[code] OTScanIt logfile created on: 10/13/2008 9:41:53 PM OTScanIt by OldTimer - Version 1.0.19.0 Folder = C:\Documents and Settings\Vikas Nandwana\Desktop\Internet Speed Monitor Zedo Malware Clean\OTScanIt Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 494.42 Mb Total Physical Memory | 132.79 Mb Available Physical Memory | 26.86% Memory free 1.13 Gb Paging File | 0.78 Gb Available in Paging File | 69.37% Paging File free Paging file location(s): C:\pagefile.sys 744 1488; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 19.53 Gb Total Space | 8.88 Gb Free Space | 45.48% Space Free | Partition Type: NTFS Drive D: | 36.35 Gb Total Space | 11.95 Gb Free Space | 32.88% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DELL700 Current User Name: Vikas Nandwana Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On [Processes - Non-Microsoft Only] maxbackserviceint.exe -> %ProgramFiles%\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -> [Ver = 1, 0, 1, 6 | Size = 184320 bytes | Modified Date = 7/17/2006 3:21:56 PM | Attr = ] syncservices.exe -> %ProgramFiles%\Maxtor\Utils\SyncServices.exe -> [Ver = 1, 0, 0, 1 | Size = 106496 bytes | Modified Date = 2/7/2006 4:10:14 PM | Attr = ] retrorun.exe -> %ProgramFiles%\Dantz\Retrospect\retrorun.exe -> Dantz Development Corporation [Ver = 6.5.342 | Size = 49152 bytes | Modified Date = 11/12/2003 1:46:34 PM | Attr = ] wdsvc.exe -> %ProgramFiles%\Dantz\Retrospect\wdsvc.exe -> Dantz Development Corporation [Ver = 6.5.342 | Size = 46592 bytes | Modified Date = 12/11/2003 5:09:34 AM | Attr = R ] wltrysvc.exe -> %SystemRoot%\system32\WLTRYSVC.EXE -> [Ver = | Size = 18944 bytes | Modified Date = 12/19/2005 10:08:42 AM | Attr = ] ico.exe -> %SystemRoot%\system32\ico.exe -> Primax Electronics Ltd. [Ver = 1, 0, 1, 3 | Size = 47104 bytes | Modified Date = 6/9/2006 2:47:52 PM | Attr = ] syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 2:48:02 PM | Attr = ] wdbtnmgr.exe -> %SystemRoot%\system32\WDBtnMgr.exe -> Western Digital Technologies, Inc. [Ver = 1, 0, 15, 0 | Size = 331776 bytes | Modified Date = 6/24/2008 10:04:40 PM | Attr = ] onetouch.exe -> %ProgramFiles%\Maxtor\ManagerApp\OneTouch.exe -> Maxtor Corporation [Ver = 4, 0, 4, 2 | Size = 712704 bytes | Modified Date = 8/11/2006 8:45:16 AM | Attr = ] maxmenumgr.exe -> %ProgramFiles%\Maxtor\OneTouch Status\MaxMenuMgr.exe -> Maxtor Corporation [Ver = 1, 1, 0, 7 | Size = 81920 bytes | Modified Date = 8/11/2006 11:15:04 AM | Attr = ] fixcamera.exe -> %SystemRoot%\FixCamera.exe -> [Ver = 1, 0, 0, 9 | Size = 20480 bytes | Modified Date = 2/10/2007 3:40:46 PM | Attr = ] tsnp2std.exe -> %SystemRoot%\tsnp2std.exe -> SONIX [Ver = 1, 1, 3, 9 | Size = 258048 bytes | Modified Date = 1/5/2007 5:12:58 PM | Attr = ] vsnp2std.exe -> %SystemRoot%\vsnp2std.exe -> Sonix [Ver = 1, 1, 7, 0 | Size = 675840 bytes | Modified Date = 9/15/2006 1:21:54 PM | Attr = ] wweb32.exe -> %ProgramFiles%\WordWeb\wweb32.exe -> Antony Lewis [Ver = 5.0.0.0 | Size = 42168 bytes | Modified Date = 6/12/2008 10:17:01 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 9/21/2008 4:44:45 PM | Attr = ] (MaxBackServiceInt) MaxBackServiceInt [Win32_Own | Auto | Running] -> %ProgramFiles%\Maxtor\Maxtor Backup\MaxBackServiceInt.exe -> [Ver = 1, 0, 1, 6 | Size = 184320 bytes | Modified Date = 7/17/2006 3:21:56 PM | Attr = ] (NTService1) MaxSyncService [Win32_Own | Auto | Running] -> %ProgramFiles%\Maxtor\Utils\SyncServices.exe -> [Ver = 1, 0, 0, 1 | Size = 106496 bytes | Modified Date = 2/7/2006 4:10:14 PM | Attr = ] (RetroLauncher) Retrospect Launcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Dantz\Retrospect\retrorun.exe -> Dantz Development Corporation [Ver = 6.5.342 | Size = 49152 bytes | Modified Date = 11/12/2003 1:46:34 PM | Attr = ] (RetroWDSvc) Retrospect WD Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Dantz\Retrospect\wdsvc.exe -> Dantz Development Corporation [Ver = 6.5.342 | Size = 46592 bytes | Modified Date = 12/11/2003 5:09:34 AM | Attr = R ] (wltrysvc) Dell Wireless WLAN Tray Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\WLTRYSVC.EXE -> [Ver = | Size = 18944 bytes | Modified Date = 12/19/2005 10:08:42 AM | Attr = ] [Driver Services - Non-Microsoft Only] (flash) flash [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\flash.sys -> [Ver = | Size = 7040 bytes | Modified Date = 8/29/2003 7:47:48 PM | Attr = ] (MXOPSWD) Maxtor OneTouch Security Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\mxopswd.sys -> Maxtor Corp. [Ver = 1,0,7,0 | Size = 15360 bytes | Modified Date = 4/6/2005 3:05:24 PM | Attr = ] (SNP2STD) USB2.0 PC Camera (SNP2STD) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\snp2sxp.sys -> [Ver = 5, 8, 8, 0 | Size = 12027904 bytes | Modified Date = 1/20/2007 11:31:42 AM | Attr = ] (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 191872 bytes | Modified Date = 3/8/2006 2:35:10 PM | Attr = ] (tbhsd) Tunebite High-Speed Dubbing [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\tbhsd.sys -> RapidSolution Software AG [Ver = 3, 0, 0, 0 | Size = 27936 bytes | Modified Date = 2/20/2008 1:47:34 PM | Attr = ] (tifm) tifm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tifm.sys -> Texas Instruments [Ver = 1.0.2.5 | Size = 55808 bytes | Modified Date = 7/21/2006 12:42:08 PM | Attr = ] (UIUSys) Conexant Setup API [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\UIUSYS.SYS -> File not found (w300bus) Sony Ericsson W300 Driver driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w300bus.sys -> MCCI [Ver = V4.34 | Size = 60800 bytes | Modified Date = 3/13/2006 4:49:54 PM | Attr = R ] (w300mdfl) Sony Ericsson W300 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w300mdfl.sys -> MCCI [Ver = V4.34 | Size = 9264 bytes | Modified Date = 3/13/2006 4:50:00 PM | Attr = R ] (w300mdm) Sony Ericsson W300 USB WMC Modem Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w300mdm.sys -> MCCI [Ver = V4.34 | Size = 96352 bytes | Modified Date = 3/13/2006 4:50:02 PM | Attr = R ] (w300mgmt) Sony Ericsson W300 USB WMC Device Management Drivers (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w300mgmt.sys -> MCCI [Ver = V4.34 | Size = 87824 bytes | Modified Date = 3/13/2006 4:50:06 PM | Attr = R ] (w300obex) Sony Ericsson W300 USB WMC OBEX Interface [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w300obex.sys -> MCCI [Ver = V4.34 | Size = 85696 bytes | Modified Date = 3/13/2006 4:50:08 PM | Attr = R ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe ["C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 6.0.1.2004121400 | Size = 483328 bytes | Modified Date = 12/14/2004 2:12:02 AM | Attr = ] brastk -> [brastk.exeles%] -> File not found Broadcom Wireless Manager UI -> %SystemRoot%\system32\WLTRAY.EXE [C:\WINDOWS\System32\WLTRAY.exe] -> Dell Inc. [Ver = 4.10.47.3 | Size = 1347584 bytes | Modified Date = 12/19/2005 10:08:42 AM | Attr = ] DLA -> %SystemRoot%\system32\DLA\DLACTRLW.EXE [C:\WINDOWS\System32\DLA\DLACTRLW.EXE] -> Sonic Solutions [Ver = 5.20.12a | Size = 122940 bytes | Modified Date = 11/7/2005 7:20:00 AM | Attr = ] DVDLauncher -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe ["C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"] -> CyberLink Corp. [Ver = 3.00.0000 | Size = 57344 bytes | Modified Date = 10/12/2004 4:54:30 PM | Attr = ] FixCamera -> %SystemRoot%\FixCamera.exe [C:\WINDOWS\FixCamera.exe] -> [Ver = 1, 0, 0, 9 | Size = 20480 bytes | Modified Date = 2/10/2007 3:40:46 PM | Attr = ] googletalk -> %ProgramFiles%\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe /autostart] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 4:22:02 PM | Attr = ] igfxhkcmd -> %SystemRoot%\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4363 | Size = 77824 bytes | Modified Date = 7/19/2005 8:06:12 PM | Attr = ] igfxpers -> %SystemRoot%\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4363 | Size = 114688 bytes | Modified Date = 7/19/2005 8:10:06 PM | Attr = ] igfxtray -> %SystemRoot%\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4363 | Size = 94208 bytes | Modified Date = 7/19/2005 6:09:26 PM | Attr = ] IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> Intel Corporation [Ver = 11.1.0.2 | Size = 970752 bytes | Modified Date = 2/21/2007 1:17:42 PM | Attr = ] IntelZeroConfig -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> Intel Corporation [Ver = 11.1.0.5 | Size = 819200 bytes | Modified Date = 2/21/2007 1:19:58 PM | Attr = ] ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 249856 bytes | Modified Date = 8/11/2005 5:30:30 PM | Attr = ] ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> Macrovision Corporation [Ver = 4, 60, 100, 37068 | Size = 81920 bytes | Modified Date = 8/11/2005 5:30:30 PM | Attr = ] MaxtorOneTouch -> %ProgramFiles%\Maxtor\ManagerApp\OneTouch.exe [C:\Program Files\Maxtor\ManagerApp\Onetouch.exe] -> Maxtor Corporation [Ver = 4, 0, 4, 2 | Size = 712704 bytes | Modified Date = 8/11/2006 8:45:16 AM | Attr = ] mxomssmenu -> %ProgramFiles%\Maxtor\OneTouch Status\MaxMenuMgr.exe ["C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"] -> Maxtor Corporation [Ver = 1, 1, 0, 7 | Size = 81920 bytes | Modified Date = 8/11/2006 11:15:04 AM | Attr = ] PMX Daemon -> %SystemRoot%\system32\ico.exe [ICO.EXE] -> Primax Electronics Ltd. [Ver = 1, 0, 1, 3 | Size = 47104 bytes | Modified Date = 6/9/2006 2:47:52 PM | Attr = ] snp2std -> %SystemRoot%\vsnp2std.exe [C:\WINDOWS\vsnp2std.exe] -> Sonix [Ver = 1, 1, 7, 0 | Size = 675840 bytes | Modified Date = 9/15/2006 1:21:54 PM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr = ] SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> Synaptics, Inc. [Ver = 8.2.4.6 08Mar06 | Size = 761947 bytes | Modified Date = 3/8/2006 2:48:02 PM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.1.45 | Size = 185896 bytes | Modified Date = 6/23/2008 3:12:17 AM | Attr = ] tsnp2std -> %SystemRoot%\tsnp2std.exe [C:\WINDOWS\tsnp2std.exe] -> SONIX [Ver = 1, 1, 3, 9 | Size = 258048 bytes | Modified Date = 1/5/2007 5:12:58 PM | Attr = ] UIUCU -> %SystemDrive%\DOCUME~1\VIKASN~1\LOCALS~1\Temp\UIUCU.EXE [C:\DOCUME~1\VIKASN~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S] -> File not found UpdateManager -> %CommonProgramFiles%\Sonic\Update Manager\sgtray.exe ["C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r] -> Sonic Solutions [Ver = 1.01.33b | Size = 110592 bytes | Modified Date = 1/7/2004 1:01:00 AM | Attr = ] WD Button Manager -> %SystemRoot%\system32\WDBtnMgr.exe [WDBtnMgr.exe] -> Western Digital Technologies, Inc. [Ver = 1, 0, 15, 0 | Size = 331776 bytes | Modified Date = 6/24/2008 10:04:40 PM | Attr = ] < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/22/2008 9:38:05 PM | Attr = ] Tunebite -> %ProgramFiles%\RapidSolution\Tunebite\Tunebite.exe [C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray] -> File not found < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe -> [Ver = | Size = 25214 bytes | Modified Date = 9/21/2008 4:44:29 PM | Attr = R ] %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 11/4/1999 4:06:48 PM | Attr = ] < Vikas Nandwana Startup Folder > -> C:\Documents and Settings\Vikas Nandwana\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\WordWeb.lnk -> %ProgramFiles%\WordWeb\wweb32.exe -> Antony Lewis [Ver = 5.0.0.0 | Size = 42168 bytes | Modified Date = 6/12/2008 10:17:01 PM | Attr = ] < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> karna.datM -> -> File not found FILES -> -> File not found *MultiFile Done* -> -> < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/14/2008 5:42:20 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/14/2008 5:42:40 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/14/2008 5:42:26 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/14/2008 5:42:42 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> igfxcui -> %SystemRoot%\system32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4363 | Size = 135168 bytes | Modified Date = 7/19/2005 8:05:16 PM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> Reg Error: Key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ not found. -> -> < CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/14/2008 12:10:48 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> < Drives with AutoRun files > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 0 bytes | Modified Date = 6/22/2008 10:39:57 PM | Attr = ] < HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\Start Page -> http://mail.yahoo.com/ -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 35650 | Size = 2549368 bytes | Modified Date = 6/22/2008 9:38:17 PM | Attr = R ] {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 35650 | Size = 2549368 bytes | Modified Date = 6/22/2008 9:38:17 PM | Attr = R ] WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> Google Inc. [Ver = 4, 0, 1602, 35650 | Size = 2549368 bytes | Modified Date = 6/22/2008 9:38:17 PM | Attr = R ] WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ] Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ] Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ] Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ] Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ] Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ] Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ] Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.0.0 | Size = 225280 bytes | Modified Date = 12/14/2004 2:13:40 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {38264E81-BBBF-4007-9F8F-2674E9676EC5} -> () -> {6C2799BB-F92E-4AC3-9AE7-18FED541436B} -> (1394 Net Adapter) -> {DF6967EB-8067-4392-BF57-33F7CA955DD5} -> (Intel(R) PRO/Wireless 2200BG Network Connection) -> {F2663914-E91A-4916-A171-CA4A9E28F803} -> (Broadcom 440x 10/100 Integrated Controller) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {5AE58FCF-6F6A-49B2-B064-02492C66E3F4}[HKEY_LOCAL_MACHINE] -> http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1214331096640[MUCatalogWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {A903E5AB-C67E-40FB-94F1-E1305982F6E0}[HKEY_LOCAL_MACHINE] -> http://www.idesitv.com/livetv.ocx[KooPlayer Control] -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> DirectAnimation Java Classes[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\dajava.cab[Reg Error: Key does not exist or could not be opened.] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\.Owner -> {D27CDB6E-AE6D-11CF-96B8-444553540000} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/FP_AX_CAB_INSTALLER.exe\\{D27CDB6E-AE6D-11CF-96B8-444553540000} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/livetv.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/livetv.ocx\\.Owner -> {A903E5AB-C67E-40FB-94F1-E1305982F6E0} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/livetv.ocx\\{A903E5AB-C67E-40FB-94F1-E1305982F6E0} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MicrosoftUpdateCatalogWebControl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MicrosoftUpdateCatalogWebControl.dll\\.Owner -> {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MicrosoftUpdateCatalogWebControl.dll\\{5AE58FCF-6F6A-49B2-B064-02492C66E3F4} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/14/2008 5:42:02 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/14/2008 5:41:58 AM | Attr = ] msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/14/2008 5:42:02 AM | Attr = ] schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/14/2008 5:42:10 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 924 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/14/2008 5:42:04 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 88 25 F2 92 6B C1 4B D9 8F A4 84 26 C6 EA CB 95 30 65 31 38 37 31 63 31 00 68 07 00 01 00 00 00 D8 00 00 00 DC 00 00 00 48 FA 06 00 D6 48 5A 74 04 00 00 00 A0 FD 06 00 B8 FD 06 00 9C 35 16 91 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 42 2A E0 19 4E FF 08 23 DC [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> D5 42 C2 D5 0E 8E [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 9/3/2002 2:40:13 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 