[code]
OTScanIt logfile created on: 9/21/2008 11:59:53 AM
OTScanIt by OldTimer - Version 1.0.19.0     Folder = C:\Documents and Settings\SAP\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 70.86% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.45 Gb Total Space | 208.36 Gb Free Space | 74.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.04 Gb Total Space | 106.05 Gb Free Space | 71.16% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SAP-X2
Current User Name: SAP
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On

[Processes - Non-Microsoft Only]
viewpointservice.exe -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr =    ]
wlservice.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr =    ]
wusb54gv42.exe -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe -> Linksys [Ver = 1.0.3.0 | Size = 5264384 bytes | Modified Date = 11/8/2005 1:33:42 PM | Attr =    ]
winamp.exe -> %ProgramFiles%\Winamp\winamp.exe -> Nullsoft [Ver = 5,5,3,1938 | Size = 1307648 bytes | Modified Date = 4/1/2008 2:50:32 PM | Attr =    ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 7/19/2008 10:58:57 PM | Attr =    ]
setpoint.exe -> %ProgramFiles%\Logitech\SetPoint\SetPoint.exe -> Logitech, Inc. [Ver = 4.60.122 | Size = 805392 bytes | Modified Date = 5/2/2008 2:44:08 AM | Attr =    ]
khalmnpr.exe -> %CommonProgramFiles%\Logishrd\KHAL2\KHALMNPR.exe -> Logitech, Inc. [Ver = 4.60.42 | Size = 76304 bytes | Modified Date = 5/2/2008 2:40:56 AM | Attr =    ]

[Win32 Services - Non-Microsoft Only]
(LBTServ) Logitech Bluetooth Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Logishrd\Bluetooth\LBTServ.exe -> Logitech, Inc. [Ver = 4.60.122 | Size = 121360 bytes | Modified Date = 5/2/2008 2:42:06 AM | Attr =    ]
(sdAuxService) PC Tools Auxiliary Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 6, 0, 0, 3 | Size = 356920 bytes | Modified Date = 6/13/2008 3:29:14 PM | Attr =    ]
(sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 6.0.0.14 | Size = 1073544 bytes | Modified Date = 7/3/2008 6:07:18 PM | Attr =    ]
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Viewpoint\Common\ViewpointService.exe -> Viewpoint Corporation [Ver = 2, 0, 0, 54 | Size = 24652 bytes | Modified Date = 1/4/2007 5:38:08 PM | Attr =    ]
(WUSB54Gv42SVC) WUSB54Gv42SVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe -> GEMTEKS [Ver = 1, 0, 0, 9 | Size = 53307 bytes | Modified Date = 7/4/2005 4:46:04 PM | Attr =    ]

[Driver Services - Non-Microsoft Only]
(CTERFXFX.DLL) CTERFXFX.DLL [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\CTERFXFX.DLL -> File not found
(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ElbyCDIO.sys -> Elaborate Bytes AG [Ver = 6, 0, 1, 0 | Size = 25160 bytes | Modified Date = 8/7/2007 3:48:33 PM | Attr =    ]
(ElbyDelay) ElbyDelay [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ElbyDelay.sys -> Elaborate Bytes AG [Ver = 5, 1, 0, 1 | Size = 11984 bytes | Modified Date = 2/15/2007 8:56:49 PM | Attr =    ]
(IKFileSec) File Security Driver [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1042 built by: WinDDK | Size = 42376 bytes | Modified Date = 6/2/2008 3:19:12 PM | Attr =    ]
(IKSysFlt) System Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Modified Date = 6/2/2008 3:19:16 PM | Attr =    ]
(IKSysSec) System Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1033 | Size = 81288 bytes | Modified Date = 6/10/2008 9:22:52 PM | Attr =    ]
(L8042Kbd) Logitech SetPoint Keyboard Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\L8042Kbd.sys -> Logitech, Inc. [Ver = 4.60.42.00 | Size = 20240 bytes | Modified Date = 2/29/2008 3:12:48 AM | Attr =    ]
(LHidFilt) Logitech SetPoint KMDF HID Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LHidFilt.Sys -> Logitech, Inc. [Ver = 4.60.42.00 | Size = 35344 bytes | Modified Date = 2/29/2008 3:13:16 AM | Attr =    ]
(LMouFilt) Logitech SetPoint KMDF Mouse Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\LMouFilt.Sys -> Logitech, Inc. [Ver = 4.60.42.00 | Size = 36880 bytes | Modified Date = 2/29/2008 3:13:24 AM | Attr =    ]
(WUSB54GPV4SRV) Linksys Home Wireless-G USB Adaptor Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rt2500usb.sys -> Ralink Technology Inc. [Ver = 2.01.00.0000 | Size = 245376 bytes | Modified Date = 10/17/2005 7:50:06 PM | Attr =    ]
