WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/5/2006 11:12:54 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\1 - Dad\Desktop\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
UPX! 9/25/2006 11:45:08 AM 666240 C:\WINDOWS\SYSTEM32\aswBoot.exe ()
aspack 3/18/2005 5:19:58 PM 2337488 C:\WINDOWS\SYSTEM32\d3dx9_25.dll (Microsoft Corporation)
aspack 5/26/2005 3:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 7/22/2005 7:59:04 PM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
aspack 12/5/2005 6:09:18 PM 2323664 C:\WINDOWS\SYSTEM32\d3dx9_28.dll (Microsoft Corporation)
aspack 2/3/2006 8:43:16 AM 2332368 C:\WINDOWS\SYSTEM32\d3dx9_29.dll (Microsoft Corporation)
aspack 3/31/2006 12:40:58 PM 2388176 C:\WINDOWS\SYSTEM32\d3dx9_30.dll (Microsoft Corporation)
PEC2 8/18/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 7/3/2006 5:40:50 PM 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PECompact2 7/3/2006 5:40:50 PM 620180 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PTech 5/17/2006 11:23:38 AM 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL (Microsoft Corporation)
PECompact2 8/9/2006 3:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/9/2006 3:03:04 PM 8325544 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
WSUD 8/4/2004 3:56:54 AM 1200128 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
UPX! 9/24/2006 9:32:52 PM 9216 C:\WINDOWS\SYSTEM32\VundoFixSVC.exe (Atribune.org)
winsync 8/18/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PEC2 9/11/1998 12:00:00 PM 751080 C:\WINDOWS\SYSTEM32\WIN32.TLB ()
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)
UPX! 11/9/2005 9:07:30 PM 1022432 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys (Trend Micro Inc.)
aspack 11/9/2005 9:07:30 PM 1022432 C:\WINDOWS\SYSTEM32\drivers\VsapiNT.sys (Trend Micro Inc.)
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/5/2006 11:11:44 PM S 2048 C:\WINDOWS\bootstat.dat ()
8/24/2006 9:46:48 PM H 10820 C:\WINDOWS\Help\update.GID ()
9/25/2006 6:42:58 PM HS 810064 C:\WINDOWS\system32\ilnmp.bak1 ()
9/27/2006 7:01:54 PM HS 833345 C:\WINDOWS\system32\ilnmp.bak2 ()
9/27/2006 7:54:34 PM HS 833327 C:\WINDOWS\system32\ilnmp.ini ()
9/26/2006 4:17:38 PM HS 823173 C:\WINDOWS\system32\ilnmp.ini2 ()
10/5/2006 11:11:50 PM H 12288 C:\WINDOWS\system32\config\default.LOG ()
9/26/2006 7:29:32 PM H 0 C:\WINDOWS\system32\config\SAM.DFG.LOG ()
10/5/2006 11:12:16 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
10/5/2006 11:11:44 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
9/26/2006 7:29:32 PM H 0 C:\WINDOWS\system32\config\software.DFG.LOG ()
10/5/2006 11:11:52 PM H 53248 C:\WINDOWS\system32\config\software.LOG ()
9/26/2006 7:29:32 PM H 0 C:\WINDOWS\system32\config\system.DFG.LOG ()
10/5/2006 11:10:26 PM H 1024 C:\WINDOWS\system32\config\system.LOG ()
8/15/2006 1:31:46 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG ()
10/2/2006 7:15:06 PM S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 ()
10/2/2006 7:15:06 PM S 38065 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 ()
10/2/2006 7:15:10 PM S 558 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 ()
10/2/2006 7:15:06 PM S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 ()
10/2/2006 7:15:06 PM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 ()
10/2/2006 7:15:10 PM S 144 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 ()
9/16/2006 1:43:20 PM H 0 C:\WINDOWS\system32\dellog\9B4EEB9EE047A876A53342E52B473531B475D49F.qcx ()
10/4/2006 9:02:46 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\a904f44e-eb56-464d-bcfd-64ee93aefb6a ()
10/4/2006 9:02:46 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
9/9/2006 2:34:10 AM H 8628 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_QI021E.GID ()
10/5/2006 10:32:48 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()
9/15/2006 7:27:12 PM HS 616448 C:\WINDOWS\Temp\2ad31c76.TMP ()
Checking for CPL files...
