr = ] symndis.sys -> %SystemRoot%\System32\drivers\symndis.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 37424 bytes | Modified Date = 06/13/2008 14:13:38 | Attr = ] symndisv.sys -> %SystemRoot%\System32\drivers\symndisv.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 41008 bytes | Modified Date = 06/13/2008 14:13:40 | Attr = ] SymRedir.cat -> %SystemRoot%\System32\drivers\SymRedir.cat -> [Ver = | Size = 13093 bytes | Modified Date = 06/13/2008 14:14:02 | Attr = ] SymRedir.inf -> %SystemRoot%\System32\drivers\SymRedir.inf -> [Ver = | Size = 1611 bytes | Modified Date = 06/13/2008 14:14:02 | Attr = ] symredrv.sys -> %SystemRoot%\System32\drivers\symredrv.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 22320 bytes | Modified Date = 06/13/2008 14:13:38 | Attr = ] symtdi.sys -> %SystemRoot%\System32\drivers\symtdi.sys -> Symantec Corporation [Ver = 8.0.2.4 | Size = 184240 bytes | Modified Date = 06/13/2008 14:13:40 | Attr = ] AdobeFnt.lst -> %SystemRoot%\System32\AdobeFnt.lst -> [Ver = | Size = 150828 bytes | Modified Date = 07/02/2008 18:55:23 | Attr = ] CatRoot -> %SystemRoot%\System32\CatRoot -> [Folder | Modified Date = 06/24/2008 22:21:33 | Attr = ] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 08/26/2008 08:27:03 | Attr = ] config -> %SystemRoot%\System32\config -> [Folder | Modified Date = 08/05/2008 13:46:41 | Attr = ] DivXCodecVersionChecker.exe -> %SystemRoot%\System32\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 0,0,0,0 | Size = 161096 bytes | Modified Date = 06/18/2008 18:52:28 | Attr = ] dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 08/20/2008 16:34:19 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 08/06/2008 15:05:44 | Attr = ] DRVSTORE -> %SystemRoot%\System32\DRVSTORE -> [Folder | Modified Date = 08/06/2008 14:59:15 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 1597568 bytes | Modified Date = 06/11/2008 08:43:10 | Attr = ] FORDLINE.TTF -> %SystemRoot%\System32\FORDLINE.TTF -> [Ver = | Size = 46020 bytes | Modified Date = 06/10/2008 21:09:04 | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 05/30/2008 09:18:02 | Attr = ] MRT.INI -> %SystemRoot%\System32\MRT.INI -> [Ver = | Size = 118 bytes | Modified Date = 06/12/2008 10:28:41 | Attr = ] nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [Ver = | Size = 88723 bytes | Modified Date = 08/26/2008 08:37:54 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 72356 bytes | Modified Date = 08/20/2008 20:55:18 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 444858 bytes | Modified Date = 08/20/2008 20:55:19 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 523874 bytes | Modified Date = 08/20/2008 20:55:13 | Attr = ] pncrt.dll -> %SystemRoot%\System32\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Modified Date = 07/30/2008 23:48:25 | Attr = ] pndx5016.dll -> %SystemRoot%\System32\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Modified Date = 07/30/2008 23:48:30 | Attr = ] pndx5032.dll -> %SystemRoot%\System32\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Modified Date = 07/30/2008 23:48:30 | Attr = ] pxhpinst.exe -> %SystemRoot%\System32\pxhpinst.exe -> Sonic Solutions [Ver = 3.00.64a | Size = 72440 bytes | Modified Date = 06/11/2008 01:07:16 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 06/24/2008 22:57:59 | Attr = ] rmoc3260.dll -> %SystemRoot%\System32\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.10.50 | Size = 185944 bytes | Modified Date = 07/30/2008 23:48:42 | Attr = ] S32EVNT1.DLL -> %SystemRoot%\System32\S32EVNT1.DLL -> Symantec Corporation [Ver = 12.5.4.2 | Size = 60800 bytes | Modified Date = 06/24/2008 23:02:11 | Attr = ] SymNeti.dll -> %SystemRoot%\System32\SymNeti.dll -> Symantec Corporation [Ver = 8.0.2.6 | Size = 579464 bytes | Modified Date = 06/13/2008 14:45:48 | Attr = ] SymRedir.dll -> %SystemRoot%\System32\SymRedir.dll -> Symantec Corporation [Ver = 8.0.2.6 | Size = 207240 bytes | Modified Date = 06/13/2008 14:45:44 | Attr = ] vxblock.dll -> %SystemRoot%\System32\vxblock.dll -> Sonic Solutions [Ver = 1.00.83a | Size = 88824 bytes | Modified Date = 06/11/2008 01:07:14 | Attr = ] wbem -> %SystemRoot%\System32\wbem -> [Folder | Modified Date = 08/20/2008 20:55:37 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13694 bytes | Modified Date = 08/23/2008 14:18:09 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 08/20/2008 16:33:52 | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 08/26/2008 08:25:40 | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 08/20/2008 23:47:05 | Attr = ] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 06/13/2008 16:09:57 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 08/06/2008 15:46:33 | Attr = S] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 06/24/2008 22:57:12 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 06/08/2008 11:39:20 | Attr = R S] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 08/20/2008 16:34:05 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 08/20/2008 16:34:23 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 08/20/2008 21:14:41 | Attr = HS] Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 08/20/2008 23:47:11 | Attr = ] ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 490 bytes | Modified Date = 08/06/2008 14:44:29 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 08/26/2008 11:03:22 | Attr = ] Sun -> %SystemRoot%\Sun -> [Folder | Modified Date = 07/19/2008 18:23:53 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 06/21/2008 20:23:57 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 08/20/2008 23:54:23 | Attr = ] TACMMRmm.dat -> %SystemRoot%\TACMMRmm.dat -> [Ver = | Size = 12 bytes | Modified Date = 06/13/2008 16:10:53 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 06/24/2008 22:52:22 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 08/26/2008 10:43:27 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 688 bytes | Modified Date = 08/20/2008 16:15:47 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 08/08/2008 00:08:02 | Attr = ] 1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job -> [Ver = | Size = 396 bytes | Modified Date = 08/01/2008 18:16:13 | Attr = ] Norton Internet Security - Run Full System Scan - Nij Vyas.job -> %SystemRoot%\tasks\Norton Internet Security - Run Full System Scan - Nij Vyas.job -> [Ver = | Size = 628 bytes | Modified Date = 08/25/2008 23:45:31 | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 08/26/2008 08:26:30 | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 10/19/2007 00:08:54 | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 8135 bytes | Modified Date = 09/19/2007 17:02:43 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 10/19/2007 00:08:56 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 8014 bytes | Modified Date = 08/26/2008 08:28:48 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 8014 bytes | Modified Date = 08/26/2008 08:28:47 | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 11/01/2007 18:56:26 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 09/18/2007 00:19:15 | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 08/26/2008 10:43:27 | Attr = ] Perflib_Perfdata_10c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_10c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/02/2008 07:40:51 | Attr = ] Perflib_Perfdata_1ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_1ac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/24/2008 10:42:56 | Attr = ] Perflib_Perfdata_22c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_22c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/06/2008 07:17:30 | Attr = ] Perflib_Perfdata_268.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_268.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/04/2008 08:23:54 | Attr = ] Perflib_Perfdata_26c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_26c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/05/2008 08:29:05 | Attr = ] Perflib_Perfdata_2ac.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2ac.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/02/2008 18:17:06 | Attr = ] Perflib_Perfdata_2d4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2d4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 07/30/2008 11:03:36 | Attr = ] Perflib_Perfdata_2ec.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_2ec.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/03/2008 09:10:19 | Attr = ] Perflib_Perfdata_304.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_304.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/05/2008 16:29:49 | Attr = ] Perflib_Perfdata_364.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_364.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/21/2008 08:47:53 | Attr = ] Perflib_Perfdata_394.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_394.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/08/2008 15:05:43 | Attr = ] Perflib_Perfdata_3f4.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_3f4.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/07/2008 08:37:36 | Attr = ] Perflib_Perfdata_570.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_570.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/20/2008 13:52:36 | Attr = ] Perflib_Perfdata_5e8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5e8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/23/2008 14:20:05 | Attr = ] Perflib_Perfdata_634.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_634.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/25/2008 09:08:21 | Attr = ] Perflib_Perfdata_6d0.