(GTNDIS5) GTNDIS5 NDIS Protocol Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\GTNDIS5.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.03.16.54 | Size = 15872 bytes | Modified Date = 9/25/2003 10:15:32 PM | Attr =    ]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
AudioDrvEmulator -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe ["C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"] -> Creative Technology Ltd. [Ver = 1.0.21.0 | Size = 49152 bytes | Modified Date = 6/16/2005 6:25:28 PM | Attr =    ]
CTDVDDET -> %ProgramFiles%\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe ["C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"] -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 6/18/2003 1:00:00 AM | Attr =    ]
CTHelper -> %SystemRoot%\CTHELPER.EXE [CTHELPER.EXE] -> Creative Technology Ltd [Ver = 2, 0, 0, 29 | Size = 16384 bytes | Modified Date = 8/7/2005 6:10:20 PM | Attr =    ]
CTxfiHlp -> %SystemRoot%\system32\CTXFIHLP.EXE [CTXFIHLP.EXE] -> Creative Technology Ltd [Ver = 2, 0, 0, 14 | Size = 18944 bytes | Modified Date = 8/7/2005 6:10:22 PM | Attr =    ]
Kernel and Hardware Abstraction Layer -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> Logitech, Inc. [Ver = 4.60.42 | Size = 76304 bytes | Modified Date = 2/29/2008 3:12:38 AM | Attr =    ]
NBKeyScan -> %ProgramFiles%\Nero\Nero8\Nero BackItUp\NBKeyScan.exe ["C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"] -> Nero AG [Ver = 3, 1, 0, 0 | Size = 1836328 bytes | Modified Date = 9/20/2007 8:51:46 AM | Attr =    ]
NeroFilterCheck -> %CommonProgramFiles%\Nero\Lib\NeroCheck.exe [C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe] -> Nero AG [Ver = 1, 0, 0, 6 | Size = 153136 bytes | Modified Date = 3/1/2007 2:57:24 PM | Attr =    ]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.7516 | Size = 13529088 bytes | Modified Date = 5/2/2008 10:46:00 PM | Attr =    ]
NvMediaCenter -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.7516 | Size = 86016 bytes | Modified Date = 5/2/2008 10:46:00 PM | Attr =    ]
nwiz -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] ->  [Ver =  | Size = 1630208 bytes | Modified Date = 5/2/2008 10:46:00 PM | Attr =    ]
RCSystem -> %ProgramFiles%\Creative\Shared Files\Module Loader\DLLML.exe ["C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup] -> Creative Technology Ltd. [Ver = 1.0.21.0 | Size = 49152 bytes | Modified Date = 6/16/2005 6:25:28 PM | Attr =    ]
UpdReg -> %SystemRoot%\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 1:00:00 AM | Attr =    ]
VolPanel -> %ProgramFiles%\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe ["C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r] -> Creative Technology Ltd [Ver = 1.0.21.0 | Size = 122880 bytes | Modified Date = 7/11/2005 11:34:06 AM | Attr =    ]
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Aim6 -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 6/19/2008 1:51:30 PM | Attr =    ]
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Nero\Lib\NMBgMonitor.exe ["C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"] -> Nero AG [Ver = 3.1.3.0 | Size = 202024 bytes | Modified Date = 10/23/2007 2:18:46 PM | Attr =    ]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< SAP Startup Folder > -> C:\Documents and Settings\SAP\Start Menu\Programs\Startup -> 
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
byXRheda ->  -> File not found
LBTWlgn -> %CommonProgramFiles%\Logishrd\Bluetooth\LBTWLgn.dll -> Logitech, Inc. [Ver = 4.60.122 | Size = 72208 bytes | Modified Date = 5/2/2008 2:42:30 AM | Attr =    ]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ not found. -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> 
< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5593 (xpsp_sp3_qfe.080502-1245) | Size = 62976 bytes | Modified Date = 5/2/2008 6:49:39 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC     MBR-7    ->  -> File not found
NEC     MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
< Drives with AutoRun files > ->  -> 
AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 7/1/2008 8:51:43 PM | Attr =    ]
AUTOEXEC.BAT [] -> E:\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 3/29/2006 11:07:35 PM | Attr =    ]
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
127.0.0.1       localhost