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/18/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
11/17/2004 5:09:00 AM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
8/18/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
8/18/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
Checking for Downloaded Program Files...
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase =
http://www.kaspersky...can_unicode.cab{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase =
http://download.macr...director/sw.cab{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase =
http://go.microsoft....k/?linkid=39204{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\Common\yinsthelper.dll
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase =
http://download.bitd...can8/oscan8.cab{6414512B-B978-451D-A0D8-FCFDF33E833C} - WUWebControl Class - CodeBase =
http://update.micros...b?1136858992712{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/...indows-i586.cab{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase =
http://acs.pandasoft...free/asinst.cab{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/...indows-i586.cab{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase =
http://java.sun.com/...indows-i586.cab{D27CDB6E-AE6D-11CF-96B8-444553540000} - Shockwave Flash Object - CodeBase =
http://fpdownload.ma...ash/swflash.cab»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
1/28/2006 3:29:16 PM 1764 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
1/9/2006 9:57:36 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
9/26/2006 7:06:22 PM 737 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GhostSurf.lnk ()
1/10/2006 12:46:30 AM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()
2/7/2006 10:47:28 PM 819 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk ()
Checking files in %ALLUSERSPROFILE%\Application Data folder...
1/9/2006 4:26:58 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
5/30/2006 10:30:48 PM 2917 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache ()
Checking files in %USERPROFILE%\Startup folder...
1/9/2006 9:57:36 PM HS 84 C:\Documents and Settings\1 - Dad\Start Menu\Programs\Startup\desktop.ini ()
1/10/2006 12:58:32 AM 1712 C:\Documents and Settings\1 - Dad\Start Menu\Programs\Startup\Dialog Tracker.lnk ()
Checking files in %USERPROFILE%\Application Data folder...
1/9/2006 4:26:58 PM HS 62 C:\Documents and Settings\1 - Dad\Application Data\desktop.ini ()
7/3/2006 4:53:16 PM 27576 C:\Documents and Settings\1 - Dad\Application Data\GDIPFONTCACHEV1.DAT ()
2/22/2006 3:46:58 AM 1024 C:\Documents and Settings\1 - Dad\Application Data\WavCodec.wff ()
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
>>> Internet Explorer Settings <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page -
http://www.microsoft...p...ER}&ar=home \\Search Bar -
http://us.rd.yahoo.c...rch/search.html \\Search Page -
http://us.rd.yahoo.c...//www.yahoo.com \\Default_Page_URL -
http://www.microsoft...p...&ar=msnhome \\Default_Search_URL -
http://us.rd.yahoo.c...//www.yahoo.com \\Local Page - %SystemRoot%\system32\blank.htm
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page -
http://www.yahoo.com/ \\Search Bar -
http://www.google.com/ie \\Search Page -
http://www.google.com[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch -
http://ie.search.msn...st/srchcust.htm \\SearchAssistant -
http://www.google.com/ie[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Yahoo! IE Services Button = C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{9527D42F-D666-11D3-B8DD-00600838CD5F} - IEWatchObj Class = C:\WINDOWS\system32\IETie.dll (Tenebril Incorporated)
\{955BE0B8-BC85-4CAF-856E-8E0D8B610560} - Encarta Web Companion Helper Object = C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation)
\{A765EE2A-6F1C-47C7-82DA-CE64DC466A10} - = C:\WINDOWS\system32\pmnli.dll ()
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar1.dll (Google Inc.)
>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (Yahoo! Inc.)