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_6d0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/20/2008 20:50:32 | Attr = ] Perflib_Perfdata_7b8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_7b8.dat -> [Ver = | Size = 16384 bytes | Modified Date = 08/26/2008 08:26:47 | Attr = ] 21 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] BVRP Software -> %AllUsersProfile%\Application Data\BVRP Software -> [Folder | Modified Date = 08/06/2008 14:59:37 | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 06/17/2008 12:00:56 | Attr = ] Sony Ericsson -> %AllUsersProfile%\Application Data\Sony Ericsson -> [Folder | Modified Date = 08/06/2008 14:58:21 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 08/21/2008 09:44:40 | Attr = ] Symantec -> %AllUsersProfile%\Application Data\Symantec -> [Folder | Modified Date = 08/05/2008 08:44:44 | Attr = ] BitTorrent -> %AppData%\BitTorrent -> [Folder | Modified Date = 08/20/2008 23:46:58 | Attr = ] Comma Separated Values (Windows).ADR -> %AppData%\Comma Separated Values (Windows).ADR -> [Ver = | Size = 38464 bytes | Modified Date = 08/05/2008 13:43:55 | Attr = ] Comma Separated Values (Windows).CAL -> %AppData%\Comma Separated Values (Windows).CAL -> [Ver = | Size = 12962 bytes | Modified Date = 08/05/2008 13:40:26 | Attr = ] Comma Separated Values (Windows).EML -> %AppData%\Comma Separated Values (Windows).EML -> [Ver = | Size = 9343 bytes | Modified Date = 08/05/2008 13:45:00 | Attr = ] DAEMON Tools -> %AppData%\DAEMON Tools -> [Folder | Modified Date = 06/04/2008 13:00:24 | Attr = ] DivX -> %AppData%\DivX -> [Folder | Modified Date = 08/04/2008 19:26:31 | Attr = ] DNA -> %AppData%\DNA -> [Folder | Modified Date = 08/20/2008 23:47:00 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 06/17/2008 12:00:59 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 07/27/2008 15:42:22 | Attr = S] MSNInstaller -> %AppData%\MSNInstaller -> [Folder | Modified Date = 08/06/2008 14:53:20 | Attr = ] Sun -> %AppData%\Sun -> [Folder | Modified Date = 07/19/2008 18:23:52 | Attr = ] Symantec -> %AppData%\Symantec -> [Folder | Modified Date = 06/24/2008 21:33:22 | Attr = ] WholeSecurity -> %AppData%\WholeSecurity -> [Folder | Modified Date = 08/26/2008 10:30:50 | Attr = ] WinRAR -> %AppData%\WinRAR -> [Folder | Modified Date = 08/04/2008 13:52:12 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 36352 bytes | Modified Date = 08/06/2008 13:56:39 | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 95448 bytes | Modified Date = 06/11/2008 15:50:57 | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 3768376 bytes | Modified Date = 08/25/2008 23:45:39 | Attr = H ] Sony Ericsson -> %UserProfile%\Local Settings\Application Data\Sony Ericsson -> [Folder | Modified Date = 08/06/2008 15:02:06 | Attr = ] Downloads -> %UserProfile%\My Documents\Downloads -> [Folder | Modified Date = 08/04/2008 13:52:38 | Attr = ] My Picture Messages -> %UserProfile%\My Documents\My Picture Messages -> [Folder | Modified Date = 08/06/2008 15:09:03 | Attr = ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 08/04/2008 19:25:20 | Attr = R ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 07/29/2008 16:03:43 | Attr = ] Norton Internet Security.lnk -> %AllUsersProfile%\Desktop\Norton Internet Security.lnk -> [Ver = | Size = 2007 bytes | Modified Date = 06/24/2008 22:37:36 | Attr = ] RealPlayer.lnk -> %AllUsersProfile%\Desktop\RealPlayer.lnk -> [Ver = | Size = 897 bytes | Modified Date = 07/30/2008 23:48:49 | Attr = ] Sony Ericsson PC Suite 3.2.lnk -> %AllUsersProfile%\Desktop\Sony Ericsson PC Suite 3.2.lnk -> [Ver = | Size = 1853 bytes | Modified Date = 08/06/2008 14:58:45 | Attr = ] DSCF3715.JPG -> %UserProfile%\Desktop\DSCF3715.JPG -> [Ver = | Size = 67865 bytes | Modified Date = 07/21/2008 17:44:54 | Attr = ] dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 08/05/2008 23:58:22 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 07/28/2008 23:22:50 | Attr = ] Microsoft Office Excel 2003.lnk -> %UserProfile%\Desktop\Microsoft Office Excel 2003.lnk -> [Ver = | Size = 2495 bytes | Modified Date = 07/07/2008 17:43:28 | Attr = ] Microsoft Office Outlook 2003.lnk -> %UserProfile%\Desktop\Microsoft Office Outlook 2003.lnk -> [Ver = | Size = 2521 bytes | Modified Date = 07/06/2008 08:35:58 | Attr = ] Microsoft Office Word 2003.lnk -> %UserProfile%\Desktop\Microsoft Office Word 2003.lnk -> [Ver = | Size = 2497 bytes | Modified Date = 08/24/2008 17:34:59 | Attr = ] Nero - Burning Rom.lnk -> %UserProfile%\Desktop\Nero - Burning Rom.lnk -> [Ver = | Size = 774 bytes | Modified Date = 06/04/2008 11:26:01 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.3 | Size = 291840 bytes | Modified Date = 08/06/2008 00:06:37 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 08/26/2008 11:01:38 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 568477 bytes | Modified Date = 08/26/2008 11:02:14 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier spybotsd160.exe -> %UserProfile%\Desktop\spybotsd160.exe -> Safer Networking Limited [Ver = 1.6.0 | Size = 14968808 bytes | Modified Date = 08/21/2008 08:32:47 | Attr = ] Thumbs.db -> %UserProfile%\Desktop\Thumbs.db -> [Ver = | Size = 81408 bytes | Modified Date = 06/07/2008 12:32:07 | Attr = HS] @Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 07/29/2008 16:03:22 | Attr = ] Real -> %CommonProgramFiles%\Real -> [Folder | Modified Date = 07/30/2008 23:48:46 | Attr = ] Symantec Shared -> %CommonProgramFiles%\Symantec Shared -> [Folder | Modified Date = 08/26/2008 09:18:06 | Attr = ] xing shared -> %CommonProgramFiles%\xing shared -> [Folder | Modified Date = 07/30/2008 23:48:51 | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]