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 
SV1 ->  -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{39A1AC06-7E3A-4BB3-935C-96FF0DF2E5A6} ->    (1394 Net Adapter) -> 
{530242A2-95A0-4B20-9F7B-6322511ACF2B} ->    (Linksys Wireless-G USB Network Adapter) -> 
{919BC19B-6F79-4471-8E73-31F148DA847A} ->    (NVIDIA nForce 10/100/1000 Mbps Ethernet ) -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{5D637FAD-E202-48D1-8F18-5B9C459BD1E3}[HKEY_LOCAL_MACHINE] -> http://www.winkflash.com/photo/loaders/ImageUploader5.cab[Image Uploader Control] -> 
{7B19E477-0FF8-11d4-9914-005004D3B3DB}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/1.2/jinstall-122_017-win.cab[JavaPlugin.Object] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/1.2.2/jinstall-1_2_2-win.cab[JavaBeansBridge.Object] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\\.Owner -> {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ImageUploader5.ocx\\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\{5D637FAD-E202-48D1-8F18-5B9C459BD1E3} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 932 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 62 57 05 A6 D1 4D C5 71 50 03 0D 8C 84 DB C3 73 62 30 36 36 63 39 35 38 00 FD 07 00 57 22 00 00 34 FA 07 00 46 98 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 49 DE 62 5E 9A 73 66 0F C6 97 C2 B0  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 22 B9 14 33 43 EF 1D 16 3E  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 75 AE 77 55 0E EA  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 30 CD FB D4 6B 80 03 4E AD AB 1D 5A 9A 42 C7 DE  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 00 59 27 59 DF DB C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 A0 A1 10 27 9E C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 A0 A1 10 27 9E C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 A0 A1 10 27 9E C8 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 24911 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 3:17:27 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM6\aim6.exe -> %ProgramFiles%\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> AOL LLC [Ver = 1.4.9.1 | Size = 50528 bytes | Modified Date = 6/19/2008 1:51:30 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\mIRC\mirc.exe -> %ProgramFiles%\mIRC\mirc.exe [C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC] -> mIRC Co. Ltd. [Ver = 6.32 | Size = 2797568 bytes | Modified Date = 5/21/2008 2:23:52 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE -> %ProgramFiles%\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 12813096 bytes | Modified Date = 10/27/2006 3:16:48 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\GROOVE.EXE -> %ProgramFiles%\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 338216 bytes | Modified Date = 10/27/2006 3:37:44 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> %ProgramFiles%\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 1018664 bytes | Modified Date = 10/27/2006 3:03:04 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Messenger\msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> Microsoft Corporation [Ver = 4.7.3001 | Size = 1695232 bytes | Modified Date = 4/14/2008 5:42:30 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\UnrealTournament\System\UnrealTournament.exe -> E:\UnrealTournament\System\UnrealTournament.exe [E:\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament] ->  [Ver =  | Size = 241664 bytes | Modified Date = 3/29/2006 11:45:32 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\uTorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] ->  [Ver =  | Size = 219952 bytes | Modified Date = 7/9/2008 8:22:13 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SopCast\adv\SopAdver.exe -> %ProgramFiles%\SopCast\adv\SopAdver.exe [C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver] -> www.sopcast.com [Ver = 3, 0, 0, 301 | Size = 567384 bytes | Modified Date = 3/7/2007 6:27:12 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\SopCast\SopCast.exe -> %ProgramFiles%\SopCast\SopCast.exe [C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application] -> www.sopcast.com [Ver = 3.0.3.501 | Size = 1892352 bytes | Modified Date = 4/30/2008 4:32:48 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Mozilla Firefox\firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox] -> Mozilla Corporation [Ver = 1.9.0.1 | Size = 307712 bytes | Modified Date = 7/19/2008 10:58:57 PM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr =    ]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
