[code] OTScanIt logfile created on: 9/10/2008 10:48:59 PM OTScanIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\user\Desktop\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 735.48 Mb Total Physical Memory | 328.78 Mb Available Physical Memory | 44.70% Memory free 1.01 Gb Paging File | 0.64 Gb Available in Paging File | 63.04% Paging File free Paging file location(s): C:\pagefile.sys 336 672; %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 19.53 Gb Total Space | 1.62 Gb Free Space | 8.28% Space Free | Partition Type: NTFS Drive D: | 54.99 Gb Total Space | 0.65 Gb Free Space | 1.18% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: USER-22F971AA57 Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On [Processes - Non-Microsoft Only] vsnpstd.exe -> %SystemRoot%\vsnpstd.exe -> [Ver = 1, 0, 1, 1 | Size = 286720 bytes | Modified Date = 6/10/2004 1:48:04 PM | Attr = ] athan.exe -> %ProgramFiles%\Athan\Athan.exe -> www.IslamicFinder.org [Ver = 3.00 | Size = 1003520 bytes | Modified Date = 9/7/2007 2:25:02 AM | Attr = ] fdm.exe -> %ProgramFiles%\Free Download Manager\fdm.exe -> FreeDownloadManager.ORG [Ver = 2.5 | Size = 2469935 bytes | Modified Date = 11/19/2007 12:40:48 AM | Attr = ] bitcomet.exe -> D:\Program Files\BitComet\BitComet.exe -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/3/2008 11:42:44 AM | Attr = ] veohclient.exe -> %ProgramFiles%\Veoh Networks\Veoh\VeohClient.exe -> Veoh Networks [Ver = 3.9.8.1077 | Size = 3660848 bytes | Modified Date = 8/28/2008 10:18:24 AM | Attr = ] wzqkpick.exe -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 106560 bytes | Modified Date = 1/27/2003 8:10:00 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 11/3/2007 1:36:25 PM | Attr = ] [Driver Services - All] (Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] -> -> File not found (abp480n5) abp480n5 [Kernel | Disabled | Stopped] -> -> File not found (ACPI) Microsoft ACPI Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\acpi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 187776 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (ACPIEC) ACPIEC [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\acpiec.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 11648 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (adpu160m) adpu160m [Kernel | Disabled | Stopped] -> -> File not found (aec) Microsoft Kernel Acoustic Echo Canceller [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\aec.sys -> Microsoft Corporation [Ver = 5.1.2601.2180 | Size = 142464 bytes | Modified Date = 2/15/2006 8:22:26 AM | Attr = ] (AFD) AFD [Kernel | System | Running] -> %SystemRoot%\system32\drivers\afd.sys -> Microsoft Corporation [Ver = 5.1.2600.3394 (xpsp_sp2_gdr.080620-1245) | Size = 138368 bytes | Modified Date = 6/20/2008 6:44:38 PM | Attr = ] (Aha154x) Aha154x [Kernel | Disabled | Stopped] -> -> File not found (aic78u2) aic78u2 [Kernel | Disabled | Stopped] -> -> File not found (aic78xx) aic78xx [Kernel | Disabled | Stopped] -> -> File not found (AliIde) AliIde [Kernel | Disabled | Stopped] -> -> File not found (amsint) amsint [Kernel | Disabled | Stopped] -> -> File not found (asc) asc [Kernel | Disabled | Stopped] -> -> File not found (asc3350p) asc3350p [Kernel | Disabled | Stopped] -> -> File not found (asc3550) asc3550 [Kernel | Disabled | Stopped] -> -> File not found (AsyncMac) RAS Asynchronous Media Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\asyncmac.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (atapi) Standard IDE/ESDI Hard Disk Controller [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\atapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 95360 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Atdisk) Atdisk [Kernel | Disabled | Stopped] -> -> File not found (Atmarpc) ATM ARP Client Protocol [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\atmarpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (audstub) Audio Stub Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\audstub.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 3072 bytes | Modified Date = 8/17/2001 9:59:44 PM | Attr = ] (Beep) Beep [Kernel | System | Running] -> %SystemRoot%\System32\drivers\beep.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (cbidf2k) cbidf2k [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\cbidf2k.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 13952 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (CCDECODE) Closed Caption Decoder [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\CCDECODE.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 17024 bytes | Modified Date = 8/3/2004 11:10:18 PM | Attr = ] (cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] -> -> File not found (Cdaudio) Cdaudio [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\cdaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Cdfs) Cdfs [File_System | Disabled | Running] -> %SystemRoot%\System32\drivers\cdfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 63744 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Cdrom) CD-ROM Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\cdrom.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Changer) Changer [Kernel | System | Stopped] -> -> File not found (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> -> File not found (Cpqarray) Cpqarray [Kernel | Disabled | Stopped] -> -> File not found (dac960nt) dac960nt [Kernel | Disabled | Stopped] -> -> File not found (Disk) Disk Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\disk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36352 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (DMusic) Microsoft Kernel DLS Syntheiszer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\DMusic.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52864 bytes | Modified Date = 8/3/2004 11:07:40 PM | Attr = ] (dpti2o) dpti2o [Kernel | Disabled | Stopped] -> -> File not found (drmkaud) Microsoft Kernel DRM Audio Descrambler [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\drmkaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 2944 bytes | Modified Date = 8/3/2004 11:07:58 PM | Attr = ] (Fastfat) Fastfat [File_System | Disabled | Running] -> %SystemRoot%\System32\drivers\fastfat.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 143360 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Fdc) Floppy Disk Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\fdc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 27392 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (FETNDIS) VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\fetnd5.sys -> VIA Technologies, Inc. [Ver = 2.66 | Size = 27165 bytes | Modified Date = 8/17/2001 8:13:08 PM | Attr = ] (Fips) Fips [Kernel | System | Running] -> %SystemRoot%\System32\drivers\fips.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 34944 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Flpydisk) Floppy Disk Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\flpydisk.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (FltMgr) FltMgr [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\fltmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2978 (xpsp_sp2_gdr.060821-0039) | Size = 128896 bytes | Modified Date = 8/21/2006 5:14:58 PM | Attr = ] (FsVga) FsVga [Kernel | System | Running] -> %SystemRoot%\system32\drivers\fsvga.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 12160 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Ftdisk) Volume Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\ftdisk.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 125056 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (gameenum) Game Port Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\gameenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 10624 bytes | Modified Date = 8/4/2004 7:08:22 AM | Attr = ] (Gpc) Generic Packet Classifier [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\msgpc.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 35072 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (HidUsb) Microsoft HID Class Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hidusb.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 9600 bytes | Modified Date = 8/17/2001 2:02:20 PM | Attr = ] (hpn) hpn [Kernel | Disabled | Stopped] -> -> File not found (HTTP) HTTP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\http.sys -> Microsoft Corporation [Ver = 5.1.2600.2869 (xpsp_sp2_gdr.060316-1512) | Size = 262784 bytes | Modified Date = 3/17/2006 8:33:10 AM | Attr = ] (hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\ewusbmdm.sys -> File not found (i2omgmt) i2omgmt [Kernel | System | Stopped] -> -> File not found (i2omp) i2omp [Kernel | Disabled | Stopped] -> -> File not found (i8042prt) i8042 Keyboard and PS/2 Mouse Port Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\i8042prt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52736 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Imapi) CD-Burning Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\imapi.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41856 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (ini910u) ini910u [Kernel | Disabled | Stopped] -> -> File not found (IntelIde) IntelIde [Kernel | Disabled | Stopped] -> -> File not found (intelppm) Intel Processor Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\intelppm.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 36096 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (IOIDDEV) IOIDDEV [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SurvivalProject\config\ioid.sys -> File not found (Ip6Fw) IPv6 Windows Firewall Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ip6fw.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 29056 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (IpFilterDriver) IP Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ipfltdrv.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32896 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (IpInIp) IP in IP Tunnel Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ipinip.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (IpNat) IP Network Address Translator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ipnat.sys -> Microsoft Corporation [Ver = 5.1.2600.2524 (xpsp_sp2_gdr.040919-1056) | Size = 134912 bytes | Modified Date = 9/30/2004 6:28:37 AM | Attr = ] (IPSec) IPSEC driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ipsec.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 74752 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (IRENUM) IR Enumerator Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\irenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11264 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (isapnp) PnP ISA/EISA Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\isapnp.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Kbdclass) Keyboard Class Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (kbdhid) Keyboard HID Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\kbdhid.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14848 bytes | Modified Date = 8/3/2004 10:58:36 PM | Attr = ] (kmixer) Microsoft Kernel Wave Audio Mixer [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\kmixer.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 172416 bytes | Modified Date = 6/14/2006 4:47:45 PM | Attr = ] (KSecDD) KSecDD [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\ksecdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 92032 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (lbrtfdc) lbrtfdc [Kernel | System | Stopped] -> -> File not found (mnmdd) mnmdd [Kernel | System | Running] -> %SystemRoot%\System32\drivers\mnmdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 4224 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Modem) Modem [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\modem.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30080 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (MODEMCSA) Unimodem Streaming Filter Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\MODEMCSA.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 16128 bytes | Modified Date = 8/17/2001 9:57:38 PM | Attr = ] (Mouclass) Mouse Class Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mouclass.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 23040 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (mouhid) Mouse HID Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mouhid.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 12160 bytes | Modified Date = 8/17/2001 1:48:00 PM | Attr = ] (MountMgr) MountMgr [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\mountmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42240 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> -> File not found (MRxDAV) WebDav Client Redirector [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\mrxdav.sys -> Microsoft Corporation [Ver = 5.1.2600.3276 (xpsp_sp2_gdr.071218-1250) | Size = 179584 bytes | Modified Date = 12/18/2007 5:51:35 PM | Attr = ] (MRxSmb) MRxSmb [File_System | System | Running] -> %SystemRoot%\system32\drivers\mrxsmb.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 453120 bytes | Modified Date = 5/5/2006 5:41:45 PM | Attr = ] (Msfs) Msfs [File_System | System | Running] -> %SystemRoot%\System32\drivers\msfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 19072 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (MSKSSRV) Microsoft Streaming Service Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MSKSSRV.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 7552 bytes | Modified Date = 8/4/2004 6:58:42 AM | Attr = ] (MSPCLOCK) Microsoft Streaming Clock Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MSPCLOCK.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5376 bytes | Modified Date = 8/4/2004 6:58:40 AM | Attr = ] (MSPQM) Microsoft Streaming Quality Manager Proxy [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MSPQM.