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - &Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll (Yahoo! Inc.)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{147D6308-0614-4112-89B1-31402F9B82C4} - Encarta Web Companion = C:\Program Files\Common Files\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL (Microsoft Corporation)
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar1.dll (Google Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - 8192 =
\\NEXTID - 8198
\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - 8193 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8194 = Windows Messenger
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8195 = Sun Java Console
\\{85d1f590-48f4-11d9-9669-0800200c9a66} - 8196 = Uninstall BitDefender Online Scanner v8
\\{578FC4E3-151E-456c-AF8E-B63061EFE228} - 8197 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{578FC4E3-151E-456c-AF8E-B63061EFE228}} - MenuText: = ()
\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - ButtonText: Yahoo! Services =
\{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = ()
\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - ButtonText: AIM = C:\PROGRA~1\AIM\aim.exe (America Online, Inc.)
\{B205A35E-1FC4-4CE3-818B-899DBBB3388C} - MenuText: = ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{48F45200-91E6-11CE-8A4F-0080C81A28D4} - TMD Shell Extension = C:\Program Files\Trend Micro\Internet Security 2005\Tmdshell.dll (Trend Micro Incorporated.)
\\{771A9DA0-731A-11CE-993C-00AA004ADB6C} - VBPropSheet = C:\Program Files\Trend Micro\Internet Security 2005\VBProp.dll (Trend Micro Incorporated.)
\\{A70C977A-BF00-412C-90B7-034C51DA2439} - NvCpl DesktopContext Class = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{FFB699E0-306A-11d3-8BD1-00104B6F7516} - Play on my TV helper = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A48} - nView Desktop Context Menu = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\\{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Music Converter 1 = C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll ()
\\{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} - dBpowerAMP Music Converter = C:\Program Files\Illustrate\dBpowerAMP\dMCShell.dll ()
\\{CF74B903-3389-469c-B3B6-0204D204FCBD} - SnagIt Shell Extension = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll (TechSmith Corporation)
\\{B41DB860-8EE4-11D2-9906-E49FADC173CA} - WinRAR shell extension = C:\Program Files\WinRAR\rarext.dll ()
\\{B327765E-D724-4347-8B16-78AE18552FC3} - NeroDigitalIconHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{7F1CF152-04F8-453A-B34C-E609530A9DC8} - NeroDigitalPropSheetHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\\{23170F69-40C1-278A-1000-000100020000} - 7-Zip Shell Extension = C:\Program Files\7-Zip\7-zip.dll ()
\\{472083B0-C522-11CF-8763-00608CC02F24} - avast = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\\{7C9D5882-CB4A-4090-96C8-430BFE8B795B} - Webroot Spy Sweeper Context Menu Integration = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\7-Zip - {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll ()
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\ExplorerPlus Menu - {3A5C58F7-E421-4fcd-8DC2-F06B83E9E5AA} = C:\Program Files\Novatix\ExplorerPlus\NXShExt.dll (Novatix Corporation)
\Fix-It Menu - {A50302A0-8E15-11d2-887B-006008C1C087} = C:\Program Files\VCOM\SystemSuite\mxctxmnu.dll (V Communications, Inc.)
\SnagItMainShellExt - {CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll (TechSmith Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\{48F45200-91E6-11CE-8A4F-0080C81A28D4} - = C:\Program Files\Trend Micro\Internet Security 2005\Tmdshell.dll (Trend Micro Incorporated.)
[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
\SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\7-Zip - {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zip.dll ()
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\ExplorerPlus Menu - {3A5C58F7-E421-4fcd-8DC2-F06B83E9E5AA} = C:\Program Files\Novatix\ExplorerPlus\NXShExt.dll (Novatix Corporation)
\Fix-It Menu - {A50302A0-8E15-11d2-887B-006008C1C087} = C:\Program Files\VCOM\SystemSuite\mxctxmnu.dll (V Communications, Inc.)
\SnagItMainShellExt - {CF74B903-3389-469c-B3B6-0204D204FCBD} = C:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll (TechSmith Corporation)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\00nView - {1E9B04FB-F9E5-4718-997B-B8DA88302A48} = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation)
\NvCplDesktopContext - {A70C977A-BF00-412C-90B7-034C51DA2439} = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\avast - {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll (ALWIL Software)
\SpySweeper - {7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll (Webroot Software, Inc.)
\WinRAR - {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL (WinZip Computing, Inc.)