Config.Msi -> %SystemDrive%\Config.Msi ->  [Folder | Created Date = 9/17/2008 1:28:24 PM | Attr =  HS]
CORPORATE.ISO -> %SystemDrive%\CORPORATE.ISO ->  [Ver =  | Size = 406294527 bytes | Created Date = 9/16/2008 2:31:49 PM | Attr =    ]
laughterseason4challenge7.ISO -> %SystemDrive%\laughterseason4challenge7.ISO ->  [Ver =  | Size = 2106736640 bytes | Created Date = 9/7/2008 3:26:55 PM | Attr =    ]
laughterseason4challenge8.ISO -> %SystemDrive%\laughterseason4challenge8.ISO ->  [Ver =  | Size = 4210941952 bytes | Created Date = 9/7/2008 3:34:25 PM | Attr =    ]
laughterseason4challenge9.ISO -> %SystemDrive%\laughterseason4challenge9.ISO ->  [Ver =  | Size = 4250466304 bytes | Created Date = 9/7/2008 3:48:44 PM | Attr =    ]
My Music -> %SystemDrive%\My Music ->  [Folder | Created Date = 8/27/2008 6:19:38 PM | Attr =    ]
ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1042 built by: WinDDK | Size = 42376 bytes | Created Date = 9/20/2008 1:05:36 PM | Attr =    ]
iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1029 | Size = 66952 bytes | Created Date = 9/20/2008 1:05:36 PM | Attr =    ]
iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1033 | Size = 81288 bytes | Created Date = 9/20/2008 1:05:36 PM | Attr =    ]
kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 9/20/2008 1:05:36 PM | Attr =    ]
MsftWdf_user_01_07_00.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_user_01_07_00.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 9/18/2008 10:04:35 PM | Attr =  H ]
Msft_Kernel_WinUSB_01007.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 9/18/2008 10:04:50 PM | Attr =  H ]
Msft_User_ZuneDriver_01_07_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf ->  [Ver =  | Size = 0 bytes | Created Date = 9/18/2008 10:04:50 PM | Attr =  H ]
appmgmt -> %SystemRoot%\System32\appmgmt ->  [Folder | Created Date = 9/17/2008 1:25:30 PM | Attr =    ]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
GOrCcfii.ini -> %SystemRoot%\System32\GOrCcfii.ini ->  [Ver =  | Size = 869093 bytes | Created Date = 9/20/2008 12:22:22 PM | Attr =  HS]
GOrCcfii.ini2 -> %SystemRoot%\System32\GOrCcfii.ini2 ->  [Ver =  | Size = 869093 bytes | Created Date = 9/20/2008 12:22:22 PM | Attr =  HS]
gtudhotl.ini -> %SystemRoot%\System32\gtudhotl.ini ->  [Ver =  | Size = 1001677 bytes | Created Date = 9/19/2008 4:55:48 PM | Attr =  HS]
mkxbfglr.ini -> %SystemRoot%\System32\mkxbfglr.ini ->  [Ver =  | Size = 1001977 bytes | Created Date = 9/20/2008 12:52:23 PM | Attr =  HS]
PsAbcfii.ini -> %SystemRoot%\System32\PsAbcfii.ini ->  [Ver =  | Size = 872618 bytes | Created Date = 9/19/2008 4:54:40 PM | Attr =  HS]
PsAbcfii.ini2 -> %SystemRoot%\System32\PsAbcfii.ini2 ->  [Ver =  | Size = 868768 bytes | Created Date = 9/19/2008 4:54:40 PM | Attr =  HS]
Seagate.bin -> %SystemRoot%\System32\Seagate.bin ->  [Ver =  | Size = 12499 bytes | Created Date = 9/14/2008 11:51:14 AM | Attr =    ]
XPSViewer -> %SystemRoot%\System32\XPSViewer ->  [Folder | Created Date = 9/17/2008 1:29:42 PM | Attr =    ]
CDPlayer.ini -> %SystemRoot%\CDPlayer.ini ->  [Ver =  | Size = 1299 bytes | Created Date = 8/27/2008 6:17:10 PM | Attr =    ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 260 bytes | Created Date = 9/20/2008 12:15:08 PM | Attr =    ]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 9/20/2008 2:01:24 PM | Attr =    ]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 9/20/2008 12:01:45 PM | Attr =    ]
TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 9/20/2008 1:05:39 PM | Attr =    ]
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 9/20/2008 2:01:26 PM | Attr =    ]
Move Networks -> %AppData%\Move Networks ->  [Folder | Created Date = 9/17/2008 8:42:11 AM | Attr =    ]
PC Tools -> %AppData%\PC Tools ->  [Folder | Created Date = 9/20/2008 1:05:33 PM | Attr =    ]
Snapfish -> %AppData%\Snapfish ->  [Folder | Created Date = 8/28/2008 6:15:20 PM | Attr =    ]
IsolatedStorage -> %UserProfile%\Local Settings\Application Data\IsolatedStorage ->  [Folder | Created Date = 9/17/2008 1:30:55 PM | Attr =    ]