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4992 bytes | Modified Date = 8/4/2004 6:58:42 AM | Attr = ] (mssmbios) Microsoft System Management BIOS Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mssmbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (MSTEE) Microsoft Streaming Tee/Sink-to-Sink Converter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MSTEE.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 5504 bytes | Modified Date = 8/3/2004 10:58:40 PM | Attr = ] (Mup) Mup [File_System | Boot | Running] -> %SystemRoot%\System32\drivers\mup.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 107904 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (NABTSFEC) NABTS/FEC VBI Codec [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\NABTSFEC.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 85376 bytes | Modified Date = 8/3/2004 11:10:30 PM | Attr = ] (NDIS) NDIS System Driver [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\ndis.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 182912 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (NdisIP) Microsoft TV/Video Connection [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\NdisIP.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 10880 bytes | Modified Date = 8/3/2004 11:10:14 PM | Attr = ] (NdisTapi) Remote Access NDIS TAPI Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndistapi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 9600 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Ndisuio) NDIS Usermode I/O Protocol [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ndisuio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12928 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (NdisWan) Remote Access NDIS WAN Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ndiswan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 91776 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (NDProxy) NDIS Proxy [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\ndproxy.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 38016 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (NetBIOS) NetBIOS Interface [File_System | System | Running] -> %SystemRoot%\system32\drivers\netbios.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (NetBT) NetBios over Tcpip [Kernel | System | Running] -> %SystemRoot%\system32\drivers\netbt.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 162816 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (nod32drv) nod32drv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Modified Date = 8/31/2008 12:00:02 PM | Attr = ] (NOWMEMDF) NOWMEMDF [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\nowmemdf.sys -> (c)NOWCOM [Ver = 1, 0, 0, 4 | Size = 14464 bytes | Modified Date = 11/2/2005 7:23:08 PM | Attr = R ] (Npfs) Npfs [File_System | System | Running] -> %SystemRoot%\System32\drivers\npfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 30848 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Ntfs) Ntfs [File_System | Disabled | Running] -> %SystemRoot%\System32\drivers\ntfs.sys -> Microsoft Corporation [Ver = 5.1.2600.3081 (xpsp_sp2_gdr.070209-0028) | Size = 574464 bytes | Modified Date = 2/9/2007 7:10:35 PM | Attr = ] (Null) Null [Kernel | System | Running] -> %SystemRoot%\System32\drivers\null.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 2944 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (NwlnkFlt) IPX Traffic Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nwlnkflt.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12416 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (NwlnkFwd) IPX Traffic Forwarder Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nwlnkfwd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 32512 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Parport) Parallel port driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\parport.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80128 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (PartMgr) PartMgr [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\partmgr.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 18688 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (ParVdm) ParVdm [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\parvdm.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 6784 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (PCI) PCI Bus Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68224 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (PCIDump) PCIDump [Kernel | System | Stopped] -> -> File not found (PCIIde) PCIIde [Kernel | Disabled | Stopped] -> -> File not found (Pcmcia) Pcmcia [Kernel | Disabled | Stopped] -> %SystemRoot%\System32\drivers\pcmcia.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 119936 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] -> -> File not found (PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] -> -> File not found (PDRELI) PDRELI [Kernel | On_Demand | Stopped] -> -> File not found (PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] -> -> File not found (perc2) perc2 [Kernel | Disabled | Stopped] -> -> File not found (perc2hib) perc2hib [Kernel | Disabled | Stopped] -> -> File not found (PptpMiniport) WAN Miniport (PPTP) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspptp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 48384 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (PSched) QoS Packet Scheduler [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\psched.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> -> File not found (Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] -> -> File not found (ql12160) ql12160 [Kernel | Disabled | Stopped] -> -> File not found (ql1240) ql1240 [Kernel | Disabled | Stopped] -> -> File not found (ql1280) ql1280 [Kernel | Disabled | Stopped] -> -> File not found (RasAcd) Remote Access Auto Connection Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\rasacd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 8832 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Rasl2tp) WAN Miniport (L2TP) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rasl2tp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 51328 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (RasPppoe) Remote Access PPPOE Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspppoe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 41472 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Raspti) Direct Parallel [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\raspti.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 16512 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Rdbss) Rdbss [File_System | System | Running] -> %SystemRoot%\system32\drivers\rdbss.sys -> Microsoft Corporation [Ver = 5.1.2600.2902 (xpsp_sp2_gdr.060505-0036) | Size = 174592 bytes | Modified Date = 5/5/2006 5:47:57 PM | Attr = ] (RDPCDD) RDPCDD [Kernel | System | Running] -> %SystemRoot%\system32\drivers\rdpcdd.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 4224 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (RDPWD) RDPWD [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\rdpwd.sys -> Microsoft Corporation [Ver = 5.1.2600.2695 (xpsp_sp2_gdr.050609-1528) | Size = 139528 bytes | Modified Date = 6/10/2005 12:09:46 PM | Attr = ] (redbook) Digital CD Audio Playback Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\redbook.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57472 bytes | Modified Date = 8/4/2004 6:59:38 AM | Attr = ] (RT73) RT73 USB Wireless LAN Card Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\rt73.sys -> File not found (serenum) Serenum Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\serenum.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15488 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Serial) Serial port driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\serial.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 64896 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Sfloppy) Sfloppy [Kernel | System | Stopped] -> %SystemRoot%\System32\drivers\sfloppy.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11392 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Simbad) Simbad [Kernel | Disabled | Stopped] -> -> File not found (SLIP) BDA Slip De-Framer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SLIP.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 11136 bytes | Modified Date = 8/3/2004 11:10:18 PM | Attr = ] (snpstd) VideoCAM Eye [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\snpstd.sys -> [Ver = 1, 1, 6, 1 | Size = 390912 bytes | Modified Date = 6/20/2005 9:27:02 PM | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> -> File not found (splitter) Microsoft Kernel Audio Splitter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\splitter.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 6400 bytes | Modified Date = 6/14/2006 4:47:46 PM | Attr = ] (sr) System Restore Filter Driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\sr.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73472 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Srv) Srv [File_System | On_Demand | Running] -> %SystemRoot%\system32\drivers\srv.sys -> Microsoft Corporation [Ver = 5.1.2600.2974 (xpsp_sp2_gdr.060814-0101) | Size = 332928 bytes | Modified Date = 8/14/2006 6:34:41 PM | Attr = ] (streamip) BDA IPSink [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\StreamIP.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15360 bytes | Modified Date = 8/3/2004 11:10:14 PM | Attr = ] (swenum) Software Bus Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\swenum.sys -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 4352 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (swmidi) Microsoft Kernel GS Wavetable Synthesizer [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\swmidi.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 54272 bytes | Modified Date = 8/17/2001 2:00:52 PM | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> -> File not found (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> -> File not found (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> -> File not found (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> -> File not found (sysaudio) Microsoft Kernel System Audio Device [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sysaudio.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 60800 bytes | Modified Date = 8/3/2004 11:15:56 PM | Attr = ] (Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\tcpip.sys -> Microsoft Corporation [Ver = 5.1.2600.3394 (xpsp_sp2_gdr.080620-1245) | Size = 360320 bytes | Modified Date = 6/20/2008 6:45:13 PM | Attr = ] (TDPIPE) TDPIPE [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\tdpipe.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 12040 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (TDTCP) TDTCP [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\tdtcp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 21896 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (TermDD) Terminal Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\termdd.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 40840 bytes | Modified Date = 8/4/2004 1:01:08 AM | Attr = ] (TosIde) TosIde [Kernel | Disabled | Stopped] -> -> File not found (Udfs) Udfs [File_System | Disabled | Stopped] -> %SystemRoot%\System32\drivers\udfs.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 66176 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (ultra) ultra [Kernel | Disabled | Stopped] -> -> File not found (Update) Microcode Update Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\update.sys -> Microsoft Corporation [Ver = 5.1.2600.3124 (xpsp_sp2_gdr.070423-0049) | Size = 364160 bytes | Modified Date = 4/23/2007 6:32:54 PM | Attr = ] (usbccgp) Microsoft USB Generic Parent Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbccgp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 31616 bytes | Modified Date = 8/3/2004 11:08:48 PM | Attr = ] (usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbehci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26624 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (usbhub) USB2 Enabled Hub [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbhub.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 57600 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (usbprint) Microsoft USB PRINTER Class [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbprint.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25856 bytes | Modified Date = 8/3/2004 11:01:26 PM | Attr = ] (usbscan) USB Scanner Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbscan.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 15104 bytes | Modified Date = 8/3/2004 10:58:46 PM | Attr = ] (USBSTOR) USB Mass Storage Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\USBSTOR.SYS -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 26496 bytes | Modified Date = 8/3/2004 11:08:48 PM | Attr = ] (usbuhci) Microsoft USB Universal Host Controller Miniport Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\usbuhci.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20480 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (VgaSave) VgaSave [Kernel | System | Running] -> %SystemRoot%\system32\drivers\vga.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 20992 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (viaagp) VIA AGP Bus Filter [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\VIAAGP.SYS -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42240 bytes | Modified Date = 8/4/2004 7:07:44 AM | Attr = ] (ViaIde) ViaIde [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\viaide.sys -> Microsoft Corporation [Ver = 1.00.01.01 | Size = 5376 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (VIAudio) Vinyl AC'97 Audio Controller (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\vinyl97.sys -> VIA Technologies, Inc. [Ver = 6.14.01.4160 built by: WinDDK | Size = 204160 bytes | Modified Date = 4/13/2006 2:09:56 PM | Attr = R ] (VolSnap) VolSnap [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\volsnap.