\{48F45200-91E6-11CE-8A4F-0080C81A28D4} - = C:\Program Files\Trend Micro\Internet Security 2005\Tmdshell.dll (Trend Micro Incorporated.)
>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{7D4D6379-F301-4311-BEBA-E26EB0561882} - NeroDigitalExt.NeroDigitalColumnHandler = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll (Nero AG)
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)
\{FED7043D-346A-414D-ACD7-550D052499A7} - dBpowerAMP Column Handler = C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll ()
>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
pccguide.exe - C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe (Trend Micro Incorporated.)
NvCplDaemon - C:\WINDOWS\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
nwiz - C:\WINDOWS\SYSTEM32\nwiz.exe (NVIDIA Corporation)
NvMediaCenter - C:\WINDOWS\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
SetIcon - C:\Program Files\Generic\Seticon.exe (Standard Microsystems Corp.)
CTHelper - C:\WINDOWS\SYSTEM32\CTHELPER.EXE (Creative Technology Ltd)
SBDrvDet - C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
UpdReg - C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
EPSON Stylus C84 Series - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE (SEIKO EPSON CORPORATION)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe ()
!ewido - C:\Program Files\ewido anti-spyware 4.0\ewido.exe (Anti-Malware Development a.s.)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
RCScheduleCheck - C:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE (imagine LAN, Inc.)
Fix-It AV - C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe (V Communications, Inc.)
SpySweeper - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
PhotoShow Deluxe Media Manager - C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe (Ahead Software)
swg - C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GhostSurf.lnk - C:\Program Files\GhostSurf\GhostSurf.exe (Tenebril Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 7.lnk - C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe (TechSmith Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\1 - Dad\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\1 - Dad\Start Menu\Programs\Startup\Dialog Tracker.lnk - C:\Program Files\Novatix\ExplorerPlus\Nxdlghlp.exe (Novatix Corporation)
>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
[All Users Startup Folder Disabled Items]
[Current User Startup Folder Disabled Items]
>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -
>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]
>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d
>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)
>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)
\\{a5780613-492e-4a2a-a7fd-549610edf6cc} - HookRC Class = C:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL ()
>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\pmnli - C:\WINDOWS\system32\pmnli.dll = ()
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
\WRNotifier - WRLogonNTF.dll = (Webroot Software, Inc.)
>>> DNS Name Servers <<<
{25F5E297-D75D-40DD-A7AD-F039263DF5E0} - (Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4))
{8FDED572-E4A4-40E1-AFE0-980C8DCC3A67} - (1394 Net Adapter)
{E492CE81-8A31-443F-83A4-54EF3C8BBD68} - (1394 Net Adapter)
>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()
>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]
>>> Selected AddOn's <<<
>>>>Output for AddOn file BotCheck_NoSubs.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
Ole\\DefaultLaunchPermission - 01 00 04 80 64 00 00 00 80 00 00 00 00 00 00 00 14 00 00 00 02 00 50 00 03 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00
Ole\\EnableDCOM - Y
Ole\\MachineLaunchRestriction - 01 00 04 80 48 00 00 00 58 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 1F 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 0B 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
Ole\\MachineAccessRestriction - 01 00 04 80 44 00 00 00 54 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 02 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 07 00 00 00 00 00 14 00 07 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
\AppCompat