89 98 1F EE E9 E2 C7 FD 51 B0 C2 BF 9B E2 DC 40 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 60 5F D6 9A 35 D6 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 C5 8E 27 1C 9E C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 4C 22 2B 1C 9E C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 79 53 2C 1C 9E C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 5:42:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 2978 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/14/2008 5:41:56 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/14/2008 5:42:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/14/2008 12:23:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/14/2008 5:42:36 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 5:43:18 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Winamp Remote\bin\OrbTray.exe -> %ProgramFiles%\Winamp Remote\bin\OrbTray.exe [C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:Orb] -> Orb Networks [Ver = 2, 2008, 331, 1830 | Size = 507904 bytes | Modified Date = 3/31/2008 8:54:06 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/14/2008 12:23:34 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe -> %ProgramFiles%\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus] -> File not found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Google\Google Talk\googletalk.exe -> %ProgramFiles%\Google\Google Talk\googletalk.exe [C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk] -> Google [Ver = 1,0,0,104 | Size = 3739648 bytes | Modified Date = 1/1/2007 4:22:02 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\kav\kav7\setup.exe -> %SystemDrive%\kav\kav7\setup.exe [C:\kav\kav7\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup] -> Kaspersky Lab [Ver = 7.0.1.325 | Size = 72264 bytes | Modified Date = 2/8/2008 11:04:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Internet Explorer\iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer] -> Microsoft Corporation [Ver = 7.00.6000.16705 (vista_gdr.080618-1506) | Size = 625664 bytes | Modified Date = 6/23/2008 4:20:52 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 5:42:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/14/2008 5:42:12 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/14/2008 5:42:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 4/14/2008 5:42:40 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/14/2008 5:42:06 AM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 30 days] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 10/11/2008 11:03:07 AM | Attr = HS] rsit -> %SystemDrive%\rsit -> [Folder | Created Date = 10/5/2008 5:42:35 PM | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 10/5/2008 9:01:11 PM | Attr = ] Primomonnt.dll -> %SystemRoot%\System32\Primomonnt.dll -> [Ver = | Size = 176235 bytes | Created Date = 9/21/2008 3:45:45 PM | Attr = ] PrimoPDF4 -> %SystemRoot%\PrimoPDF4 -> [Folder | Created Date = 9/21/2008 3:45:40 PM | Attr = ] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> [Files Created - Additional Folder Scans - Non-Microsoft Only] Adobe Systems -> %AllUsersProfile%\Application Data\Adobe Systems -> [Folder | Created Date = 9/21/2008 4:45:00 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 10/5/2008 9:14:02 PM | Attr = ] NOS -> %AllUsersProfile%\Application Data\NOS -> [Folder | Created Date = 9/21/2008 4:00:03 PM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Created Date = 9/21/2008 4:51:06 PM | Attr = ] com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> %AppData%\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> [Folder | Created Date = 9/21/2008 4:22:00 PM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 10/5/2008 9:14:07 PM | Attr = ] QuosaDDM -> %AppData%\QuosaDDM -> [Folder | Created Date = 9/27/2008 11:31:50 PM | Attr = ] Adobe PDF -> %AllUsersProfile%\Documents\Adobe PDF -> [Folder | Created Date = 9/21/2008 4:39:31 PM | Attr = ] Adobe Acrobat 7.0 Professional.lnk -> %AllUsersProfile%\Desktop\Adobe Acrobat 7.0 Professional.lnk -> [Ver = | Size = 1734 bytes | Created Date = 9/21/2008 4:41:36 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Created Date = 10/5/2008 9:14:04 PM | Attr = ] Baby_Krishna_Sleeping_Beauty.jpg -> %UserProfile%\Desktop\Baby_Krishna_Sleeping_Beauty.jpg -> [Ver = | Size = 467793 bytes | Created Date = 10/12/2008 9:01:29 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Created Date = 10/13/2008 7:24:54 PM | Attr = ] Internet Speed Monitor Zedo Malware Clean -> %UserProfile%\Desktop\Internet Speed Monitor Zedo Malware Clean -> [Folder | Created Date = 10/10/2008 10:49:49 PM | Attr = ] 1 C:\Documents and Settings\Vikas Nandwana\Desktop\*.tmp files -> C:\Documents and Settings\Vikas Nandwana\Desktop\*.tmp -> job search.lnk -> %UserProfile%\Desktop\job search.lnk -> [Ver = | Size = 366 bytes | Created Date = 9/14/2008 12:37:24 PM | Attr = ] JPC gold coating -> %UserProfile%\Desktop\JPC gold coating -> [Folder | Created Date = 10/5/2008 12:15:57 PM | Attr = ] MMM 2008.lnk -> %UserProfile%\Desktop\MMM 2008.lnk -> [Ver = | Size = 573 bytes | Created Date = 9/14/2008 12:38:14 PM | Attr = ] quiznearn -> %UserProfile%\Desktop\quiznearn -> [Folder | Created Date = 10/10/2008 11:04:13 PM | Attr = ] Reco letter for Kejun Zeng.doc -> %UserProfile%\Desktop\Reco letter for Kejun Zeng.doc -> [Ver = | Size = 30208 bytes | Created Date = 10/12/2008 3:09:33 PM | Attr = ] Thesis Preparation.lnk -> %UserProfile%\Desktop\Thesis Preparation.lnk -> [Ver = | Size = 503 bytes | Created Date = 10/10/2008 10:41:30 PM | Attr = ] wallpaper_13543.jpg -> %UserProfile%\Desktop\wallpaper_13543.jpg -> [Ver = | Size = 313423 bytes | Created Date = 10/6/2008 8:07:29 AM | Attr = ] Weekly Lit 2008.lnk -> %UserProfile%\Desktop\Weekly Lit 2008.lnk -> [Ver = | Size = 494 bytes | Created Date = 9/14/2008 12:44:30 PM | Attr = ] ~$co letter for Kejun Zeng.doc -> %UserProfile%\Desktop\~$co letter for Kejun Zeng.doc -> [Ver = | Size = 162 bytes | Created Date = 10/13/2008 8:27:43 PM | Attr = H ] Adobe Acrobat Speed Launcher.