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 52352 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (Wanarp) Remote Access IP ARP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wanarp.sys -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 34560 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (WDICA) WDICA [Kernel | On_Demand | Stopped] -> -> File not found (wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\wdmaud.sys -> Microsoft Corporation [Ver = 5.1.2600.2929 (xpsp_sp2_gdr.060613-2359) | Size = 82944 bytes | Modified Date = 6/14/2006 5:00:45 PM | Attr = ] (WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\wpdusb.sys -> Microsoft Corporation [Ver = 5.2.5721.5145 (WMP_11.061018-2006) | Size = 38528 bytes | Modified Date = 10/18/2006 8:00:00 PM | Attr = ] (WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 12032 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] (WSTCODEC) World Standard Teletext Codec [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WSTCODEC.SYS -> Microsoft Corporation [Ver = 5.3.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 19328 bytes | Modified Date = 8/3/2004 11:10:22 PM | Attr = ] (WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\WudfPf.sys -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 77568 bytes | Modified Date = 9/28/2006 6:55:50 PM | Attr = ] (WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\WudfRd.sys -> Microsoft Corporation [Ver = 6.0.5716.32 (winmain(wmbla).060928-1756) | Size = 82944 bytes | Modified Date = 9/28/2006 7:00:34 PM | Attr = ] (XDva037) XDva037 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\XDva037.sys -> File not found (XDva104) XDva104 [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\XDva104.sys -> File not found [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 10:16:38 PM | Attr = ] Athan -> %ProgramFiles%\Athan\Athan.exe [C:\Program Files\Athan\Athan.exe] -> www.IslamicFinder.org [Ver = 3.00 | Size = 1003520 bytes | Modified Date = 9/7/2007 2:25:02 AM | Attr = ] AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 7/4/2008 9:13:48 AM | Attr = ] NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe [C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 3:40:44 PM | Attr = ] nod32kui -> %ProgramFiles%\ESET\nod32kui.exe ["C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE] -> Eset [Ver = 2, 70, 39 | Size = 949376 bytes | Modified Date = 8/31/2008 12:00:02 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> Apple Inc. [Ver = 7.5 (861) | Size = 413696 bytes | Modified Date = 5/27/2008 10:50:30 AM | Attr = ] snpstd -> %SystemRoot%\vsnpstd.exe [C:\windows\vsnpstd.exe] -> [Ver = 1, 0, 1, 1 | Size = 286720 bytes | Modified Date = 6/10/2004 1:48:04 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> [] -> File not found BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 11/16/2006 7:04:20 PM | Attr = ] BitComet -> D:\Program Files\BitComet\BitComet.exe ["D:\Program Files\BitComet\BitComet.exe" /tray] -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/3/2008 11:42:44 AM | Attr = ] Free Download Manager -> %ProgramFiles%\Free Download Manager\fdm.exe ["C:\Program Files\Free Download Manager\fdm.exe" -autorun] -> FreeDownloadManager.ORG [Ver = 2.5 | Size = 2469935 bytes | Modified Date = 11/19/2007 12:40:48 AM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 11/19/2007 4:01:45 PM | Attr = ] Veoh -> %ProgramFiles%\Veoh Networks\Veoh\VeohClient.exe ["C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide] -> Veoh Networks [Ver = 3.9.8.1077 | Size = 3660848 bytes | Modified Date = 8/28/2008 10:18:24 AM | Attr = ] < Run [HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> [] -> File not found BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 1, 5, 3, 0 | Size = 139264 bytes | Modified Date = 11/16/2006 7:04:20 PM | Attr = ] BitComet -> D:\Program Files\BitComet\BitComet.exe ["D:\Program Files\BitComet\BitComet.exe" /tray] -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/3/2008 11:42:44 AM | Attr = ] Free Download Manager -> %ProgramFiles%\Free Download Manager\fdm.exe ["C:\Program Files\Free Download Manager\fdm.exe" -autorun] -> FreeDownloadManager.ORG [Ver = 2.5 | Size = 2469935 bytes | Modified Date = 11/19/2007 12:40:48 AM | Attr = ] swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 1, 2, 1128, 5462 | Size = 171448 bytes | Modified Date = 11/19/2007 4:01:45 PM | Attr = ] Veoh -> %ProgramFiles%\Veoh Networks\Veoh\VeohClient.exe ["C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide] -> Veoh Networks [Ver = 3.9.8.1077 | Size = 3660848 bytes | Modified Date = 8/28/2008 10:18:24 AM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\hp psc 1000 series.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe -> Hewlett-Packard Co. [Ver = 4.2.0.038 | Size = 147456 bytes | Modified Date = 6/16/2004 6:34:12 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\hpoddt01.exe.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Modified Date = 6/16/2004 6:22:58 PM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\WinZip Quick Pick.lnk -> %ProgramFiles%\WinZip\WZQKPICK.EXE -> WinZip Computing, Inc. [Ver = 1.0 (32-bit) | Size = 106560 bytes | Modified Date = 1/27/2003 8:10:00 AM | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> < user Startup Folder > -> C:\Documents and Settings\user\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 3/16/2005 7:16:50 PM | Attr = ] < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 7/4/2008 9:07:18 AM | Attr = ] *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 6:23:07 PM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\windows\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/26/2007 11:36:51 AM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004] > -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> FF FF FF FF [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004] > -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> FF FF FF FF [binary data] -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> < CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> < Drives with AutoRun files > -> -> autorun.inf [] -> %SystemDrive%\autorun.inf [ NTFS ] -> [Folder | Modified Date = 8/3/2008 2:48:26 PM | Attr = RHS] autorun.inf [] -> D:\autorun.inf [ NTFS ] -> [Folder | Modified Date = 8/3/2008 2:48:27 PM | Attr = RHS] < HOSTS File > (4102 bytes and 89 lines) -> C:\windows\System32\drivers\etc\Hosts -> First 25 entries... 127.0.0.1 localhost 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 127.0.0.1 download.cdn.errorsafe.com ## added by CiD 127.0.0.1 download.cdn.winsoftware.com ## added by CiD 127.0.0.1 download.errorsafe.com ## added by CiD 127.0.0.1 download.systemdoctor.com ## added by CiD 127.0.0.1 download.winantispyware.com ## added by CiD 127.0.0.1 download.windrivecleaner.com ## added by CiD 127.0.0.1 download.winfixer.com ## added by CiD 127.0.0.1 drivecleaner.com ## added by CiD 127.0.0.1 dynamique.drivecleaner.com ## added by CiD 127.0.0.1 errorprotector.com ## added by CiD 127.0.0.1 errorsafe.com ## added by CiD 127.0.0.1 es.winantivirus.com ## added by CiD 127.0.0.1 fr.winantivirus.com ## added by CiD 127.0.0.1 fr.winfixer.com ## added by CiD < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.yahoo.com -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://jp.msn.com/ -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 10, 19, 1 | Size = 817936 bytes | Modified Date = 10/20/2007 5:56:50 AM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\] > -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\: Main\\Local Page -> C:\windows\system32\blank.htm -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\: Main\\Start Page -> http://jp.msn.com/ -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 10, 19, 1 | Size = 817936 bytes | Modified Date = 10/20/2007 5:56:50 AM | Attr = ] HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 10, 19, 1 | Size = 817936 bytes | Modified Date = 10/20/2007 5:56:50 AM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr = ] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKEY_LOCAL_MACHINE] -> D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll [BitComet Helper] -> BitComet [Ver = 20080228 | Size = 468280 bytes | Modified Date = 2/29/2008 4:49:22 PM | Attr = ] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.152 | Size = 455960 bytes | Modified Date = 8/29/2008 10:36:20 PM | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] {CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [Ver = | Size = 90112 bytes | Modified Date = 8/21/2007 10:44:32 PM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] {9E5BD40E-6287-11D6-9772-0002A5DD2483} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\jBrowse\JBO.dll [jBrowse Toolbar] -> [Ver = 1, 0, 0, 1 | Size = 319488 bytes | Modified Date = 7/24/2002 10:52:59 PM | Attr = ] {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2007, 10, 19, 1 | Size = 817936 bytes | Modified Date = 10/20/2007 5:56:50 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{9E5BD40E-6287-11D6-9772-0002A5DD2483} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\jBrowse\JBO.dll [jBrowse Toolbar] -> [Ver = 1, 0, 0, 1 | Size = 319488 bytes | Modified Date = 7/24/2002 10:52:59 PM | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R ] WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{9E5BD40E-6287-11D6-9772-0002A5DD2483} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\jBrowse\JBO.dll [jBrowse Toolbar] -> [Ver = 1, 0, 0, 1 | Size = 319488 bytes | Modified Date = 7/24/2002 10:52:59 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {62E65991-BAFA-4AFB-9B40-06039E276D28}:BandCLSID -> Reg Error: Key does not exist or could not be opened. [??????] -> File not found {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [BitComet] -> File not found {D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec -> %SystemDrive%\PROGRA~1\FlashGet\flashget.exe [FlashGet] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] CmdMapping\\{62E65991-BAFA-4AFB-9B40-06039E276D28} [HKEY_LOCAL_MACHINE] -> [??????] -> File not found CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKEY_LOCAL_MACHINE] -> [BitComet] -> File not found CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\FlashGet\flashget.exe [FlashGet] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &D&ownload &with BitComet -> D:\Program Files\BitComet\BitComet.exe -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/3/2008 11:42:44 AM | Attr = ] &D&ownload all video with BitComet -> D:\Program Files\BitComet\BitComet.exe -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/3/2008 11:42:44 AM | Attr = ] &D&ownload all with BitComet -> D:\Program Files\BitComet\BitComet.exe -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/3/2008 11:42:44 AM | Attr = ] Download All by FlashGet -> %SystemDrive%\PROGRA~1\FlashGet\jc_all.htm -> File not found Download all with Free Download Manager -> -> File not found Download selected with Free Download Manager -> -> File not found Download using FlashGet -> %SystemDrive%\PROGRA~1\FlashGet\jc_link.htm -> File not found Download video with Free Download Manager -> -> File not found Download with Free Download Manager -> -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %SystemDrive%\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] CmdMapping\\{62E65991-BAFA-4AFB-9B40-06039E276D28} [HKEY_LOCAL_MACHINE] -> [??????] -> File not found CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKEY_LOCAL_MACHINE] -> [BitComet] -> File not found CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> %SystemDrive%\PROGRA~1\FlashGet\flashget.exe [FlashGet] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Microsoft\Internet Explorer\MenuExt\ -> &D&ownload &with BitComet -> D:\Program Files\BitComet\BitComet.exe -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/3/2008 11:42:44 AM | Attr = ] &D&ownload all video with BitComet -> D:\Program Files\BitComet\BitComet.exe -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/3/2008 11:42:44 AM | Attr = ] &D&ownload all with BitComet -> D:\Program Files\BitComet\BitComet.exe -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/3/2008 11:42:44 AM | Attr = ] Download All by FlashGet -> %SystemDrive%\PROGRA~1\FlashGet\jc_all.htm -> File not found Download all with Free Download Manager -> -> File not found Download selected with Free Download Manager -> -> File not found Download using FlashGet -> %SystemDrive%\PROGRA~1\FlashGet\jc_link.htm -> File not found Download video with Free Download Manager -> -> File not found Download with Free Download Manager -> -> File not found < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {0C9BF4ED-D6D9-4AA6-A452-BC1E09650501} -> (802.11b/g Mini Wireless LAN USB 2.0 Adapter) -> {356E81DF-12E0-497C-B9B8-275B7EDD6E9E} -> (802.11b/g Mini Wireless LAN USB 2.0 Adapter) -> {402B9F76-EB9E-4227-BC4D-8AF2324ECB6A} -> (802.11b/g Mini Wireless LAN USB 2.0 Adapter) -> {6403BCE0-291A-405A-8E64-C4166F880FD0} -> (VIA Compatable Fast Ethernet Adapter) -> {6CDA7D62-E271-4E8C-8524-747CC6F0F4A2} -> (802.11b/g Mini Wireless LAN USB 2.0 Adapter) -> {9C315B8F-2B95-4B9B-893D-BE3457333665} -> () -> < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> Protocol_Catalog9\Catalog_Entries\000000000001 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000002 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000003 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000004 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000005 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000006 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000007 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000008 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000009 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000010 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000011 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000012 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000013 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000014 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000015 