\NONREDIST
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
Security Center\\AntiVirusDisableNotify - 0
Security Center\\FirewallDisableNotify - 0
Security Center\\UpdatesDisableNotify - 0
Security Center\\AntiVirusOverride - 0
Security Center\\FirewallOverride - 0
\Monitoring
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate]
\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile - No SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control]
Control\\CurrentUser - USERNAME
Control\\WaitToKillServiceTimeout - 20000
Control\\SystemStartOptions - FASTDETECT NOEXECUTE=OPTOUT SAFEBOOT:MINIMAL SOS BOOTLOG NOGUIBOOT
Control\\SystemBootDevice - multi(0)disk(0)rdisk(0)partition(1)
Control\\UpdateMode - 01
\AGP
\Arbiters
\BackupRestore
\Biosinfo
\BootVerificationProgram
\Class
\CoDeviceInstallers
\COM Name Arbiter
\ComputerName
\ContentIndex
\ContentIndexCommon
\CrashControl
\Creative Tech
\CriticalDeviceDatabase
\DeviceClasses
\FileSystem
\GraphicsDrivers
\GroupOrderList
\HAL
\IDConfigDB
\Keyboard Layout
\Keyboard Layouts
\Lsa
\MediaCategories
\MediaInterfaces
\MediaProperties
\MediaResources
\MediaSets
\MSPaper
\Network
\NetworkProvider
\Nls
\NTMS
\PnP
\Print
\PriorityControl
\ProductOptions
\SafeBoot
\ScsiPort
\SecurePipeServers
\SecurityProviders
\Server Applications
\ServiceGroupOrder
\ServiceProvider
\Session Manager
\Setup
\StillImage
\SystemResources
\Terminal Server
\TimeZoneInformation
\Update
\UsbFlags
\Video
\VirtualDeviceDrivers
\Watchdog
\Windows
\WMI
\WOW
\hivelist
\ServiceCurrent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
Lsa\\Authentication Packages - msv1_0;
Lsa\\Bounds - 00 30 00 00 00 20 00 00
Lsa\\Security Packages - kerberos;msv1_0;schannel;wdigest;
Lsa\\LsaPid - 280
Lsa\\SecureBoot - 1
Lsa\\auditbaseobjects - 0
Lsa\\crashonauditfail - 0
Lsa\\disabledomaincreds - 0
Lsa\\everyoneincludesanonymous - 0
Lsa\\fipsalgorithmpolicy - 0
Lsa\\forceguest - 0
Lsa\\fullprivilegeauditing - 00
Lsa\\limitblankpassworduse - 1
Lsa\\lmcompatibilitylevel - 0
Lsa\\nodefaultadminowner - 1
Lsa\\nolmhash - 0
Lsa\\restrictanonymous - 0
Lsa\\restrictanonymoussam - 1
Lsa\\Notification Packages - scecli;
Lsa\\ImpersonatePrivilegeUpgradeToolHasRun - 1
\AccessProviders
\Audit
\Data
\GBG
\JD
\Kerberos
\MSV1_0
\Skew1
\SSO
\SspiCache
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters]
Parameters\\autodisconnect - 15
Parameters\\enableforcedlogoff - 1
Parameters\\enablesecuritysignature - 0
Parameters\\requiresecuritysignature - 0
Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser;
Parameters\\NullSessionShares - COMCFG;DFS$;
Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll
Parameters\\Lmannounce - 0
Parameters\\Size - 1
Parameters\\Guid - 2E 72 BA 29 A3 81 8B 47 B1 5F C9 98 91 8F C7 49
Parameters\\AdjustedNullSessionPipes - 1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters]
Parameters\\autodisconnect - 15
Parameters\\enableforcedlogoff - 1
Parameters\\enablesecuritysignature - 0
Parameters\\requiresecuritysignature - 0
Parameters\\NullSessionPipes - COMNAP;COMNODE;SQL\QUERY;SPOOLSS;LLSRPC;browser;
Parameters\\NullSessionShares - COMCFG;DFS$;
Parameters\\ServiceDll - %SystemRoot%\System32\srvsvc.dll
Parameters\\Lmannounce - 0
Parameters\\Size - 1
Parameters\\Guid - 2E 72 BA 29 A3 81 8B 47 B1 5F C9 98 91 8F C7 49
Parameters\\AdjustedNullSessionPipes - 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Parameters - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Parameters]
Parameters\\enableplaintextpassword - 0
Parameters\\enablesecuritysignature - 1
Parameters\\requiresecuritysignature - 0
Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll
Parameters\\OtherDomains -
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Parameters - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lanmanworkstation\Parameters]
Parameters\\enableplaintextpassword - 0
Parameters\\enablesecuritysignature - 1
Parameters\\requiresecuritysignature - 0
Parameters\\ServiceDll - %SystemRoot%\System32\wkssvc.dll
Parameters\\OtherDomains -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]
SharedAccess\\Type - 32
SharedAccess\\Start - 2
SharedAccess\\ErrorControl - 1
SharedAccess\\ImagePath - %SystemRoot%\System32\svchost.exe -k netsvcs