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> [Ver = | Size = 2335 bytes | Created Date = 9/21/2008 4:41:35 PM | Attr = ] Adobe Systems Shared -> %CommonProgramFiles%\Adobe Systems Shared -> [Folder | Created Date = 9/21/2008 4:44:45 PM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 10/5/2008 9:14:01 PM | Attr = ] NOS -> %ProgramFiles%\NOS -> [Folder | Created Date = 9/21/2008 4:00:02 PM | Attr = ] Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 10/5/2008 11:18:42 AM | Attr = ] [Files/Folders - Modified Within 30 days] 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 123728 bytes | Modified Date = 10/3/2008 1:42:57 PM | Attr = ] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/13/2008 8:09:26 PM | Attr = S] 5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/13/2008 8:09:29 PM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 6/22/2008 9:38:07 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 4232 bytes | Modified Date = 9/10/2008 3:55:13 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 5515 bytes | Modified Date = 9/10/2008 3:55:13 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 6/24/2008 9:51:05 PM | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 6/24/2008 9:51:05 PM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 82432 bytes | Modified Date = 10/11/2008 8:50:52 PM | Attr = ] GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [Ver = | Size = 24904 bytes | Modified Date = 9/23/2008 9:37:18 PM | Attr = ] Adobe Acrobat 7.0 Professional.lnk -> %AllUsersProfile%\Desktop\Adobe Acrobat 7.0 Professional.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 9/21/2008 4:41:36 PM | Attr = ] Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [Ver = | Size = 696 bytes | Modified Date = 10/5/2008 9:14:04 PM | Attr = ] Baby_Krishna_Sleeping_Beauty.jpg -> %UserProfile%\Desktop\Baby_Krishna_Sleeping_Beauty.jpg -> [Ver = | Size = 467793 bytes | Modified Date = 10/12/2008 9:01:30 PM | Attr = ] comprehensive curves.lnk -> %UserProfile%\Desktop\comprehensive curves.lnk -> [Ver = | Size = 553 bytes | Modified Date = 9/14/2008 2:15:35 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1734 bytes | Modified Date = 10/13/2008 7:24:54 PM | Attr = ] 1 C:\Documents and Settings\Vikas Nandwana\Desktop\*.tmp files -> C:\Documents and Settings\Vikas Nandwana\Desktop\*.tmp -> job search.lnk -> %UserProfile%\Desktop\job search.lnk -> [Ver = | Size = 366 bytes | Modified Date = 9/14/2008 12:37:52 PM | Attr = ] MMM 2008.lnk -> %UserProfile%\Desktop\MMM 2008.lnk -> [Ver = | Size = 573 bytes | Modified Date = 9/14/2008 12:38:36 PM | Attr = ] Reco letter for Kejun Zeng.doc -> %UserProfile%\Desktop\Reco letter for Kejun Zeng.doc -> [Ver = | Size = 30208 bytes | Modified Date = 10/13/2008 9:17:02 PM | Attr = ] Thesis Preparation.lnk -> %UserProfile%\Desktop\Thesis Preparation.lnk -> [Ver = | Size = 503 bytes | Modified Date = 10/10/2008 10:43:22 PM | Attr = ] wallpaper_13543.jpg -> %UserProfile%\Desktop\wallpaper_13543.jpg -> [Ver = | Size = 313423 bytes | Modified Date = 10/6/2008 8:06:24 AM | Attr = ] Weekly Lit 2008.lnk -> %UserProfile%\Desktop\Weekly Lit 2008.lnk -> [Ver = | Size = 494 bytes | Modified Date = 9/15/2008 1:37:13 PM | Attr = ] ~$co letter for Kejun Zeng.doc -> %UserProfile%\Desktop\~$co letter for Kejun Zeng.doc -> [Ver = | Size = 162 bytes | Modified Date = 10/13/2008 8:27:43 PM | Attr = H ] Adobe Acrobat Speed Launcher.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> [Ver = | Size = 2335 bytes | Modified Date = 10/13/2008 8:09:37 PM | Attr = ] [File - Lop Check: Additional Folder Scans - Non-Microsoft Only] Application Data -> C:\Documents and Settings\All Users\Application Data -> [Folder | Modified Date = 10/11/2008 11:08:21 AM | Attr = RH ] Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe -> [Folder | Modified Date = 9/21/2008 4:39:46 PM | Attr = ] Adobe Systems -> C:\Documents and Settings\All Users\Application Data\Adobe Systems -> [Folder | Modified Date = 9/21/2008 4:45:00 PM | Attr = ] AVS4YOU -> C:\Documents and Settings\All Users\Application Data\AVS4YOU -> [Folder | Modified Date = 7/12/2008 1:18:22 AM | Attr = ] Dell -> C:\Documents and Settings\All Users\Application Data\Dell -> [Folder | Modified Date = 6/22/2008 10:46:06 PM | Attr = ] Google -> C:\Documents and Settings\All Users\Application Data\Google -> [Folder | Modified Date = 6/22/2008 9:38:18 PM | Attr = ] Google Updater -> C:\Documents and Settings\All Users\Application Data\Google Updater -> [Folder | Modified Date = 10/12/2008 3:44:18 PM | Attr = ] InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield -> [Folder | Modified Date = 6/22/2008 11:02:01 PM | Attr = ] Intel -> C:\Documents and Settings\All Users\Application Data\Intel -> [Folder | Modified Date = 6/22/2008 11:43:43 PM | Attr = ] Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft -> [Folder | Modified Date = 10/5/2008 10:21:02 AM | Attr = ] Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [Folder | Modified Date = 10/5/2008 9:14:02 PM | Attr = ] Maxtor -> C:\Documents and Settings\All Users\Application Data\Maxtor -> [Folder | Modified Date = 6/25/2008 7:38:14 AM | Attr = ] Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft -> [Folder | Modified Date = 6/24/2008 9:47:59 PM | Attr = S] NOS -> C:\Documents and Settings\All Users\Application Data\NOS -> [Folder | Modified Date = 9/21/2008 4:18:30 PM | Attr = ] OrbNetworks -> C:\Documents and Settings\All Users\Application Data\OrbNetworks -> [Folder | Modified Date = 6/23/2008 2:51:23 AM | Attr = ] PC Drivers HeadQuarters -> C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters -> [Folder | Modified Date = 6/22/2008 1:25:33 PM | Attr = ] RapidSolution -> C:\Documents and Settings\All Users\Application Data\RapidSolution -> [Folder | Modified Date = 6/26/2008 11:51:50 PM | Attr = ] Retrospect -> C:\Documents and Settings\All Users\Application Data\Retrospect -> [Folder | Modified Date = 9/13/2008 1:14:20 PM | Attr = ] Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage -> [Folder | Modified Date = 6/23/2008 1:42:22 AM | Attr = ] Yahoo! -> C:\Documents and Settings\All Users\Application Data\Yahoo! -> [Folder | Modified Date = 6/23/2008 7:29:33 PM | Attr = ] Application Data -> C:\Documents and Settings\Vikas Nandwana\Application Data -> [Folder | Modified Date = 10/5/2008 9:14:07 PM | Attr = RH ] Adobe -> C:\Documents and Settings\Vikas Nandwana\Application Data\Adobe -> [Folder | Modified Date = 9/21/2008 4:21:59 PM | Attr = ] AdobeUM -> C:\Documents and Settings\Vikas Nandwana\Application Data\AdobeUM -> [Folder | Modified Date = 9/21/2008 4:51:06 PM | Attr = ] AVS4YOU -> C:\Documents and Settings\Vikas Nandwana\Application Data\AVS4YOU -> [Folder | Modified Date = 7/12/2008 1:18:27 AM | Attr = ] com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> C:\Documents and Settings\Vikas Nandwana\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> [Folder | Modified Date = 9/21/2008 4:22:00 PM | Attr = ] CyberLink -> C:\Documents and Settings\Vikas Nandwana\Application Data\CyberLink -> [Folder | Modified Date = 6/25/2008 8:07:50 PM | Attr = ] DivX -> C:\Documents and Settings\Vikas Nandwana\Application Data\DivX -> [Folder | Modified Date = 6/30/2008 12:40:07 AM | Attr = ] Google -> C:\Documents and Settings\Vikas Nandwana\Application Data\Google -> [Folder | Modified Date = 6/22/2008 9:39:15 PM | Attr = ] Identities -> C:\Documents and Settings\Vikas Nandwana\Application Data\Identities -> [Folder | Modified Date = 6/22/2008 10:44:57 PM | Attr = ] InstallShield -> C:\Documents and Settings\Vikas Nandwana\Application Data\InstallShield -> [Folder | Modified Date = 9/6/2008 10:52:42 PM | Attr = ] Intel -> C:\Documents and Settings\Vikas Nandwana\Application Data\Intel -> [Folder | Modified Date = 6/22/2008 11:44:13 PM | Attr = ] Leadertech -> C:\Documents and Settings\Vikas Nandwana\Application Data\Leadertech -> [Folder | Modified Date = 6/24/2008 11:10:50 PM | Attr = ] Macromedia -> C:\Documents and Settings\Vikas Nandwana\Application Data\Macromedia -> [Folder | Modified Date = 6/22/2008 11:16:31 PM | Attr = ] Malwarebytes -> C:\Documents and Settings\Vikas Nandwana\Application Data\Malwarebytes -> [Folder | Modified Date = 10/5/2008 9:14:07 PM | Attr = ] Microsoft -> C:\Documents and Settings\Vikas Nandwana\Application Data\Microsoft -> [Folder | Modified Date = 6/28/2008 12:31:19 AM | Attr = S] QuosaDDM -> C:\Documents and Settings\Vikas Nandwana\Application Data\QuosaDDM -> [Folder | Modified Date = 9/27/2008 11:31:50 PM | Attr = ] Real -> C:\Documents and Settings\Vikas Nandwana\Application Data\Real -> [Folder | Modified Date = 6/24/2008 7:49:08 AM | Attr = ] Sonic -> C:\Documents and Settings\Vikas Nandwana\Application Data\Sonic -> [Folder | Modified Date = 6/25/2008 7:39:21 AM | Attr = ] Sony Ericsson -> C:\Documents and Settings\Vikas Nandwana\Application Data\Sony Ericsson -> [Folder | Modified Date = 7/6/2008 2:58:36 PM | Attr = ] Sun -> C:\Documents and Settings\Vikas Nandwana\Application Data\Sun -> [Folder | Modified Date = 6/24/2008 12:20:33 PM | Attr = ] Teleca -> C:\Documents and Settings\Vikas Nandwana\Application Data\Teleca -> [Folder | Modified Date = 7/6/2008 9:03:36 PM | Attr = ] Tunebite -> C:\Documents and Settings\Vikas Nandwana\Application Data\Tunebite -> [Folder | Modified Date = 6/26/2008 11:37:07 PM | Attr = ] U3 -> C:\Documents and Settings\Vikas Nandwana\Application Data\U3 -> [Folder | Modified Date = 10/11/2008 8:51:10 PM | Attr = ] Winamp -> C:\Documents and Settings\Vikas Nandwana\Application Data\Winamp -> [Folder | Modified Date = 6/23/2008 2:46:06 AM | Attr = ] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [Folder | Modified Date = 6/22/2008 10:39:46 PM | Attr = S] desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [Ver = | Size = 65 bytes | Modified Date = 9/3/2002 2:48:04 PM | Attr = RH ] SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/13/2008 8:09:29 PM | Attr = H ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Image Editor\Default Archive\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Vikas Nandwana\Desktop\JPC gold coating\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Vikas Nandwana\Desktop\photo\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Vikas Nandwana\Desktop\misc\Thumbs.db:encryptable 0 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\acads\Academic Scientists at Work Negotiating a Faculty Position - Science Careers - Biotech, Pharmaceutical, Faculty, Postdoc jobs.url:favicon 894 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\acads\future technology.