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000016 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000017 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000018 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000019 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000020 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000021 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000022 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000023 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000024 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000025 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000026 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000027 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000028 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000029 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000030 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] Protocol_Catalog9\Catalog_Entries\000000000031 -> %SystemRoot%\system32\imon.dll -> Eset [Ver = 2, 70, 39 | Size = 298104 bytes | Modified Date = 8/31/2008 12:00:07 PM | Attr = ] < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 7/4/2008 9:12:13 AM | Attr = ] msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 29, 0 | Size = 1942864 bytes | Modified Date = 8/12/2008 5:13:00 PM | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab[QuickTime Object] -> {0AE0F5F9-8233-49A4-A3C8-004CE190787B}[HKEY_LOCAL_MACHINE] -> http://www.pdbox.co.kr/boxmedia/ctrl_down/BMSpeedCheck.cab[BMSpeedCheck Control] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {2B866353-E598-4403-8E4D-B871AB30DC55}[HKEY_LOCAL_MACHINE] -> http://www.singnet.com/technical/helptools/media/SpeedCtrl.cab[Speed Class] -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537}[HKEY_LOCAL_MACHINE] -> http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab[MSN Photo Upload Tool] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218448404138&h=779e246c75760265a206842d4206d972/&filename=jinstall-6u7-windows-i586-jc.cab[Java Plug-in 1.6.0_07] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4}[HKEY_LOCAL_MACHINE] -> http://www.clubbox.co.kr/neo.fld/MultiUpload.cab[MultiUpload Control] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BMSpeedCheck.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BMSpeedCheck.ocx\\.Owner -> {0AE0F5F9-8233-49A4-A3C8-004CE190787B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BMSpeedCheck.ocx\\{0AE0F5F9-8233-49A4-A3C8-004CE190787B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MsnPUpld.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MultiUpload.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MultiUpload.ocx\\.Owner -> {F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MultiUpload.ocx\\{F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\.Owner -> {4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/PURen-us.dll\\{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpeedCtrl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpeedCtrl.dll\\.Owner -> {2B866353-E598-4403-8E4D-B871AB30DC55} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SpeedCtrl.dll\\{2B866353-E598-4403-8E4D-B871AB30DC55} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/DownUpdater.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/DownUpdater.exe\\.Owner -> {072039AB-2117-4ED5-A85F-9B9EB903E021} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/DownUpdater.exe\\{072039AB-2117-4ED5-A85F-9B9EB903E021} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{072039AB-2117-4ED5-A85F-9B9EB903E021} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{F6E361B4-40F3-4C90-8A95-D95E0D8CBCD4} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll\\{0AE0F5F9-8233-49A4-A3C8-004CE190787B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pluspoint2inst.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pluspoint2inst.dll\\.Owner -> {760FF20F-B852-4ED7-AE91-F1DE355C080F} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/pluspoint2inst.dll\\{760FF20F-B852-4ED7-AE91-F1DE355C080F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/speedchksup5.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/speedchksup5.exe\\.Owner -> {2B866353-E598-4403-8E4D-B871AB30DC55} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/speedchksup5.exe\\{2B866353-E598-4403-8E4D-B871AB30DC55} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/16/2005 1:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 10:21:15 PM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 740 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 9D 61 4E 5F 73 5B D2 BF 32 0D A5 3C A2 31 B1 6D 37 66 65 64 63 62 34 62 00 FD 07 00 1A 32 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 77 14 0D 7A D0 C3 ED F3 CC 02 70 7F [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 77 01 22 60 28 4A A5 49 CC [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 62 E6 A8 A1 06 CE [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 46 4C F1 CF 5D DF E1 D6 28 3F 7C F5 75 12 FE 69 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 56 6C 70 8C 7E 06 C9 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 12294 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\BitComet\BitComet.exe -> D:\Program Files\BitComet\BitComet.exe [D:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/3/2008 11:42:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\fscagent.exe -> %SystemRoot%\system32\fscagent.exe [C:\WINDOWS\system32\fscagent.exe:*:Enabled:A¡þ¡¤¢¥ⓒoU¨o¨¬ ¨¡AAIAu¨uU ¥i¡I¢¬o] -> Nowcom Co., Ltd. [Ver = 3, 1, 1, 24 | Size = 159744 bytes | Modified Date = 2/26/2008 12:24:40 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\grdmgr.exe -> %SystemRoot%\system32\grdmgr.exe [C:\WINDOWS\system32\grdmgr.exe:*:Enabled:CDN ¨¡AAIAu¨uU ¥i¡I¢¬o] -> 나우콤 [Ver = 1, 0, 0, 28 | Size = 102400 bytes | Modified Date = 12/28/2007 1:24:00 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/14/2004 12:24:37 AM | Attr = HS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Veoh Networks\Veoh\VeohClient.exe -> %ProgramFiles%\Veoh Networks\Veoh\VeohClient.exe [C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client] -> Veoh Networks [Ver = 3.9.8.1077 | Size = 3660848 bytes | Modified Date = 8/28/2008 10:18:24 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\clubbox.exe -> %SystemRoot%\system32\clubbox.exe [C:\WINDOWS\system32\clubbox.exe:*:Enabled:????ⓒ¡i? o¢?e¡I??????Oe] -> Nowcom, Co. LTD. [Ver = 2, 0, 5, 86 | Size = 1531904 bytes | Modified Date = 4/1/2008 10:07:02 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpvsetup.exe -> %SystemRoot%\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 83456 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\ftp.exe -> %SystemRoot%\system32\ftp.exe [C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> %ProgramFiles%\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.159 | Size = 641304 bytes | Modified Date = 8/29/2008 1:43:44 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\bro\Xfire\xfire.exe -> D:\bro\Xfire\xfire.exe [D:\bro\Xfire\xfire.exe:*:Disabled:Xfire] -> Xfire Inc. [Ver = 13133 | Size = 3031376 bytes | Modified Date = 6/27/2008 4:10:40 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\ijji\ENGLISH\u_gunz.exe -> %SystemDrive%\ijji\ENGLISH\u_gunz.exe [C:\ijji\ENGLISH\u_gunz.exe:*:Disabled:] -> NHN USA inc. [Ver = 1.0.0.9 | Size = 868352 bytes | Modified Date = 5/27/2008 5:31:30 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6316.5000 | Size = 12844576 bytes | Modified Date = 5/21/2008 4:37:24 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> %ProgramFiles%\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.6211.1000 | Size = 340856 bytes | Modified Date = 8/29/2007 12:23:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> %ProgramFiles%\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.6316.5000 | Size = 1022496 bytes | Modified Date = 5/21/2008 5:54:40 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe -> %ProgramFiles%\Nero\Nero 7\Nero ShowTime\ShowTime.exe [C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials] -> Nero AG [Ver = 3, 2, 3, 1 | Size = 4820992 bytes | Modified Date = 11/20/2006 9:50:20 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 8/12/2008 5:13:00 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7802:TCP -> 7802:TCP:*:Enabled:BitComet 7802 TCP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7802:UDP -> 7802:UDP:*:Enabled:BitComet 7802 UDP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\windows\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> "%1" %* -> .cmd [@ = cmdfile] -> "%1" %* -> .com [@ = ComFile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> .html [@ = FirefoxHTML] -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 7/3/2008 9:52:30 AM | Attr = ] .pif [@ = piffile] -> "%1" %* -> .scr [@ = scrfile] -> "%1" %* -> < Internet Explorer CmdMapping [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8195 - Sun Java Console {62E65991-BAFA-4AFB-9B40-06039E276D28} -> 8196 - Reg Error: Value MenuText does not exist or could not be read. {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8193 - Reg Error: Value MenuText does not exist or could not be read. {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -> 8197 - Reg Error: Value MenuText does not exist or could not be read. {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -> 8194 - &FlashGet {FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Windows Messenger NextId -> 8198 < Security Settings > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DisplayName -> Background Intelligent Transfer Service -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnService -> RpcSs -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 12:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\Description -> Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\ServiceDll -> %SystemRoot%\system32\qmgr.dll [%systemroot%\system32\qmgr.dll] -> Microsoft Corporation [Ver = 6.6.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 382464 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\0 -> Root\LEGACY_BITS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 12294 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\Program Files\BitComet\BitComet.exe -> D:\Program Files\BitComet\BitComet.exe [D:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/3/2008 11:42:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\fscagent.exe -> %SystemRoot%\system32\fscagent.exe [C:\WINDOWS\system32\fscagent.exe:*:Enabled:A¡þ¡¤¢¥ⓒoU¨o¨¬ ¨¡AAIAu¨uU ¥i¡I¢¬o] -> Nowcom Co., Ltd. [Ver = 3, 1, 1, 24 | Size = 159744 bytes | Modified Date = 2/26/2008 12:24:40 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\grdmgr.exe -> %SystemRoot%\system32\grdmgr.exe [C:\WINDOWS\system32\grdmgr.exe:*:Enabled:CDN ¨¡AAIAu¨uU ¥i¡I¢¬o] -> 나우콤 [Ver = 1, 0, 0, 28 | Size = 102400 bytes | Modified Date = 12/28/2007 1:24:00 AM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1694208 bytes | Modified Date = 10/14/2004 12:24:37 AM | Attr = HS] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Veoh Networks\Veoh\VeohClient.exe -> %ProgramFiles%\Veoh Networks\Veoh\VeohClient.exe [C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Disabled:Veoh Client] -> Veoh Networks [Ver = 3.9.8.1077 | Size = 3660848 bytes | Modified Date = 8/28/2008 10:18:24 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\clubbox.exe -> %SystemRoot%\system32\clubbox.exe [C:\WINDOWS\system32\clubbox.exe:*:Enabled:????ⓒ¡i? o¢?e¡I??????Oe] -> Nowcom, Co. LTD. [Ver = 2, 0, 5, 86 | Size = 1531904 bytes | Modified Date = 4/1/2008 10:07:02 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\dpvsetup.exe -> %SystemRoot%\system32\dpvsetup.exe [C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test] -> Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 83456 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> Microsoft Corporation [Ver = 8.5.1302.1018 | Size = 5724184 bytes | Modified Date = 10/18/2007 11:34:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> Microsoft Corporation [Ver = 1.5.204.0 | Size = 304488 bytes | Modified Date = 10/2/2007 5:18:24 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\ftp.exe -> %SystemRoot%\system32\ftp.exe [C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 42496 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> %ProgramFiles%\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.159 | Size = 641304 bytes | Modified Date = 8/29/2008 1:43:44 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\bro\Xfire\xfire.exe -> D:\bro\Xfire\xfire.exe [D:\bro\Xfire\xfire.exe:*:Disabled:Xfire] -> Xfire Inc. [Ver = 13133 | Size = 3031376 bytes | Modified Date = 6/27/2008 4:10:40 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\ijji\ENGLISH\u_gunz.exe -> %SystemDrive%\ijji\ENGLISH\u_gunz.exe [C:\ijji\ENGLISH\u_gunz.exe:*:Disabled:] -> NHN USA inc. [Ver = 1.0.0.9 | Size = 868352 bytes | Modified Date = 5/27/2008 5:31:30 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.6316.5000 | Size = 12844576 bytes | Modified Date = 5/21/2008 4:37:24 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> %ProgramFiles%\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.6211.1000 | Size = 340856 bytes | Modified Date = 8/29/2007 12:23:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> %ProgramFiles%\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.6316.5000 | Size = 1022496 bytes | Modified Date = 5/21/2008 5:54:40 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe -> %ProgramFiles%\Nero\Nero 7\Nero ShowTime\ShowTime.exe [C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials] -> Nero AG [Ver = 3, 2, 3, 1 | Size = 4820992 bytes | Modified Date = 11/20/2006 9:50:20 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe -> %ProgramFiles%\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> Skype Technologies S.A. [Ver = 3.8.0.154 | Size = 21741864 bytes | Modified Date = 8/12/2008 5:13:00 PM | Attr = R ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7802:TCP -> 7802:TCP:*:Enabled:BitComet 7802 TCP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7802:UDP -> 7802:UDP:*:Enabled:BitComet 7802 UDP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\windows\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> < Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> BootExecute -> autocheck autochk *; -> ExcludeFromKnownDlls -> -> *ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories -> \Windows -> -> File not found \RPC Control -> -> File not found *MultiFile Done* -> -> < Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> ComSpec -> C:\WINDOWS\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> TMP -> %SystemRoot%\TEMP -> windir -> %SystemRoot% -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> %systemroot%\system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 9/10/2008 7:28:46 AM | Attr = ] %systemroot% -> %SystemRoot% -> [Folder | Modified Date = 9/10/2008 1:49:03 PM | Attr = ] %systemroot%\system32\wbem -> %SystemRoot%\system32\wbem -> [Folder | Modified Date = 9/5/2008 12:00:30 AM | Attr = ] C:\Program Files\Common Files\Adobe\AGL -> %CommonProgramFiles%\Adobe\AGL -> [Folder | Modified Date = 11/3/2007 1:41:36 PM | Attr = ] C:\Program Files\QuickTime\QTSystem\ -> %ProgramFiles%\QuickTime\QTSystem -> [Folder | Modified Date = 9/7/2008 10:48:48 AM | Attr = ] *MultiFile Done* -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> -> File not found .EXE -> -> File not found .BAT -> -> File not found .CMD -> -> File not found .VBS -> -> File not found .VBE -> -> File not found .JS -> -> File not found .JSE -> -> File not found .WSF -> -> File not found .WSH -> -> File not found *MultiFile Done* -> -> < Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations -> < Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls -> advapi32 -> C:\WINDOWS\system32\advapi32.