Winkflash.com -> %UserProfile%\Local Settings\Application Data\Winkflash.com ->  [Folder | Created Date = 8/27/2008 9:05:30 PM | Attr =    ]
AD - AKJ-AD Draft1.doc -> %UserProfile%\My Documents\AD - AKJ-AD Draft1.doc ->  [Ver =  | Size = 32768 bytes | Created Date = 9/10/2008 2:39:08 PM | Attr =    ]
coverletter2.doc -> %UserProfile%\My Documents\coverletter2.doc ->  [Ver =  | Size = 25088 bytes | Created Date = 9/9/2008 11:28:42 AM | Attr =    ]
coverletter2.docx -> %UserProfile%\My Documents\coverletter2.docx ->  [Ver =  | Size = 13266 bytes | Created Date = 9/9/2008 11:28:36 AM | Attr =    ]
Sapan_Jain_resume.doc -> %UserProfile%\My Documents\Sapan_Jain_resume.doc ->  [Ver =  | Size = 38400 bytes | Created Date = 8/22/2008 12:22:11 PM | Attr =    ]
Untitled.nbi -> %UserProfile%\My Documents\Untitled.nbi ->  [Ver =  | Size = 2097 bytes | Created Date = 9/14/2008 6:05:32 PM | Attr =    ]
Tutor.com Classroom.lnk -> %AllUsersProfile%\Desktop\Tutor.com Classroom.lnk ->  [Ver =  | Size = 2457 bytes | Created Date = 9/17/2008 1:30:33 PM | Attr =    ]
2008_08_30 -> %UserProfile%\Desktop\2008_08_30 ->  [Folder | Created Date = 9/1/2008 7:23:18 PM | Attr =    ]
2008_08_31 -> %UserProfile%\Desktop\2008_08_31 ->  [Folder | Created Date = 9/1/2008 7:21:08 PM | Attr =    ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Created Date = 9/20/2008 1:54:51 PM | Attr =    ]
NewsBin Pro.lnk -> %UserProfile%\Desktop\NewsBin Pro.lnk ->  [Ver =  | Size = 638 bytes | Created Date = 9/14/2008 11:50:57 AM | Attr =    ]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 9/21/2008 11:58:50 AM | Attr =    ]
Winkflash Transporter.lnk -> %UserProfile%\Desktop\Winkflash Transporter.lnk ->  [Ver =  | Size = 801 bytes | Created Date = 8/27/2008 9:05:25 PM | Attr =    ]
Download Manager -> %CommonProgramFiles%\Download Manager ->  [Folder | Created Date = 9/20/2008 2:01:05 PM | Attr =    ]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 9/20/2008 2:01:24 PM | Attr =    ]
nbpro -> %ProgramFiles%\nbpro ->  [Folder | Created Date = 9/14/2008 11:50:57 AM | Attr =    ]
Reference Assemblies -> %ProgramFiles%\Reference Assemblies ->  [Folder | Created Date = 9/17/2008 1:29:37 PM | Attr =    ]
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy ->  [Folder | Created Date = 9/20/2008 12:01:45 PM | Attr =    ]
Spyware Doctor -> %ProgramFiles%\Spyware Doctor ->  [Folder | Created Date = 9/20/2008 1:05:33 PM | Attr =    ]
Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 9/20/2008 1:54:51 PM | Attr =    ]
Tutor.com -> %ProgramFiles%\Tutor.com ->  [Folder | Created Date = 9/17/2008 7:43:11 PM | Attr =    ]
Winkflash -> %ProgramFiles%\Winkflash ->  [Folder | Created Date = 8/27/2008 9:05:25 PM | Attr =    ]

[Files/Folders - Modified Within 30 days]
CORPORATE.ISO -> %SystemDrive%\CORPORATE.ISO ->  [Ver =  | Size = 406294527 bytes | Modified Date = 9/16/2008 2:48:26 PM | Attr =    ]
laughterseason4challenge7.ISO -> %SystemDrive%\laughterseason4challenge7.ISO ->  [Ver =  | Size = 2106736640 bytes | Modified Date = 9/7/2008 3:30:31 PM | Attr =    ]
laughterseason4challenge8.ISO -> %SystemDrive%\laughterseason4challenge8.ISO ->  [Ver =  | Size = 4210941952 bytes | Modified Date = 9/7/2008 3:40:37 PM | Attr =    ]
laughterseason4challenge9.ISO -> %SystemDrive%\laughterseason4challenge9.ISO ->  [Ver =  | Size = 4250466304 bytes | Modified Date = 9/7/2008 3:54:59 PM | Attr =    ]
MsftWdf_user_01_07_00.Wdf -> %SystemRoot%\System32\drivers\MsftWdf_user_01_07_00.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 9/18/2008 10:04:35 PM | Attr =  H ]
Msft_Kernel_WinUSB_01007.Wdf -> %SystemRoot%\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 9/18/2008 10:04:50 PM | Attr =  H ]
Msft_User_ZuneDriver_01_07_00.Wdf -> %SystemRoot%\System32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf ->  [Ver =  | Size = 0 bytes | Modified Date = 9/18/2008 10:04:50 PM | Attr =  H ]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
BMXState-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx -> %SystemRoot%\System32\BMXState-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx ->  [Ver =  | Size = 55164 bytes | Modified Date = 9/21/2008 1:33:18 AM | Attr =    ]
BMXStateBkp-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx ->  [Ver =  | Size = 55164 bytes | Modified Date = 9/21/2008 1:33:18 AM | Attr =    ]