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\acads\Latest University Rankings US NEWS AMERICAN TOP 50 GRADUATE SCHOOLS 2009.url:favicon 3638 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\acads\Scientology Video Channel Church of Scientology Official Site.url:favicon 2238 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\assistant professor applicatiom\Temple Univ.url:favicon 894 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\Can You Get AdSense to Beat $1CPM Try It - $10K Prize.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\best villages vermont - Google Search.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\CAR RENTAL IN NEW YORK CITY.url:favicon 894 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\free sites in ny\New York City's Best Free Attractions and Landmarks - See The Best Free Attractions and Landmarks in New York City.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\free sites in ny\nycvisit.com - NYC for Free.url:favicon 3638 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\free sites in ny\Top 5 Free Attractions-- New York Visitor's Guide -- New York Magazine.url:favicon 1406 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\New england\http--www.pbpub.com-.url:favicon 894 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\New england\about.com http--www.foliage-vermont.com-southernvt_tour.htm.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\New england\about.com http--www.travel-vermont.com-seasons-forecaster.asp.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\New england\All about Vermont(Manchester, Quechee, Shelburne, Burlington & Brattleboro - TripAdvisor.url:favicon 894 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\New england\Central Vermont Points of Interest Map.url:favicon 3638 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\New england\Manchester Vermont Weekend Getaway - Escape Manhattan and Spend a Weekend in Manchester Village Vermont.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\New england\New England Foliage Central - Autumn in New England - Complete Guide to Fall for Travelers and Others Who Love the Season.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\New england\Smugglers' Notch Vermont - Driving Directions.url:favicon 3262 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\New england\Top 10 fall foliage destinations - Seasonal- msnbc.com.url:favicon 15086 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\Northeast Driving Tour - USA Tourist.url:favicon 3638 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\places to visit in NYC\BEST Christmas Windows Walking Tour Map - See the Christmas Window Displays on this Walking Tour.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\places to visit in NYC\BEST Manhattan Sightseeing Map, New York City.url:favicon 318 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\places to visit in NYC\Christmas & Holiday Guide to New York City -- Visitor's Guide to Christmas and the Holidays in New York City.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\places to visit in NYC\Crowd-pleasers in NYC at Christmas - Yahoo! News.url:favicon 6598 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\places to visit in NYC\Holiday Season 2000 in NYC.url:favicon 318 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\places to visit in NYC\Holiday Windows at New York City Stores - See the Holiday Decorations at these New York City Stores.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\places to visit in NYC\My Favorite Things to Do When You Visit New York City - About.com List of Favorite Things To See and Do in New York City.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\places to visit in NYC\Neighborhoods of Manhattan, New York City.url:favicon 318 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\places to visit in NYC\New York City Vacations, Inc. New York City, Hotel, Broadway, Theater, Sightseeing, Museums, Restaurants, Transportation, Tours.url:favicon 1406 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\places to visit in NYC\Top New York City Tourist Attractions - Most Popular Tourist Attractions in New York City.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\places to visit in NYC\What to see-do while in NYC for first time Mayberry, NC meets NYC (staying Friday AM - Monday AM mid July) - Yahoo! Answers.