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 616960 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] comdlg32 -> C:\WINDOWS\system32\comdlg32.dll -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 276992 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] DllDirectory -> C:\WINDOWS\system32 -> [Folder | Modified Date = 9/10/2008 7:28:46 AM | Attr = ] gdi32 -> C:\WINDOWS\system32\gdi32.dll -> Microsoft Corporation [Ver = 5.1.2600.3316 (xpsp_sp2_gdr.080219-1316) | Size = 282624 bytes | Modified Date = 2/20/2008 2:51:05 PM | Attr = ] imagehlp -> C:\WINDOWS\system32\imagehlp.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 144384 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] kernel32 -> C:\WINDOWS\system32\kernel32.dll -> Microsoft Corporation [Ver = 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301) | Size = 984576 bytes | Modified Date = 4/16/2007 11:52:53 PM | Attr = ] lz32 -> C:\WINDOWS\system32\lz32.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 2560 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] ole32 -> C:\WINDOWS\system32\ole32.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 1285120 bytes | Modified Date = 7/26/2005 12:39:48 PM | Attr = ] oleaut32 -> C:\WINDOWS\system32\oleaut32.dll -> Microsoft Corporation [Ver = 5.1.2600.3266 | Size = 550912 bytes | Modified Date = 12/5/2007 2:38:13 AM | Attr = ] olecli32 -> C:\WINDOWS\system32\olecli32.dll -> Microsoft Corporation [Ver = 1.07 (xpsp_sp2_gdr.050725-1528) | Size = 74752 bytes | Modified Date = 7/26/2005 12:39:48 PM | Attr = ] olecnv32 -> C:\WINDOWS\system32\olecnv32.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 37888 bytes | Modified Date = 7/26/2005 12:39:49 PM | Attr = ] olesvr32 -> C:\WINDOWS\system32\olesvr32.dll -> Microsoft Corporation [Ver = 1.09 (XPClient.010817-1148) | Size = 22016 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] olethk32 -> C:\WINDOWS\system32\olethk32.dll -> Microsoft Corporation [Ver = 5.1.2600.0 (XPClient.010817-1148) | Size = 69120 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] rpcrt4 -> C:\WINDOWS\system32\rpcrt4.dll -> Microsoft Corporation [Ver = 5.1.2600.3173 (xpsp_sp2_gdr.070709-0051) | Size = 584192 bytes | Modified Date = 7/9/2007 9:09:42 PM | Attr = ] shell32 -> C:\WINDOWS\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/26/2007 11:36:51 AM | Attr = ] url -> C:\WINDOWS\system32\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 105984 bytes | Modified Date = 6/24/2008 12:57:40 AM | Attr = ] urlmon -> C:\WINDOWS\system32\urlmon.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 1159680 bytes | Modified Date = 6/24/2008 12:57:40 AM | Attr = ] user32 -> C:\WINDOWS\system32\user32.dll -> Microsoft Corporation [Ver = 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222) | Size = 577536 bytes | Modified Date = 3/8/2007 11:36:28 PM | Attr = ] version -> C:\WINDOWS\system32\version.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] wininet -> C:\WINDOWS\system32\wininet.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 826368 bytes | Modified Date = 6/24/2008 12:57:41 AM | Attr = ] wldap32 -> C:\WINDOWS\system32\wldap32.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 172032 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] < Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC -> CommonFilesDir -> C:\Program Files\Common Files -> [Folder | Modified Date = 9/5/2008 9:13:57 AM | Attr = ] ProgramFilesDir -> C:\Program Files -> [Folder | Modified Date = 9/7/2008 10:46:55 AM | Attr = ] < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command -> batfile [open] -> "%1" %* -> File not found cmdfile [open] -> "%1" %* -> File not found comfile [open] -> "%1" %* -> File not found exefile [open] -> "%1" %* -> File not found htmlfile [edit] -> Reg Error: Key does not exist or could not be opened. htmlfile [print] -> Reg Error: Key does not exist or could not be opened. https [open] -> "%ProgramFiles%\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 7/3/2008 9:52:30 AM | Attr = ] piffile [open] -> "%1" %* -> File not found regfile [merge] -> Reg Error: Key does not exist or could not be opened. scrfile [config] -> "%1" -> File not found scrfile [open] -> "%1" %* -> File not found txtfile [edit] -> Reg Error: Key does not exist or could not be opened. < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultExecMenuItems\\tWhiteList -> [String data over 1000 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchAttachmentPerms\\tBuiltInPermList -> %SystemRoot%\system32\version.dll [version:1|.ade:3|.adp:3|.app:3|.asp:3|.bas:3|.bat:3|.bz:3|.bz2:3|.chm:3|.class:3|.cmd:3|.com:3|.command:3|.cpl:3|.crt:3|.csh:3|.desktop:3|.exe:3|.fxp:3|.gz:3|.hex:3|.hlp:3|.hqx:3|.hta:3|.inf:3|.ini:3|.ins:3|.isp:3|.its:3|.job:3|.js:3|.jse:3|.ksh:3|.lnk:3|.lzh:3|.mad:3|.maf:3|.mag:3|.mam:3|.maq:3|.mar:3|.mas:3|.mat:3|.mau:3|.mav:3|.maw:3|.mda:3|.mde:3|.mdt:3|.mdw:3|.mdz:3|.msc:3|.msi:3|.msp:3|.mst:3|.ocx:3|.ops:3|.pcd:3|.pi:3|.pif:3|.prf:3|.prg:3|.pst:3|.rar:3|.reg:3|.scf:3|.scr:3|.sct:3|.sea:3|.shb:3|.shs:3|.sit:3|.tar:3|.tgz:3|.tmp:3|.url:3|.vb:3|.vbe:3|.vbs:3|.vsmacros:3|.vss:3|.vst:3|.vsw:3|.webloc:3|.ws:3|.wsc:3|.wsf:3|.wsh:3|.zip:3|.zlo:3|.zoo:3|.pdf:2|.fdf:2] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Adobe\Acrobat Reader\8.0\FeatureLockdown\cDefaultLaunchURLPerms\\tSchemePerms -> %SystemRoot%\system32\version.dll [version:1|shell:3|hcp:3|ms-help:3|ms-its:3|ms-itss:3|its:3|mk:3|mhtml:3|help:3|disk:3|afp:3|disks:3|telnet:3|ssh:3|acrobat:2|mailto:2|file:1] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 18944 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Conferencing\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\DisableServerCheck -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\\LegacyPresence -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\CertificatePolicy\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\RTC\{A5B45060-354F-4097-A928-5125436C46F1}\PortRange\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> *ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> ADE -> -> File not found ADP -> -> File not found BAS -> -> File not found BAT -> -> File not found CHM -> -> File not found CMD -> %SystemRoot%\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] COM -> -> File not found CPL -> -> File not found CRT -> -> File not found EXE -> -> File not found HLP -> -> File not found HTA -> -> File not found INF -> -> File not found INS -> -> File not found ISP -> -> File not found LNK -> -> File not found MDB -> -> File not found MDE -> -> File not found MSC -> -> File not found MSI -> %SystemRoot%\system32\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/19/2007 12:12:23 AM | Attr = ] MSP -> -> File not found MST -> -> File not found OCX -> -> File not found PCD -> -> File not found PIF -> -> File not found REG -> %SystemRoot%\system32\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 8/4/2004 8:00:00 PM | Attr = ] SCR -> -> File not found SHS -> -> File not found URL -> %SystemRoot%\system32\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 105984 bytes | Modified Date = 6/24/2008 12:57:40 AM | Attr = ] VB -> -> File not found WSC -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> 5E AB 30 4F 95 7A 49 89 6A 00 6C 1C 31 15 40 15 [binary data] -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> ̋ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> 67 B0 D4 8B 34 3A 3F D3 BC E9 DC 64 67 04 F3 94 [binary data] -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> ȅ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> 32 78 02 DC FE F8 C8 93 DC 8A B0 06 DD 84 7D 1D [binary data] -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> Ζ -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> BD 9A 2A DB 42 EB D8 56 0E 25 0E 4D F8 16 2F 67 [binary data] -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> ? -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> 38 6B 08 5F 84 EC F6 69 D3 6B 95 6A 22 C0 1E 80 [binary data] -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified -> -> *ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> Ų -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\Windows NT\Terminal Services\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\policies\Microsoft\WindowsFirewall\StandardProfile\ -> -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\policies\ -> HKEY_CURRENT_USER\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\Conferencing\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> < Software Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\policies\ -> HKEY_USERS\.DEFAULT\Software\Policies\ -> -> HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\ -> -> < Software Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-18\Software\Policies\ -> -> HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\ -> -> < Software Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-19\Software\Policies\ -> -> HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\ -> -> < Software Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-20\Software\Policies\ -> -> HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\ -> -> < Software Policy Settings [HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004] > -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\policies\ -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Policies\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Policies\Microsoft\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Policies\Microsoft\ConferencingRTC\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Policies\Microsoft\ConferencingRTC\{A5B45060-354F-4097-A928-5125436C46F1}\Software\Policies\Microsoft\Conferencing\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Policies\Microsoft\Windows\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Policies\Microsoft\Windows\AppCompat\ -> -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\Software\Policies\Microsoft\Windows\System\ -> -> < Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> {00203668-8170-44A0-BE44-B632FA4D780F} -> Adobe AIR {02DFF6B1-1654-411C-8D7B-FD6052EF016F} -> Apple Software Update {0405E51E-9582-4207-8F38-AC44201D3808} -> VeohTV BETA {08CA9554-B5FE-4313-938F-D4A417B81175} -> QuickTime {0D499481-22C6-4B25-8AC2-6D3F6C885FB9} -> OpenOffice.org Installer 1.0 {18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate {1DCC7418-2089-4BDD-B321-3771956160FC} -> ijji Auto Installer {1EBB57D4-63FF-87CC-A0F0-D73982CF6008} -> Adobe Media Player {2318C2B1-4965-11d4-9B18-009027A5CD4F} -> Google Toolbar for Internet Explorer {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2 {2B54CED1-1911-4ECF-AA35-D2E14A716A36} -> VideoCAM Eye {2CCBABCB-6427-4A55-B091-49864623C43F} -> Google Toolbar for Firefox {3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7 {350C97B0-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP {394BE3D9-7F57-4638-A8D1-1D88671913B7} -> Microsoft AppLocale {48B82226-75E3-4E90-92CC-D30F79EA6380} -> Norton Security Scan {508CE775-4BA4-4748-82DF-FE28DA9F03B0} -> Windows Live Messenger {5C82DAE5-6EB0-4374-9254-BE3319BA4E82} -> Skype™ 3.8 {6846389C-BAC0-4374-808E-B120F86AF5D7} -> Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) {6ECB39BD-73C2-44DD-B1A0-898207C58D8B} -> HP Photo and Imaging 2.0 - All-in-One Drivers {716E0306-8318-4364-8B8F-0CC4E9376BAC} -> MSXML 4.0 SP2 Parser and SDK {7299052b-02a4-4627-81f2-1818da5d550d} -> Microsoft Visual C++ 2005 Redistributable {786C5747-1033-0000-B58E-000000000001} -> Adobe Stock Photos 1.0 {7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec {8ADFC4160D694100B5B8A22DE9DCABD9} -> DivX Player {8EDBA74D-0686-4C99-BFDD-F894678E5B39} -> Adobe Common File Installer {90120000-0010-0409-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders (English) 12 {90120000-0015-0409-0000-0000000FF1CE} -> Microsoft Office Access MUI (English) 2007 {90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0016-0409-0000-0000000FF1CE} -> Microsoft Office Excel MUI (English) 2007 {90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0018-0409-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (English) 2007 {90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0019-0409-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (English) 2007 {90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001A-0409-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (English) 2007 {90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001B-0409-0000-0000000FF1CE} -> Microsoft Office Word MUI (English) 2007 {90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007 {90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007 {90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-001F-0C0A-0000-0000000FF1CE} -> Microsoft Office Proof (Spanish) 2007 {90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-002C-0409-0000-0000000FF1CE} -> Microsoft Office Proofing (English) 2007 {90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007 {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{1AFF2298-CC00-4A3B-866A-C62B8373794E} -> Security Update for 2007 Microsoft Office System (KB951596) {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{4AD3A076-427C-491F-A5B7-7D1DE788A756} -> Update for Microsoft Office Outlook 2007 (KB952142) {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{558B709B-821B-4FC5-90FC-9A8890641E77} -> Security Update for Microsoft Office PowerPoint 2007 (KB951338) {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{5F7F6FFF-395D-480E-8450-64F385D82C5F} -> Security Update for Microsoft Office system 2007 (KB954326) {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7399DD71-8E24-4E60-B6A8-6CED89C0AC26} -> Security Update for Microsoft Office Excel 2007 (KB951546) {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{797AE457-BA17-4BBC-B501-25FB3A0103C7} -> Security Update for 2007 Microsoft Office System (KB951944) {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{8F375E11-4FD6-4B89-9E2B-A76D48B51E00} -> Security Update for Microsoft Office system 2007 (KB951808) {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{96CC215F-3F22-4E1E-A101-F0041934A456} -> Update for Outlook 2007 Junk Email Filter (kb956080) {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A420F522-7395-4872-9882-C591B4B92278} -> Update for Office 2007 (KB946691) {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{AD72BABE-C733-4FCF-9674-4314466191B9} -> Security Update for Microsoft Office Word 2007 (KB950113) {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F1B2401C-B610-4BF2-AA1C-52C55827A8F4} -> Security Update for Microsoft Office OneNote 2007 (KB950130) {90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} -> Security Update for Microsoft Office Publisher 2007 (KB950114) {90120000-0044-0409-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (English) 2007 {90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007 {90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-00A1-0409-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (English) 2007 {90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-00BA-0409-0000-0000000FF1CE} -> Microsoft Office Groove MUI (English) 2007 {90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0114-0409-0000-0000000FF1CE} -> Microsoft Office Groove Setup Metadata MUI (English) 2007 {90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007 {90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {90120000-0117-0409-0000-0000000FF1CE} -> Microsoft Office Access Setup Metadata MUI (English) 2007 {90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59} -> 2007 Microsoft Office Suite Service Pack 1 (SP1) {9867A917-5D17-40DE-83BA-BEA5293194B1} -> HP Photo and Imaging 2.0 - All-in-One {A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320} -> Windows Live installer {AC76BA86-7AD7-1033-7B44-A81200000003} -> Adobe Reader 8.1.2 {AC76BA86-7AD7-1033-7B44-A81200000003}_Adobe Reader 8.1.2 -> Adobe Reader 8.1.2 Security Update 1 (KB403742) {AC76BA86-7AD7-5760-0000-800000000003} -> Japanese Fonts Support For Adobe Reader 8 {AFA4E5FD-ED70-4D92-99D0-162FD56DC986} -> Windows Live Sign-in Assistant {B13A7C41581B411290FBC0395694E2A9} -> DivX Converter {B7050CBDB2504B34BC2A9CA0A692CC29} -> DivX Web Player {B74D4E10-1033-0000-0000-000000000001} -> Adobe Bridge 1.0 {C04E32E0-0416-434D-AFB9-6969D703A9EF} -> MSXML 4.0 SP2 (KB936181) {C900EF06-2E76-49C7-8DB0-41F629B21DC5} -> hp psc 1200 series {deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb -> Microsoft Windows Application Compatibility Database {E9787678-1033-0000-8E67-000000000001} -> Adobe Help Center 1.0 {F87DA817-8D53-42CC-AA45-93A100341033} -> Nero 7 Essentials Adobe AIR -> Adobe AIR Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX Adobe Flash Player Plugin -> Adobe Flash Player Plugin Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D} -> Adobe Photoshop CS2 Adobe Shockwave Player -> Adobe Shockwave Player Aegisub 1.10 -> Aegisub 1.10 (Remove Only) AoA Audio Extractor_is1 -> AoA Audio Extractor 1.0 Athan -> Athan Basic 3.3 Audacity_is1 -> Audacity 1.2.6 AVG8Uninstall -> AVG Free 8.0 BitComet -> BitComet 1.02 com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Adobe Media Player DirectVobSub -> DirectVobSub (remove only) DVD Decrypter -> DVD Decrypter (Remove Only) ENTERPRISE -> Microsoft Office Enterprise 2007 Flock -> Flock (Photobucket Edition) 0.7 Free Download Manager_is1 -> Free Download Manager 2.5 GOM Player -> GOM Player Gunz -> ijji - Gunz HijackThis -> HijackThis 2.0.2 HP PSC 1200 Series -> HP Photo and Imaging 2.0 - hp psc 1200 series hp psc 1200 series_Driver -> hp psc 1200 series IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs ie7 -> Windows Internet Explorer 7 InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808} -> VeohTV BETA jBrowse -> jBrowse 1.0 KB873339 -> Windows XP Hotfix - KB873339 KB885835 -> Windows XP Hotfix - KB885835 KB885836 -> Windows XP Hotfix - KB885836 KB886185 -> Windows XP Hotfix - KB886185 KB887472 -> Windows XP Hotfix - KB887472 KB888302 -> Windows XP Hotfix - KB888302 KB890046 -> Security Update for Windows XP (KB890046) KB890859 -> Windows XP Hotfix - KB890859 KB891781 -> Windows XP Hotfix - KB891781 KB893756 -> Security Update for Windows XP (KB893756) KB893803v2 -> Windows Installer 3.1 (KB893803) KB894391 -> Update for Windows XP (KB894391) KB896358 -> Security Update for Windows XP (KB896358) KB896423 -> Security Update for Windows XP (KB896423) KB896428 -> Security Update for Windows XP (KB896428) KB898461 -> Update for Windows XP (KB898461) KB899587 -> Security Update for Windows XP (KB899587) KB899591 -> Security Update for Windows XP (KB899591) KB900485 -> Update for Windows XP (KB900485) KB900725 -> Security Update for Windows XP (KB900725) KB901017 -> Security Update for Windows XP (KB901017) KB901190 -> Security Update for Windows XP (KB901190) KB901214 -> Security Update for Windows XP (KB901214) KB902400 -> Security Update for Windows XP (KB902400) KB904706 -> Security Update for Windows XP (KB904706) KB905414 -> Security Update for Windows XP (KB905414) KB905749 -> Security Update for Windows XP (KB905749) KB908519 -> Security Update for Windows XP (KB908519) KB908531 -> Update for Windows XP (KB908531) KB910437 -> Update for Windows XP (KB910437) KB911280 -> Update for Windows XP (KB911280) KB911562 -> Security Update for Windows XP (KB911562) KB911564 -> Security Update for Windows Media Player (KB911564) KB911927 -> Security Update for Windows XP (KB911927) KB913580 -> Security Update for Windows XP (KB913580) KB914388 -> Security Update for Windows XP (KB914388) KB914389 -> Security Update for Windows XP (KB914389) KB915865 -> Hotfix for Windows XP (KB915865) KB916595 -> Update for Windows XP (KB916595) KB917953 -> Security Update for Windows XP (KB917953) KB918118 -> Security Update for Windows XP (KB918118) KB918439 -> Security Update for Windows XP (KB918439) KB919007 -> Security Update for Windows XP (KB919007) KB920213 -> Security Update for Windows XP (KB920213) KB920670 -> Security Update for Windows XP (KB920670) KB920683 -> Security Update for Windows XP (KB920683) KB920685 -> Security Update for Windows XP (KB920685) KB920872 -> Update for Windows XP (KB920872) KB921503 -> Security Update for Windows XP (KB921503) KB922582 -> Update for Windows XP (KB922582) KB922819 -> Security Update for Windows XP (KB922819) KB923191 -> Security Update for Windows XP (KB923191) KB923414 -> Security Update for Windows XP (KB923414) KB923689 -> Security Update for Windows XP (KB923689) KB923980 -> Security Update for Windows XP (KB923980) KB924270 -> Security Update for Windows XP (KB924270) KB924667 -> Security Update for Windows XP (KB924667) KB925398_WMP64 -> Security Update for Windows Media Player 6.4 (KB925398) KB925902 -> Security Update for Windows XP (KB925902) KB926239 -> Hotfix for Windows XP (KB926239) KB926255 -> Security Update for Windows XP (KB926255) KB926436 -> Security Update for Windows XP (KB926436) KB927779 -> Security Update for Windows XP (KB927779) KB927802 -> Security Update for Windows XP (KB927802) KB927891 -> Update for Windows XP (KB927891) KB928255 -> Security Update for Windows XP (KB928255) KB928843 -> Security Update for Windows XP (KB928843) KB929123 -> Security Update for Windows XP (KB929123) KB929399 -> Hotfix for Windows Media Format 11 SDK (KB929399) KB930178 -> Security Update for Windows XP (KB930178) KB930916 -> Update for Windows XP (KB930916) KB931261 -> Security Update for Windows XP (KB931261) KB931784 -> Security Update for Windows XP (KB931784) KB932168 -> Security Update for Windows XP (KB932168) KB932823-v3 -> Update for Windows XP (KB932823-v3) KB933360 -> Update for Windows XP (KB933360) KB933729 -> Security Update for Windows XP (KB933729) KB935839 -> Security Update for Windows XP (KB935839) KB935840 -> Security Update for Windows XP (KB935840) KB936021 -> Security Update for Windows XP (KB936021) KB936357 -> Update for Windows XP (KB936357) KB936782_WMP11 -> Security Update for Windows Media Player 11 (KB936782) KB936782_WMP9 -> Security Update for Windows Media Player 9 (KB936782) KB938127-IE7 -> Security Update for Windows Internet Explorer 7 (KB938127) KB938464 -> Security Update for Windows XP (KB938464) KB938828 -> Update for Windows XP (KB938828) KB938829 -> Security Update for Windows XP (KB938829) KB939653-IE7 -> Security Update for Windows Internet Explorer 7 (KB939653) KB939683 -> Hotfix for Windows Media Player 11 (KB939683) KB941202 -> Security Update for Windows XP (KB941202) KB941568 -> Security Update for Windows XP (KB941568) KB941569 -> Security Update for Windows XP (KB941569) KB941644 -> Security Update for Windows XP (KB941644) KB941693 -> Security Update for Windows XP (KB941693) KB942615-IE7 -> Security Update for Windows Internet Explorer 7 (KB942615) KB942763 -> Update for Windows XP (KB942763) KB943055 -> Security Update for Windows XP (KB943055) KB943460 -> Security Update for Windows XP (KB943460) KB943485 -> Security Update for Windows XP (KB943485) KB944533-IE7 -> Security Update for Windows Internet Explorer 7 (KB944533) KB944653 -> Security Update for Windows XP (KB944653) KB945553 -> Security Update for Windows XP (KB945553) KB946026 -> Security Update for Windows XP (KB946026) KB946648 -> Security Update for Windows XP (KB946648) KB947864-IE7 -> Hotfix for Windows Internet Explorer 7 (KB947864) KB948590 -> Security Update for Windows XP (KB948590) KB948881 -> Security Update for Windows XP (KB948881) KB950749 -> Security Update for Windows XP (KB950749) KB950759-IE7 -> Security Update for Windows Internet Explorer 7 (KB950759) KB950760 -> Security Update for Windows XP (KB950760) KB950762 -> Security Update for Windows XP (KB950762) KB950974 -> Security Update for Windows XP (KB950974) KB951066 -> Security Update for Windows XP (KB951066) KB951072-v2 -> Update for Windows XP (KB951072-v2) KB951376 -> Security Update for Windows XP (KB951376) KB951376-v2 -> Security Update for Windows XP (KB951376-v2) KB951698 -> Security Update for Windows XP (KB951698) KB951748 -> Security Update for Windows XP (KB951748) KB952287 -> Hotfix for Windows XP (KB952287) KB952954 -> Security Update for Windows XP (KB952954) KB953838-IE7 -> Security Update for Windows Internet Explorer 7 (KB953838) KB953839 -> Security Update for Windows XP (KB953839) KB954154_WM11 -> Security Update for Windows Media Player 11 (KB954154) Ksp translator 1.1 -> Ksp translator 1.1 Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware Mozilla Firefox (3.0.1) -> Mozilla Firefox (3.0.1) MPEG2 Codec(libmpeg2/mad) -> MPEG2 Codec(libmpeg2/mad) MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs NOD32 -> NOD32 antivirus system RealAlt_is1 -> Real Alternative 1.7.5 ShockwaveFlash -> Adobe Flash Player 9 ActiveX VLC media player -> VideoLAN VLC media player 0.8.6c Winamp -> Winamp Windows Media Format Runtime -> Windows Media Format 11 runtime Windows Media Player -> Windows Media Player 11 WinRAR archiver -> WinRAR archiver WinZip -> WinZip WMFDist11 -> Windows Media Format 11 runtime wmp11 -> Windows Media Player 11 Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0 Xfire -> Xfire (remove only) Yahoo! Companion -> Yahoo! Toolbar < Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> ijji FireFox Launcher -> ijji FireFox Launcher 1.0 ijji.com -> ijji < Uninstall List [HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-2052111302-1482476501-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ -> ijji FireFox Launcher -> ijji FireFox Launcher 1.0 ijji.com -> ijji < WOW Settings [HKEY_LOCAL_MACHINE] - Select to Repair > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WOW -> cmdline -> %SystemRoot%\system32\ntvdm.exe -> wowcmdline -> %SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 -> < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 9/5/2008 1:17:10 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = Application Hang -> Description = Hanging application taskmgr.exe, version 5.1.2600.