DVCState-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx -> %SystemRoot%\System32\DVCState-{00000001-00000000-00000007-00001102-00000005-00211102}.rfx ->  [Ver =  | Size = 64988 bytes | Modified Date = 9/21/2008 1:33:18 AM | Attr =    ]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 264616 bytes | Modified Date = 9/18/2008 11:37:23 AM | Attr =    ]
GOrCcfii.ini -> %SystemRoot%\System32\GOrCcfii.ini ->  [Ver =  | Size = 869093 bytes | Modified Date = 9/20/2008 1:07:52 PM | Attr =  HS]
GOrCcfii.ini2 -> %SystemRoot%\System32\GOrCcfii.ini2 ->  [Ver =  | Size = 869093 bytes | Modified Date = 9/20/2008 1:07:37 PM | Attr =  HS]
gtudhotl.ini -> %SystemRoot%\System32\gtudhotl.ini ->  [Ver =  | Size = 1001677 bytes | Modified Date = 9/19/2008 4:55:50 PM | Attr =  HS]
mkxbfglr.ini -> %SystemRoot%\System32\mkxbfglr.ini ->  [Ver =  | Size = 1001977 bytes | Modified Date = 9/20/2008 12:53:07 PM | Attr =  HS]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 182038 bytes | Modified Date = 9/21/2008 10:44:34 AM | Attr =    ]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 68404 bytes | Modified Date = 9/20/2008 1:06:39 PM | Attr =    ]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 435760 bytes | Modified Date = 9/20/2008 1:06:39 PM | Attr =    ]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 513724 bytes | Modified Date = 9/20/2008 1:06:39 PM | Attr =    ]
PsAbcfii.ini -> %SystemRoot%\System32\PsAbcfii.ini ->  [Ver =  | Size = 872618 bytes | Modified Date = 9/20/2008 12:15:39 PM | Attr =  HS]
PsAbcfii.ini2 -> %SystemRoot%\System32\PsAbcfii.ini2 ->  [Ver =  | Size = 868768 bytes | Modified Date = 9/20/2008 12:14:33 PM | Attr =  HS]
Seagate.bin -> %SystemRoot%\System32\Seagate.bin ->  [Ver =  | Size = 12499 bytes | Modified Date = 9/14/2008 11:51:14 AM | Attr =    ]
settings.sfm -> %SystemRoot%\System32\settings.sfm ->  [Ver =  | Size = 1080 bytes | Modified Date = 9/21/2008 1:33:18 AM | Attr =    ]
settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm ->  [Ver =  | Size = 1080 bytes | Modified Date = 9/21/2008 1:33:18 AM | Attr =    ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 9/18/2008 11:37:33 AM | Attr =    ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 9/21/2008 10:43:56 AM | Attr =   S]
CDPlayer.ini -> %SystemRoot%\CDPlayer.ini ->  [Ver =  | Size = 1299 bytes | Modified Date = 8/27/2008 6:37:24 PM | Attr =    ]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 9/18/2008 10:04:35 PM | Attr =    ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 69 bytes | Modified Date = 9/13/2008 2:47:27 PM | Attr =    ]
wininit.ini -> %SystemRoot%\wininit.ini ->  [Ver =  | Size = 260 bytes | Modified Date = 9/20/2008 12:35:52 PM | Attr =    ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 9/21/2008 10:44:03 AM | Attr =  H ]
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ->  [Folder | Modified Date = 7/9/2008 12:48:54 PM | Attr =    ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 184 bytes | Modified Date = 7/9/2008 12:48:55 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 7/1/2008 9:51:31 PM | Attr =    ]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 5553 bytes | Modified Date = 9/18/2008 10:03:00 PM | Attr =    ]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 9/18/2008 10:03:00 PM | Attr =    ]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 7/2/2008 6:17:29 PM | Attr =    ]
opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa12.dat ->  [Ver =  | Size = 8206 bytes | Modified Date = 7/2/2008 6:17:29 PM | Attr =    ]
C:\Documents and Settings\SAP\Local Settings\Temp\ -> C:\Documents and Settings\SAP\Local Settings\Temp ->  [Folder | Modified Date = 9/21/2008 11:58:26 AM | Attr =    ]
ose00000.exe -> C:\Documents and Settings\SAP\Local Settings\Temp\ose00000.exe -> Microsoft Corporation [Ver = 12.0.4518.1014 | Size = 145184 bytes | Modified Date = 10/27/2006 5:14:30 PM | Attr = R  ]
1 C:\Documents and Settings\SAP\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\SAP\Local Settings\Temp\*.tmp -> 
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 9/21/2008 11:58:10 AM | Attr =    ]
CTPBSeq.exe -> C:\WINDOWS\Temp\CTPBSeq.exe -> Creative Technology Ltd. [Ver = 1, 0, 0, 2 | Size = 65536 bytes | Modified Date = 5/31/2005 1:02:00 PM | Attr = R  ]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 13312 bytes | Modified Date = 9/1/2008 7:45:04 PM | Attr =    ]