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\places to visit in NYC\The Essential New York.url:favicon 1406 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\places to visit in NYC\Things to Do in New York City - New York City Attractions - TripAdvisor.url:favicon 894 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\subways\http--www.mta.info-nyct-subway-index.html.url:favicon 318 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\subways\Taking public transportation, MTA buses & subways, to LaGuardia Airport.url:favicon 894 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\vermont\Best Vermont Getaways.url:favicon 790 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\vermont\Best Vermont Weekend Getaways and Day Trips.url:favicon 790 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\vermont\New England Introduction The Best Small Towns and Villages Frommers.com.url:favicon 1406 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\vermont\NYC from Vermont - Yahoo! Answers.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\vermont\Vermont - Villages Pictures - USA stock photos, fine art prints by QTL.url:favicon 1406 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\vermont\Vermont Travel 101 - Highlights of Visiting Vermont.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\vermont\Visiting Vermont (Burlington, Manchester, Brandon rent, motel, vacation) - Vermont (VT) - City-Data Forum.url:favicon 894 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\vermont\What are the prettiest villages-towns to see in Vermont during the fall - Yahoo! Answers.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\Vermont Planning a Trip Frommers.com.url:favicon 1406 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\new york\When is the best time to visit Vermont and see the autumn foliage - Yahoo! Answers.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\others\The Road to Know Where Ultimate List of Free Windows Software from Microsoft.url:favicon 2862 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\research\Lit\frequent\Journal of the American Chemical Society Home Page.url:favicon 3638 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\site ranking page views per month - Google Search.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\Startup\my quiz site\make site like freerice com - ScriptLance Programming Project.url:favicon 3638 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\texas vacation\Dallas Tourist Attractions.url:favicon 4150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\texas vacation\Texas' Best Drive-To Vacation Destinations.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\texas vacation\TPWD Find a Park.url:favicon 318 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\trivia database\Best free trivia downloads. Climb the trivia ladder by answering fun questions. A new strategy game that is part trivia, part a.url:favicon 1406 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\trivia database\Free Quiz Questions Trivia Quiz Resources Free Pub Quiz Questions Trivia Quiz.url:favicon 3638 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\trivia database\general knowledge questions' - Google Search.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\trivia database\Google Directory - Games  Video Games  Recreation  Trivia  Browser Based  Resources.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\trivia database\Trivia links good.url:favicon 318 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\trivia database\Wiki - Main - WebHome.url:favicon 1406 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\UTA e-Journal.url:favicon 1406 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\UTA Journal.url:favicon 1406 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\Web of science UTA.url:favicon 3638 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\india trivia\General Knowledge India, GK, Current GK World, General Knowledge for Competitive Exam, Entrance Exams.url:favicon 1078 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\india trivia\India, Indian States, India General Knowledge.url:favicon 1406 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\india trivia\List of capitals and largest cities by country - Wikipedia, the free encyclopedia.url:favicon 318 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\india trivia\National Flowers by Country - Facts and Pictures The Flower Expert - Flowers Encyclopedia.url:favicon 1406 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\job search\Chemistry & Biochemistry TedJob.url:favicon 3638 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\job search\AcademicKeys.com Higher Education Jobs and University Jobs.url:favicon 1406 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\job search\Faculty Positions - HigherEdJobs.com.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\job search\Find Jobs Search millions of jobs now Monster.com.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\job search\Locating Academic Positions.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\job search\Resume Statement\Become a Professor - Secure an Academic Position.url:favicon 1150 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\job search\Resume Statement\Career Center - Graduate Students & PhDs.url:favicon 318 bytes C:\Documents and Settings\Vikas Nandwana\Favorites\Journal of Applied Physics Information for Contributors.url:favicon 894 bytes C:\Documents and Settings\Vikas Nandwana\Local Settings\Temporary Internet Files\Content.IE5\40GEQU7H\navbar[1].htm scan completed successfully hidden files: 98 < End of report > [/code]