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 9/5/2008 1:35:04 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = Application Hang -> Description = Hanging application GOM.exe, version 2.1.9.3754, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 9/5/2008 1:35:59 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = Application Hang -> Description = Hanging application GOM.exe, version 2.1.9.3754, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 9/5/2008 1:37:48 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = Application Hang -> Description = Hanging application GOM.exe, version 2.1.9.3754, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 9/5/2008 6:00:37 PM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = Application Error -> Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Application [ Error ] 9/5/2008 6:00:51 PM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = Application Error -> Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. Application [ Error ] 9/5/2008 6:02:51 PM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = Application Hang -> Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Application [ Error ] 9/6/2008 12:21:00 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = Application Error -> Description = Faulting application showtime.exe, version 3.2.3.1, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00010f29. Application [ Error ] 9/7/2008 6:50:57 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = Application Error -> Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea. Application [ Error ] 9/9/2008 10:52:08 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = ESENT -> Description = wuauclt (2156) An attempt to delete the file "C:\windows\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8). System [ Error ] 9/10/2008 6:05:43 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = NetBT -> Description = The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine. System [ Error ] 9/10/2008 6:10:54 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = NetBT -> Description = The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine. System [ Error ] 9/10/2008 6:19:40 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = MRxSmb -> Description = The master browser has received a server announcement from the computer MUHAMMADKHALID that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6403BCE0-291A. The master browser is stopping or an election is being forced. System [ Error ] 9/10/2008 7:08:42 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = NetBT -> Description = The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine. System [ Error ] 9/10/2008 7:09:38 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = NetBT -> Description = The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine. System [ Error ] 9/10/2008 7:14:48 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = NetBT -> Description = The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine. System [ Error ] 9/10/2008 7:19:58 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = NetBT -> Description = The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine. System [ Error ] 9/10/2008 7:21:51 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = NetBT -> Description = The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.100. The machine with the IP address 192.168.1.64 did not allow the name to be claimed by this machine. System [ Error ] 9/10/2008 7:21:51 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = BROWSER -> Description = The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is MUHAMMADKHALID. System [ Error ] 9/10/2008 7:31:46 AM -> Computer Name = USER-22F971AA57 - User Name = User SID not found - Source = MRxSmb -> Description = The master browser has received a server announcement from the computer MUHAMMADKHALID that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6403BCE0-291A. The master browser is stopping or an election is being forced. [Files/Folders - Created Within 90 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Created Date = 6/19/2008 4:32:01 AM | Attr = H ] autorun.inf -> %SystemDrive%\autorun.inf -> [Folder | Created Date = 8/3/2008 2:48:26 PM | Attr = RHS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 9/7/2008 10:56:03 AM | Attr = HS] dump_dvd.vob -> %SystemDrive%\dump_dvd.vob -> [Ver = | Size = 0 bytes | Created Date = 6/21/2008 10:18:29 PM | Attr = ] ijji -> %SystemDrive%\ijji -> [Folder | Created Date = 7/1/2008 5:56:33 PM | Attr = ] log.bat -> %SystemDrive%\log.bat -> [Ver = | Size = 254 bytes | Created Date = 8/1/2008 5:13:15 AM | Attr = ] MSOCache -> %SystemDrive%\MSOCache -> [Folder | Created Date = 9/5/2008 2:41:34 AM | Attr = RH ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 8/3/2008 12:39:32 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 8/19/2008 2:46:43 AM | Attr = HS] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 232 bytes | Created Date = 6/14/2008 11:11:20 AM | Attr = H ] sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 232 bytes | Created Date = 7/12/2008 8:03:42 PM | Attr = H ] sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 232 bytes | Created Date = 8/9/2008 11:30:05 PM | Attr = H ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 232 bytes | Created Date = 8/24/2008 10:50:49 AM | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 232 bytes | Created Date = 9/7/2008 3:01:36 PM | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Created Date = 9/7/2008 10:12:57 PM | Attr = H ] sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Created Date = 9/8/2008 8:34:13 PM | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Created Date = 6/14/2008 11:11:20 AM | Attr = H ] sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Created Date = 7/12/2008 8:03:42 PM | Attr = H ] sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Created Date = 8/9/2008 11:30:05 PM | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Created Date = 8/24/2008 10:50:49 AM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Created Date = 9/7/2008 3:01:36 PM | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Created Date = 9/7/2008 10:12:57 PM | Attr = H ] sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Created Date = 9/8/2008 8:34:13 PM | Attr = H ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 8/2/2008 10:30:16 AM | Attr = ] pinball.exe -> %SystemRoot%\System32\dllcache\pinball.exe -> Cinematronics [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 281088 bytes | Created Date = 9/2/2008 3:31:20 PM | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Created Date = 6/19/2008 4:05:47 AM | Attr = ] avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 6061540 bytes | Created Date = 6/19/2008 4:05:47 AM | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 27108984 bytes | Created Date = 6/19/2008 4:05:48 AM | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 102370 bytes | Created Date = 6/20/2008 7:00:46 AM | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 211986 bytes | Created Date = 6/19/2008 4:23:31 AM | Attr = ] nod32drv.sys -> %SystemRoot%\System32\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Created Date = 8/31/2008 12:00:29 PM | Attr = ] actskn45.ocx -> %SystemRoot%\System32\actskn45.ocx -> SoftShape Development [Ver = 4, 50, 0, 0 | Size = 483328 bytes | Created Date = 7/6/2008 4:16:43 PM | Attr = ] athan -> %SystemRoot%\System32\athan -> [Folder | Created Date = 7/29/2008 10:28:34 AM | Attr = ] 5 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> bitcometres.dll -> %SystemRoot%\System32\bitcometres.dll -> BitComet [Ver = 1, 0, 0, 1 | Size = 2560 bytes | Created Date = 6/19/2008 8:46:32 PM | Attr = ] DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.4.1 | Size = 683520 bytes | Created Date = 7/25/2008 4:34:36 PM | Attr = ] DivXCodecVersionChecker.exe -> %SystemRoot%\System32\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 0,0,0,0 | Size = 161096 bytes | Created Date = 7/25/2008 4:34:30 PM | Attr = ] DivXsm.exe -> %SystemRoot%\System32\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Created Date = 7/25/2008 4:36:00 PM | Attr = ] divxsm.tlb -> %SystemRoot%\System32\divxsm.tlb -> [Ver = | Size = 4816 bytes | Created Date = 7/25/2008 4:36:00 PM | Attr = ] DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll -> [Ver = | Size = 12288 bytes | Created Date = 7/24/2008 12:46:38 AM | Attr = ] divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.4.1 | Size = 823296 bytes | Created Date = 7/25/2008 4:34:42 PM | Attr = ] divx_xx0a.dll -> %SystemRoot%\System32\divx_xx0a.dll -> DivX, Inc. [Ver = 6.8.4.1 | Size = 815104 bytes | Created Date = 7/25/2008 4:34:40 PM | Attr = ] divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.4.1 | Size = 823296 bytes | Created Date = 7/25/2008 4:34:40 PM | Attr = ] divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.4.1 | Size = 802816 bytes | Created Date = 7/25/2008 4:34:40 PM | Attr = ] dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 81920 bytes | Created Date = 7/25/2008 4:34:54 PM | Attr = ] dpu10.dll -> %SystemRoot%\System32\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 7/25/2008 4:34:46 PM | Attr = ] dpu11.dll -> %SystemRoot%\System32\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 7/25/2008 4:34:46 PM | Attr = ] dpuGUI10.dll -> %SystemRoot%\System32\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 7/25/2008 4:34:50 PM | Attr = ] dpuGUI11.dll -> %SystemRoot%\System32\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 7/25/2008 4:34:46 PM | Attr = ] dpus11.dll -> %SystemRoot%\System32\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 7/25/2008 4:34:46 PM | Attr = ] dpv11.dll -> %SystemRoot%\System32\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 7/25/2008 4:34:46 PM | Attr = ] dtu100.dll -> %SystemRoot%\System32\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 196608 bytes | Created Date = 7/25/2008 4:34:52 PM | Attr = ] ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat -> [Ver = | Size = 56 bytes | Created Date = 8/29/2008 10:24:06 PM | Attr = H ] ijjiPlugin2.dll -> %SystemRoot%\System32\ijjiPlugin2.dll -> NHN USA Corp. [Ver = 2, 0, 0, 1 | Size = 58800 bytes | Created Date = 7/1/2008 5:44:45 PM | Attr = ] ijjiSetup.exe -> %SystemRoot%\System32\ijjiSetup.exe -> NHN USA [Ver = 1, 0, 0, 31 | Size = 710064 bytes | Created Date = 7/1/2008 5:44:38 PM | Attr = ] libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 7/24/2008 12:48:40 AM | Attr = ] mapisvc.inf -> %SystemRoot%\System32\mapisvc.inf -> [Ver = | Size = 0 bytes | Created Date = 8/31/2008 12:00:39 PM | Attr = ] qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Created Date = 7/24/2008 12:50:52 AM | Attr = ] ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 7/24/2008 12:48:40 AM | Attr = ] xfcodec.dll -> %SystemRoot%\System32\xfcodec.dll -> [Ver = 32716 | Size = 42320 bytes | Created Date = 6/27/2008 4:10:46 AM | Attr = ] Blue Lace 16.bmp -> %SystemRoot%\Blue Lace 16.bmp -> [Ver = | Size = 1272 bytes | Created Date = 9/2/2008 3:31:42 PM | Attr = ] Coffee Bean.bmp -> %SystemRoot%\Coffee Bean.bmp -> [Ver = | Size = 17062 bytes | Created Date = 9/2/2008 3:31:43 PM | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 8/3/2008 12:40:21 AM | Attr = ] 4 C:\windows\*.tmp files -> C:\windows\*.tmp -> fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 8/3/2008 12:39:23 AM | Attr = ] FeatherTexture.bmp -> %SystemRoot%\FeatherTexture.bmp -> [Ver = | Size = 16730 bytes | Created Date = 9/2/2008 3:31:43 PM | Attr = ] Gone Fishing.bmp -> %SystemRoot%\Gone Fishing.bmp -> [Ver = | Size = 17336 bytes | Created Date = 9/2/2008 3:31:43 PM | Attr = ] Greenstone.bmp -> %SystemRoot%\Greenstone.bmp -> [Ver = | Size = 26582 bytes | Created Date = 9/2/2008 3:31:44 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 8/3/2008 12:39:24 AM | Attr = ] iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Created Date = 7/29/2008 10:30:46 AM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 8/3/2008 12:39:28 AM | Attr = ] Prairie Wind.bmp -> %SystemRoot%\Prairie Wind.bmp -> [Ver = | Size = 65954 bytes | Created Date = 9/2/2008 3:31:44 PM | Attr = ] Rhododendron.bmp -> %SystemRoot%\Rhododendron.bmp -> [Ver = | Size = 17362 bytes | Created Date = 9/2/2008 3:31:44 PM | Attr = ] River Sumida.bmp -> %SystemRoot%\River Sumida.bmp -> [Ver = | Size = 26680 bytes | Created Date = 9/2/2008 3:31:44 PM | Attr = ] Santa Fe Stucco.bmp -> %SystemRoot%\Santa Fe Stucco.bmp -> [Ver = | Size = 65832 bytes | Created Date = 9/2/2008 3:31:45 PM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 8/3/2008 12:39:23 AM | Attr = ] Soap Bubbles.bmp -> %SystemRoot%\Soap Bubbles.bmp -> [Ver = | Size = 65978 bytes | Created Date = 9/2/2008 3:31:43 PM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 8/3/2008 12:39:24 AM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 8/3/2008 12:39:18 AM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 8/3/2008 12:39:18 AM | Attr = ] temp -> %SystemRoot%\temp -> [Folder | Created Date = 8/3/2008 3:37:40 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 8/3/2008 12:39:23 AM | Attr = ] Zapotec.bmp -> %SystemRoot%\Zapotec.bmp -> [Ver = | Size = 9522 bytes | Created Date = 9/2/2008 3:31:45 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 8/3/2008 12:39:24 AM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 9/7/2008 10:47:06 AM | Attr = ] [Files/Folders - Modified Within 90 days] dump_dvd.vob -> %SystemDrive%\dump_dvd.vob -> [Ver = | Size = 0 bytes | Modified Date = 6/21/2008 10:18:49 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 771280896 bytes | Modified Date = 9/10/2008 9:35:39 PM | Attr = HS] hpfr3420.xml -> %SystemDrive%\hpfr3420.xml -> [Ver = | Size = 521 bytes | Modified Date = 9/2/2008 4:44:53 PM | Attr = ] img1-001.raw -> %SystemDrive%\img1-001.raw -> [Ver = | Size = 57624 bytes | Modified Date = 8/8/2008 1:52:11 PM | Attr = ] log.bat -> %SystemDrive%\log.bat -> [Ver = | Size = 254 bytes | Modified Date = 8/1/2008 5:11:20 AM | Attr = ] sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [Ver = | Size = 232 bytes | Modified Date = 6/14/2008 11:11:20 AM | Attr = H ] sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [Ver = | Size = 232 bytes | Modified Date = 7/12/2008 8:03:42 PM | Attr = H ] sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [Ver = | Size = 232 bytes | Modified Date = 8/9/2008 11:30:05 PM | Attr = H ] sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [Ver = | Size = 232 bytes | Modified Date = 8/24/2008 10:50:49 AM | Attr = H ] sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [Ver = | Size = 232 bytes | Modified Date = 9/7/2008 3:01:36 PM | Attr = H ] sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [Ver = | Size = 232 bytes | Modified Date = 9/7/2008 10:12:57 PM | Attr = H ] sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [Ver = | Size = 268 bytes | Modified Date = 9/8/2008 8:34:13 PM | Attr = H ] sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [Ver = | Size = 244 bytes | Modified Date = 6/14/2008 11:11:20 AM | Attr = H ] sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [Ver = | Size = 244 bytes | Modified Date = 7/12/2008 8:03:42 PM | Attr = H ] sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/9/2008 11:30:05 PM | Attr = H ] sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [Ver = | Size = 244 bytes | Modified Date = 8/24/2008 10:50:49 AM | Attr = H ] sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [Ver = | Size = 244 bytes | Modified Date = 9/7/2008 3:01:36 PM | Attr = H ] sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [Ver = | Size = 244 bytes | Modified Date = 9/7/2008 10:12:57 PM | Attr = H ] sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [Ver = | Size = 244 bytes | Modified Date = 9/8/2008 8:34:13 PM | Attr = H ] avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 6061540 bytes | Modified Date = 6/19/2008 4:05:48 AM | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 27108984 bytes | Modified Date = 9/10/2008 9:39:10 PM | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 102370 bytes | Modified Date = 9/8/2008 9:07:11 PM | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 211986 bytes | Modified Date = 8/9/2008 12:30:15 AM | Attr = ] hosts.fju -> %SystemRoot%\System32\drivers\etc\hosts.fju -> [Ver = | Size = 4102 bytes | Modified Date = 6/15/2008 3:21:01 PM | Attr = ] hosts.jvb -> %SystemRoot%\System32\drivers\etc\hosts.jvb -> [Ver = | Size = 4102 bytes | Modified Date = 6/15/2008 3:11:03 PM | Attr = ] hosts.kak -> %SystemRoot%\System32\drivers\etc\hosts.kak -> [Ver = | Size = 4102 bytes | Modified Date = 6/15/2008 3:22:17 PM | Attr = ] hosts.khj -> %SystemRoot%\System32\drivers\etc\hosts.khj -> [Ver = | Size = 4102 bytes | Modified Date = 7/18/2008 6:14:42 PM | Attr = ] hosts.pfp -> %SystemRoot%\System32\drivers\etc\hosts.pfp -> [Ver = | Size = 4102 bytes | Modified Date = 6/24/2008 9:17:28 PM | Attr = ] hosts.qga -> %SystemRoot%\System32\drivers\etc\hosts.qga -> [Ver = | Size = 4102 bytes | Modified Date = 6/25/2008 6:49:33 PM | Attr = ] hosts.vod -> %SystemRoot%\System32\drivers\etc\hosts.vod -> [Ver = | Size = 4102 bytes | Modified Date = 6/13/2008 6:07:09 PM | Attr = ] nod32drv.sys -> %SystemRoot%\System32\drivers\nod32drv.sys -> [Ver = | Size = 15424 bytes | Modified Date = 8/31/2008 12:00:02 PM | Attr = ] 5 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> bitcometres.dll -> %SystemRoot%\System32\bitcometres.dll -> BitComet [Ver = 1, 0, 0, 1 | Size = 2560 bytes | Modified Date = 6/19/2008 8:46:32 PM | Attr = ] DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.4.1 | Size = 683520 bytes | Modified Date = 7/25/2008 4:34:36 PM | Attr = ] DivXCodecVersionChecker.exe -> %SystemRoot%\System32\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 0,0,0,0 | Size = 161096 bytes | Modified Date = 7/25/2008 4:34:30 PM | Attr = ] divxdec.ax -> %SystemRoot%\System32\divxdec.ax -> DivX, Inc. [Ver = 6.3.0.66 | Size = 634880 bytes | Modified Date = 7/24/2008 12:47:18 AM | Attr = ] DivXsm.exe -> %SystemRoot%\System32\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Modified Date = 7/25/2008 4:36:00 PM | Attr = ] divxsm.tlb -> %SystemRoot%\System32\divxsm.tlb -> [Ver = | Size = 4816 bytes | Modified Date = 7/25/2008 4:36:00 PM | Attr = ] DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll -> [Ver = | Size = 12288 bytes | Modified Date = 7/24/2008 12:46:38 AM | Attr = ] divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.4.1 | Size = 823296 bytes | Modified Date = 7/25/2008 4:34:42 PM | Attr = ] divx_xx0a.dll -> %SystemRoot%\System32\divx_xx0a.dll -> DivX, Inc. [Ver = 6.8.4.1 | Size = 815104 bytes | Modified Date = 7/25/2008 4:34:40 PM | Attr = ] divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.4.1 | Size = 823296 bytes | Modified Date = 7/25/2008 4:34:40 PM | Attr = ] divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.4.1 | Size = 802816 bytes | Modified Date = 7/25/2008 4:34:40 PM | Attr = ] dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 81920 bytes | Modified Date = 7/25/2008 4:34:54 PM | Attr = ] dpu10.dll -> %SystemRoot%\System32\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 7/25/2008 4:34:46 PM | Attr = ] dpu11.dll -> %SystemRoot%\System32\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 7/25/2008 4:34:46 PM | Attr = ] dpuGUI10.dll -> %SystemRoot%\System32\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Modified Date = 7/25/2008 4:34:50 PM | Attr = ] dpuGUI11.dll -> %SystemRoot%\System32\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Modified Date = 7/25/2008 4:34:46 PM | Attr = ] dpus11.dll -> %SystemRoot%\System32\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Modified Date = 7/25/2008 4:34:46 PM | Attr = ] dpv11.dll -> %SystemRoot%\System32\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Modified Date = 7/25/2008 4:34:46 PM | Attr = ] dtu100.dll -> %SystemRoot%\System32\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 196608 bytes | Modified Date = 7/25/2008 4:34:52 PM | Attr = ] ezsidmv.dat -> %SystemRoot%\System32\ezsidmv.dat -> [Ver = | Size = 56 bytes | Modified Date = 8/29/2008 10:24:06 PM | Attr = H ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 342624 bytes | Modified Date = 9/5/2008 8:18:59 PM | Attr = ] ijjiSetup.exe -> %SystemRoot%\System32\ijjiSetup.exe -> NHN USA [Ver = 1, 0, 0, 31 | Size = 710064 bytes | Modified Date = 6/17/2008 7:28:42 PM | Attr = ] imon1.dat -> %SystemRoot%\System32\imon1.dat -> [Ver = | Size = 310 bytes | Modified Date = 8/21/2008 4:49:27 PM | Attr = ] libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 7/24/2008 12:48:40 AM | Attr = ] mapisvc.inf -> %SystemRoot%\System32\mapisvc.inf -> [Ver = | Size = 0 bytes | Modified Date = 8/31/2008 12:00:39 PM | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 40836 bytes | Modified Date = 9/5/2008 12:00:30 AM | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 314508 bytes | Modified Date = 9/5/2008 12:00:30 AM | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 356738 bytes | Modified Date = 9/5/2008 12:00:29 AM | Attr = ] qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Modified Date = 7/24/2008 12:50:52 AM | Attr = ] ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 7/24/2008 12:48:40 AM | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 8/12/2008 3:04:19 PM | Attr = ] xfcodec.dll -> %SystemRoot%\System32\xfcodec.dll -> [Ver = 32716 | Size = 42320 bytes | Modified Date = 6/27/2008 4:10:46 AM | Attr = ] 4 C:\windows\*.tmp files -> C:\windows\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 9/10/2008 9:35:42 PM | Attr = S] GunzLauncher.INI -> %SystemRoot%\GunzLauncher.INI -> [Ver = | Size = 32 bytes | Modified Date = 9/8/2008 5:45:39 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 9/10/2008 7:28:18 AM | Attr = ] iun6002.exe -> %SystemRoot%\iun6002.exe -> Indigo Rose Corporation [Ver = 6.0.1.4 | Size = 737280 bytes | Modified Date = 7/29/2008 10:28:05 AM | Attr = ] NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 9/7/2008 11:20:14 PM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 8/3/2008 3:32:18 PM | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 716 bytes | Modified Date = 9/7/2008 11:59:31 AM | Attr = ] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 9/10/2008 4:32:23 PM | Attr = ] Norton Security Scan.job -> %SystemRoot%\tasks\Norton Security Scan.job -> [Ver = | Size = 406 bytes | Modified Date = 9/7/2008 6:58:46 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 9/10/2008 9:35:48 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 11/18/2007 3:57:38 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6696 bytes | Modified Date = 9/10/2008 9:37:53 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6696 bytes | Modified Date = 9/10/2008 9:37:52 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 9/5/2008 9:52:34 AM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 10/30/2007 12:20:06 PM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 9/5/2008 9:52:34 AM | Attr = ] C:\Documents and Settings\user\Local Settings\Temp\ -> C:\Documents and Settings\user\Local Settings\Temp -> [Folder | Modified Date = 9/10/2008 10:44:26 PM | Attr = ] MsgPlusUninstall.exe -> C:\Documents and Settings\user\Local Settings\Temp\MsgPlusUninstall.exe -> Patchou [Ver = 4, 60, 0, 324 | Size = 901456 bytes | Modified Date = 3/17/2008 8:03:17 PM | Attr = ] 500 C:\Documents and Settings\user\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\*.tmp -> C:\Documents and Settings\user\Local Settings\Temp\DivE20.tmp\ -> C:\Documents and Settings\user\Local Settings\Temp\DivE20.tmp\ -> [Folder | Modified Date = 9/3/2008 4:07:46 PM | Attr = ] DivXInstaller.exe -> C:\Documents and Settings\user\Local Settings\Temp\DivE20.tmp\DivXInstaller.exe -> DivX, Inc. [Ver = 6.8.4.5 | Size = 20730648 bytes | Modified Date = 9/3/2008 4:07:35 PM | Attr = ] C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\ -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries -> [Folder | Modified Date = 8/25/2008 8:22:09 PM | Attr = ] ScanningProcess.exe -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\ScanningProcess.exe -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 139264 bytes | Modified Date = 8/25/2008 8:21:57 PM | Attr = ] C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\ -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries -> [Folder | Modified Date = 8/25/2008 8:22:09 PM | Attr = ] FSSync.dll -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\FSSync.dll -> Kaspersky Lab [Ver = 6.0.5.678 | Size = 38400 bytes | Modified Date = 8/25/2008 8:21:54 PM | Attr = ] ikave.dll -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\ikave.dll -> [Ver = 5, 0, 1, 83 | Size = 65536 bytes | Modified Date = 8/25/2008 8:22:02 PM | Attr = ] kave.dll -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\kave.dll -> Kaspersky Lab. [Ver = 5, 0, 1, 86 | Size = 282624 bytes | Modified Date = 8/25/2008 8:22:03 PM | Attr = ] kosglue-7.0.25.0.dll -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\kosglue-7.0.25.0.dll -> Kaspersky Lab [Ver = 7.0.25.0 | Size = 729152 bytes | Modified Date = 8/25/2008 8:22:07 PM | Attr = ] msvcm80.dll -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\msvcm80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 479232 bytes | Modified Date = 8/25/2008 8:21:52 PM | Attr = ] msvcp80.dll -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\msvcp80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 548864 bytes | Modified Date = 8/25/2008 8:22:04 PM | Attr = ] msvcr80.dll -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\msvcr80.dll -> Microsoft Corporation [Ver = 8.00.50727.42 | Size = 626688 bytes | Modified Date = 8/25/2008 8:22:04 PM | Attr = ] prLoader.dll -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\prLoader.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 184320 bytes | Modified Date = 8/25/2008 8:22:05 PM | Attr = ] prremote.dll -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\prremote.dll -> Kaspersky Lab [Ver = 6.0.2.678 | Size = 90112 bytes | Modified Date = 8/25/2008 8:22:06 PM | Attr = ] C:\Documents and Settings\user\Local Settings\Temp\Setup0000099c\ -> C:\Documents and Settings\user\Local Settings\Temp\Setup0000099c -> [Folder | Modified Date = 9/5/2008 2:39:03 AM | Attr = ] OSETUPUI.DLL -> C:\Documents and Settings\user\Local Settings\Temp\Setup0000099c\OSETUPUI.DLL -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 184632 bytes | Modified Date = 10/28/2006 3:14:30 PM | Attr = ] C:\Documents and Settings\user\Local Settings\Temp\ -> C:\Documents and Settings\user\Local Settings\Temp -> [Folder | Modified Date = 9/10/2008 10:44:26 PM | Attr = ] Perflib_Perfdata_1e0.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_1e0.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/3/2008 8:28:21 PM | Attr = ] Perflib_Perfdata_258.dat -> C:\Documents and Settings\user\Local Settings\Temp\Perflib_Perfdata_258.dat -> [Ver = | Size = 16384 bytes | Modified Date = 9/10/2008 9:37:42 PM | Attr = ] 500 C:\Documents and Settings\user\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\*.tmp -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\engine\bases\ -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\engine\bases -> [Folder | Modified Date = 8/25/2008 8:23:23 PM | Attr = ] sfdb.dat -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\engine\bases\sfdb.dat -> [Ver = | Size = 199728 bytes | Modified Date = 8/25/2008 8:23:33 PM | Attr = ] C:\Documents and Settings\user\Local Settings\Temp\ -> C:\Documents and Settings\user\Local Settings\Temp -> [Folder | Modified Date = 9/10/2008 10:44:26 PM | Attr = ] BsSndRpt.ini -> C:\Documents and Settings\user\Local Settings\Temp\BsSndRpt.ini -> [Ver = | Size = 250 bytes | Modified Date = 8/6/2008 6:56:47 PM | Attr = ] 500 C:\Documents and Settings\user\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\user\Local Settings\Temp\*.tmp -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\ -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries -> [Folder | Modified Date = 8/25/2008 8:22:09 PM | Attr = ] _kave.ini -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\binaries\_kave.ini -> [Ver = | Size = 102 bytes | Modified Date = 8/25/2008 8:22:00 PM | Attr = ] C:\Documents and Settings\user\Local Settings\Temp\jkos-user\engine\bases\ -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\engine\bases -> [Folder | Modified Date = 8/25/2008 8:23:23 PM | Attr = ] verdicts.ini -> C:\Documents and Settings\user\Local Settings\Temp\jkos-user\engine\bases\verdicts.ini -> [Ver = | Size = 4181 bytes | Modified Date = 8/25/2008 1:56:46 AM | Attr = ] < End of report > [/code]