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 67608 bytes | Modified Date = 9/17/2008 1:30:56 PM | Attr =    ]
AD - AKJ-AD Draft1.doc -> %UserProfile%\My Documents\AD - AKJ-AD Draft1.doc ->  [Ver =  | Size = 32768 bytes | Modified Date = 9/10/2008 2:39:08 PM | Attr =    ]
coverletter2.doc -> %UserProfile%\My Documents\coverletter2.doc ->  [Ver =  | Size = 25088 bytes | Modified Date = 9/9/2008 11:32:12 AM | Attr =    ]
coverletter2.docx -> %UserProfile%\My Documents\coverletter2.docx ->  [Ver =  | Size = 13266 bytes | Modified Date = 9/9/2008 11:28:36 AM | Attr =    ]
Sapan_Jain_resume.doc -> %UserProfile%\My Documents\Sapan_Jain_resume.doc ->  [Ver =  | Size = 38400 bytes | Modified Date = 9/3/2008 2:40:00 PM | Attr =    ]
Untitled.nbi -> %UserProfile%\My Documents\Untitled.nbi ->  [Ver =  | Size = 2097 bytes | Modified Date = 9/15/2008 3:52:01 PM | Attr =    ]
Tutor.com Classroom.lnk -> %AllUsersProfile%\Desktop\Tutor.com Classroom.lnk ->  [Ver =  | Size = 2457 bytes | Modified Date = 9/21/2008 11:25:52 AM | Attr =    ]
Zune.lnk -> %AllUsersProfile%\Desktop\Zune.lnk ->  [Ver =  | Size = 628 bytes | Modified Date = 9/18/2008 9:50:17 PM | Attr =    ]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1734 bytes | Modified Date = 9/20/2008 1:54:51 PM | Attr =    ]
NewsBin Pro.lnk -> %UserProfile%\Desktop\NewsBin Pro.lnk ->  [Ver =  | Size = 638 bytes | Modified Date = 9/14/2008 11:50:57 AM | Attr =    ]
Winkflash Transporter.lnk -> %UserProfile%\Desktop\Winkflash Transporter.lnk ->  [Ver =  | Size = 801 bytes | Modified Date = 8/27/2008 9:05:25 PM | Attr =    ]

[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]
Application Data -> C:\Documents and Settings\All Users\Application Data ->  [Folder | Modified Date = 9/20/2008 2:01:24 PM | Attr = RH ]
acccore -> C:\Documents and Settings\All Users\Application Data\acccore ->  [Folder | Modified Date = 7/1/2008 9:24:35 PM | Attr =    ]
Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe ->  [Folder | Modified Date = 7/1/2008 9:45:21 PM | Attr =    ]
AOL -> C:\Documents and Settings\All Users\Application Data\AOL ->  [Folder | Modified Date = 7/1/2008 9:24:33 PM | Attr =    ]
AOL OCP -> C:\Documents and Settings\All Users\Application Data\AOL OCP ->  [Folder | Modified Date = 7/1/2008 9:32:00 PM | Attr =    ]
Apple -> C:\Documents and Settings\All Users\Application Data\Apple ->  [Folder | Modified Date = 7/1/2008 10:26:56 PM | Attr =    ]
Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer ->  [Folder | Modified Date = 7/1/2008 10:27:00 PM | Attr =    ]
Creative -> C:\Documents and Settings\All Users\Application Data\Creative ->  [Folder | Modified Date = 7/9/2008 1:45:29 PM | Attr =    ]
DVD Shrink -> C:\Documents and Settings\All Users\Application Data\DVD Shrink ->  [Folder | Modified Date = 9/7/2008 3:34:05 PM | Attr =    ]
Elaborate Bytes -> C:\Documents and Settings\All Users\Application Data\Elaborate Bytes ->  [Folder | Modified Date = 7/21/2008 11:12:12 AM | Attr =    ]
GIRDAC -> C:\Documents and Settings\All Users\Application Data\GIRDAC ->  [Folder | Modified Date = 7/30/2008 6:10:15 PM | Attr =    ]
LogiShrd -> C:\Documents and Settings\All Users\Application Data\LogiShrd ->  [Folder | Modified Date = 7/1/2008 10:06:09 PM | Attr =    ]
Logitech -> C:\Documents and Settings\All Users\Application Data\Logitech ->  [Folder | Modified Date = 7/1/2008 10:05:37 PM | Attr =    ]
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes ->  [Folder | Modified Date = 9/20/2008 2:01:24 PM | Attr =    ]
Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft ->  [Folder | Modified Date = 7/15/2008 5:37:35 PM | Attr =   S]
Microsoft Help -> C:\Documents and Settings\All Users\Application Data\Microsoft Help ->  [Folder | Modified Date = 7/14/2008 2:11:49 PM | Attr =    ]
Nero -> C:\Documents and Settings\All Users\Application Data\Nero ->  [Folder | Modified Date = 7/9/2008 1:13:55 PM | Attr =    ]
Office Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage ->  [Folder | Modified Date = 7/14/2008 4:45:16 PM | Attr =    ]
Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 9/20/2008 1:11:35 PM | Attr =    ]
TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP ->  [Folder | Modified Date = 9/20/2008 1:51:30 PM | Attr =    ]