SharedAccess\\DisplayName - Windows Firewall/Internet Connection Sharing (ICS)
SharedAccess\\DependOnService - Netman;WinMgmt;
SharedAccess\\DependOnGroup -
SharedAccess\\ObjectName - LocalSystem
SharedAccess\\Description - Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
\Epoch
\Parameters
\Security
\Setup
\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]
RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
RemoteRegistry\\DependOnService - RPCSS;
RemoteRegistry\\DisplayName - Remote Registry
RemoteRegistry\\ErrorControl - 1
RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService
RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService
RemoteRegistry\\Group -
RemoteRegistry\\Start - 4
RemoteRegistry\\Type - 32
RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
\Parameters
\Security
\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
RemoteRegistry\\Description - Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
RemoteRegistry\\DependOnService - RPCSS;
RemoteRegistry\\DisplayName - Remote Registry
RemoteRegistry\\ErrorControl - 1
RemoteRegistry\\ImagePath - %SystemRoot%\system32\svchost.exe -k LocalService
RemoteRegistry\\ObjectName - NT AUTHORITY\LocalService
RemoteRegistry\\Group -
RemoteRegistry\\Start - 4
RemoteRegistry\\Type - 32
RemoteRegistry\\FailureActions - 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00
\Parameters
\Security
\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - No SUBKEYS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipservice - not found.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - No SUBKEYS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipservice - not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr]
TlntSvr\\Type - 16
TlntSvr\\Start - 3
TlntSvr\\ErrorControl - 1
TlntSvr\\ImagePath - C:\WINDOWS\System32\tlntsvr.exe
TlntSvr\\DisplayName - Telnet
TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP;
TlntSvr\\DependOnGroup -
TlntSvr\\ObjectName - LocalSystem
TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TlntSvr]
TlntSvr\\Type - 16
TlntSvr\\Start - 3
TlntSvr\\ErrorControl - 1
TlntSvr\\ImagePath - C:\WINDOWS\System32\tlntsvr.exe
TlntSvr\\DisplayName - Telnet
TlntSvr\\DependOnService - RPCSS;TCPIP;NTLMSSP;
TlntSvr\\DependOnGroup -
TlntSvr\\ObjectName - LocalSystem
TlntSvr\\Description - Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
\Parameters
\Security
\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
wuauserv\\Type - 32
wuauserv\\Start - 2
wuauserv\\ErrorControl - 1
wuauserv\\ImagePath - %systemroot%\system32\svchost.exe -k netsvcs
wuauserv\\DisplayName - Automatic Updates
wuauserv\\ObjectName - LocalSystem
wuauserv\\Description - Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site.
\Parameters
\Security
\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings]
Internet Settings\\ProxyEnable - 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings - No SUBKEYS
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
Internet Settings\\ProxyEnable - 0
>>>>Output for AddOn file BotCheck_Subs.def<<<<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole - Include SUBKEYS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
Ole\\DefaultLaunchPermission - 01 00 04 80 64 00 00 00 80 00 00 00 00 00 00 00 14 00 00 00 02 00 50 00 03 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 01 00 00 00 00 00 05 04 00 00 00 00 00 00 00 00 00 18 00 01 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00 01 05 00 00 00 00 00 05 15 00 00 00 A0 5F 84 1F 5E 2E 6B 49 CE 12 03 03 F4 01 00 00
Ole\\EnableDCOM - Y
Ole\\MachineLaunchRestriction - 01 00 04 80 48 00 00 00 58 00 00 00 00 00 00 00 14 00 00 00 02 00 34 00 02 00 00 00 00 00 18 00 1F 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 0B 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
Ole\\MachineAccessRestriction - 01 00 04 80 44 00 00 00 54 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 02 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 07 00 00 00 00 00 14 00 07 00 00 00 01 01 00 00 00 00 00 01 00 00 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00
Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} - 1
Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-