@Alternate Data Stream - 104 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2
TVU Networks -> C:\Documents and Settings\All Users\Application Data\TVU Networks ->  [Folder | Modified Date = 8/9/2008 10:29:25 PM | Attr =    ]
Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint ->  [Folder | Modified Date = 7/1/2008 9:24:35 PM | Attr =    ]
Application Data -> C:\Documents and Settings\SAP\Application Data ->  [Folder | Modified Date = 9/20/2008 2:01:26 PM | Attr = RH ]
acccore -> C:\Documents and Settings\SAP\Application Data\acccore ->  [Folder | Modified Date = 7/1/2008 9:32:10 PM | Attr =    ]
Adobe -> C:\Documents and Settings\SAP\Application Data\Adobe ->  [Folder | Modified Date = 7/10/2008 6:17:35 PM | Attr =    ]
Apple Computer -> C:\Documents and Settings\SAP\Application Data\Apple Computer ->  [Folder | Modified Date = 7/5/2008 12:58:17 PM | Attr =    ]
Creative -> C:\Documents and Settings\SAP\Application Data\Creative ->  [Folder | Modified Date = 7/9/2008 1:20:55 PM | Attr =    ]
Help -> C:\Documents and Settings\SAP\Application Data\Help ->  [Folder | Modified Date = 7/17/2008 5:16:32 PM | Attr =    ]
Identities -> C:\Documents and Settings\SAP\Application Data\Identities ->  [Folder | Modified Date = 7/1/2008 8:55:31 PM | Attr =    ]
ImgBurn -> C:\Documents and Settings\SAP\Application Data\ImgBurn ->  [Folder | Modified Date = 8/15/2008 5:46:26 PM | Attr =    ]
InstallShield -> C:\Documents and Settings\SAP\Application Data\InstallShield ->  [Folder | Modified Date = 7/1/2008 10:05:34 PM | Attr =    ]
Logitech -> C:\Documents and Settings\SAP\Application Data\Logitech ->  [Folder | Modified Date = 7/1/2008 10:06:08 PM | Attr =    ]
Macromedia -> C:\Documents and Settings\SAP\Application Data\Macromedia ->  [Folder | Modified Date = 7/1/2008 9:00:37 PM | Attr =    ]
Malwarebytes -> C:\Documents and Settings\SAP\Application Data\Malwarebytes ->  [Folder | Modified Date = 9/20/2008 2:01:26 PM | Attr =    ]
Microsoft -> C:\Documents and Settings\SAP\Application Data\Microsoft ->  [Folder | Modified Date = 9/17/2008 1:25:30 PM | Attr =   S]
mIRC -> C:\Documents and Settings\SAP\Application Data\mIRC ->  [Folder | Modified Date = 9/12/2008 11:31:32 AM | Attr =    ]
Move Networks -> C:\Documents and Settings\SAP\Application Data\Move Networks ->  [Folder | Modified Date = 9/18/2008 9:28:14 PM | Attr =    ]
Mozilla -> C:\Documents and Settings\SAP\Application Data\Mozilla ->  [Folder | Modified Date = 7/1/2008 9:01:13 PM | Attr =    ]
Nero -> C:\Documents and Settings\SAP\Application Data\Nero ->  [Folder | Modified Date = 7/9/2008 1:15:01 PM | Attr =    ]
PC Tools -> C:\Documents and Settings\SAP\Application Data\PC Tools ->  [Folder | Modified Date = 9/20/2008 1:05:33 PM | Attr =    ]
Snapfish -> C:\Documents and Settings\SAP\Application Data\Snapfish ->  [Folder | Modified Date = 8/28/2008 6:15:22 PM | Attr =    ]
uTorrent -> C:\Documents and Settings\SAP\Application Data\uTorrent ->  [Folder | Modified Date = 9/20/2008 12:07:34 PM | Attr =    ]
Viewpoint -> C:\Documents and Settings\SAP\Application Data\Viewpoint ->  [Folder | Modified Date = 7/7/2008 8:17:09 PM | Attr =    ]
Winamp -> C:\Documents and Settings\SAP\Application Data\Winamp ->  [Folder | Modified Date = 7/9/2008 2:55:05 PM | Attr =    ]
WinRAR -> C:\Documents and Settings\SAP\Application Data\WinRAR ->  [Folder | Modified Date = 7/1/2008 10:01:39 PM | Attr =    ]
C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks ->  [Folder | Modified Date = 7/18/2008 6:25:00 PM | Attr =   S]
desktop.ini -> C:\WINDOWS\Tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Modified Date = 4/14/2008 8:00:00 AM | Attr = RH ]
SA.DAT -> C:\WINDOWS\Tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 9/21/2008 10:44:03 AM | Attr =  H ]
[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
C:\WINDOWS\Cursors\arrow_n.cur:NEDTA.DAT 6144 bytes
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 104 bytes
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\SAP\Desktop\2008_08_30\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\SAP\Desktop\2008_08_31\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\SAP\My Documents\My Pictures\Picture\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 109

< End of report >
[/code]