[code] OTScanIt logfile created on: 5/31/2008 12:55:09 PM OTScanIt by OldTimer - Version 1.0.15.9 Folder = C:\Documents and Settings\Robert\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 510.98 Mb Total Physical Memory | 326.04 Mb Available Physical Memory | 63.81% Memory free 3.46 Gb Paging File | 3.23 Gb Available in Paging File | 93.33% Paging File free Paging file location(s): C:\pagefile.sys 1529 3500;F:\pagefile.sys 1529 3500; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.47 Gb Total Space | 6.76 Gb Free Space | 9.08% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 27.95 Gb Total Space | 7.32 Gb Free Space | 26.19% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: MAFREE Current User Name: MFree Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 5/15/2008 4:06:57 PM | Attr = ] ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 5/15/2008 4:19:24 PM | Attr = ] ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 247160 bytes | Modified Date = 5/15/2008 4:19:00 PM | Attr = ] ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 5/15/2008 4:16:59 PM | Attr = ] ashdisp.exe -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 79224 bytes | Modified Date = 5/15/2008 4:19:31 PM | Attr = ] ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 1.0.19.0 | Size = 90112 bytes | Modified Date = 2/14/2003 4:24:24 PM | Attr = ] atirw.exe -> %ProgramFiles%\ATI Multimedia\RemCtrl\ATIRW.EXE -> ATI Technologies Inc. [Ver = 2.5.0.0 | Size = 196608 bytes | Modified Date = 4/16/2004 7:43:58 AM | Attr = ] ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.0.59 | Size = 500800 bytes | Modified Date = 3/2/2007 3:24:20 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.9 | Size = 373760 bytes | Modified Date = 5/31/2008 2:57:28 PM | Attr = ] [Win32 Services - Non-Microsoft Only] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 17272 bytes | Modified Date = 5/15/2008 4:06:57 PM | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\ati2evxx.exe -> [Ver = | Size = 385024 bytes | Modified Date = 7/10/2004 6:35:10 PM | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\ati2sgag.exe -> [Ver = 5.13.0020 | Size = 516096 bytes | Modified Date = 7/10/2004 9:10:00 PM | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 144760 bytes | Modified Date = 5/15/2008 4:19:24 PM | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 247160 bytes | Modified Date = 5/15/2008 4:19:00 PM | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 349560 bytes | Modified Date = 5/15/2008 4:16:59 PM | Attr = ] (C-DillaCdaC11BA) C-DillaCdaC11BA [Win32_Own | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CDAC11BA.EXE -> Macrovision [Ver = 4.20.020 | Size = 54784 bytes | Modified Date = 11/12/2005 10:15:28 PM | Attr = ] (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 12:01:00 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 12:56:48 AM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ] (InCDsrv) InCD Helper [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 856064 bytes | Modified Date = 1/27/2005 8:16:58 PM | Attr = ] (InCDsrvR) InCD Helper (read only) [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 12, 0 | Size = 856064 bytes | Modified Date = 1/27/2005 8:16:58 PM | Attr = ] (Iomega Activity Disk2) Iomega Activity Disk2 [Win32_Own | Disabled | Stopped] -> . -> [Folder | Modified Date = 5/31/2008 12:53:55 PM | Attr = ] (Iomega App Services) Iomega App Services [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Iomega\System32\AppServices.exe -> Iomega Corporation [Ver = 2, 0, 2, 5 | Size = 73728 bytes | Modified Date = 9/4/2002 2:11:04 PM | Attr = ] (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.1.0.59 | Size = 500800 bytes | Modified Date = 3/2/2007 3:24:20 PM | Attr = ] (NetSvc) Intel NCS NetService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Intel\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.2.26.0 | Size = 143360 bytes | Modified Date = 3/3/2003 12:33:40 PM | Attr = ] (Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 1:14:36 PM | Attr = ] (Symantec Core LC) Symantec Core LC [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> File not found (x10nets) X10 Device Network Service [Win32_Own | Disabled | Stopped] -> %SystemDrive%\PROGRA~1\ATI Multimedia\RemCtrl\x10nets.exe -> File not found [Driver Services - Non-Microsoft Only] (Aavmker4) avast! Asynchronous Virus Monitor [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 26944 bytes | Modified Date = 5/15/2008 4:13:26 PM | Attr = ] (aeaudio) aeaudio [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\aeaudio.sys -> Andrea Electronics Corporation [Ver = 1.0.0.2 (STUB) | Size = 4816 bytes | Modified Date = 4/1/2002 1:15:00 PM | Attr = ] (AFS2K) AFS2K [Kernel | System | Running] -> %SystemRoot%\System32\drivers\AFS2K.SYS -> Oak Technology Inc. [Ver = 3.1.21.1103 | Size = 35840 bytes | Modified Date = 10/7/2004 6:16:04 PM | Attr = ] (AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ALIIDE.SYS -> Acer Laboratories Inc. [Ver = 1.20 | Size = 5248 bytes | Modified Date = 8/17/2001 12:51:56 PM | Attr = ] (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\amdagp.sys -> Advanced Micro Devices, Inc. [Ver = 5.00 (xpsp_sp2_rtm.040803-2158) | Size = 43008 bytes | Modified Date = 8/3/2004 11:07:42 PM | Attr = ] (asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC.SYS -> Advanced System Products, Inc. [Ver = 2.9I-MS (XPClient.010817-1148) | Size = 26496 bytes | Modified Date = 8/17/2001 12:52:00 PM | Attr = ] (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ASC3550.SYS -> Advanced System Products, Inc. [Ver = 3.1E-MS (XPClient.010817-1148) | Size = 14848 bytes | Modified Date = 8/17/2001 12:51:58 PM | Attr = ] (ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> Windows (R) 2000 DDK provider [Ver = 5.00.2195.1 | Size = 8552 bytes | Modified Date = 10/23/2005 1:01:17 AM | Attr = ] (aswFsBlk) aswFsBlk [File_System | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 20560 bytes | Modified Date = 5/15/2008 4:16:06 PM | Attr = ] (aswMon2) avast! Standard Shield Support [File_System | Auto | Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 94416 bytes | Modified Date = 5/15/2008 4:18:33 PM | Attr = ] (aswRdr) aswRdr [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 23152 bytes | Modified Date = 5/15/2008 4:15:29 PM | Attr = ] (aswSP) avast! Self Protection [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Modified Date = 5/15/2008 4:20:32 PM | Attr = ] (aswTdi) avast! Network Shield Support [Kernel | System | Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 42912 bytes | Modified Date = 5/15/2008 4:14:11 PM | Attr = ] (ATI Remote Wonder II) ATI Remote Wonder II [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\atirwvd.sys -> Jungo [Ver = 6.03 | Size = 257872 bytes | Modified Date = 12/15/2003 10:28:46 AM | Attr = ] (ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6458 | Size = 747008 bytes | Modified Date = 7/10/2004 6:37:02 PM | Attr = ] (BCMModem) BCM V.92 56K Modem [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\BCMSM.sys -> Broadcom Corporation [Ver = 3.5.25 08/27/2003 20:05:01 | Size = 1101696 bytes | Modified Date = 8/29/2003 4:59:24 AM | Attr = ] (bvrp_pci) bvrp_pci [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\bvrp_pci.sys -> [Ver = | Size = 4272 bytes | Modified Date = 5/13/2002 5:59:20 PM | Attr = ] (CdaC15BA) CdaC15BA [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\CdaC15BA.SYS -> Macrovision Europe Ltd [Ver = 3.17.000 | Size = 12464 bytes | Modified Date = 11/12/2005 10:15:25 PM | Attr = ] (CdaD10BA) CdaD10BA [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\CdaD10BA.SYS -> Macrovision Europe Ltd [Ver = 3.17.000 | Size = 12464 bytes | Modified Date = 3/20/2007 2:00:21 PM | Attr = ] (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\CMDIDE.SYS -> CMD Technology, Inc. [Ver = 2.0.7 (XPClient.010817-1148) | Size = 6656 bytes | Modified Date = 8/17/2001 12:51:54 PM | Attr = ] (ctac32k) Creative AC3 Software Decoder [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ctac32k.sys -> Creative Technology Ltd [Ver = 5.12.01.0324-1.50.1020 | Size = 135040 bytes | Modified Date = 2/20/2003 3:22:38 PM | Attr = ] (ctaud2k) Creative Audio Driver (WDM) [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ctaud2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0328-1.50.1050 | Size = 498688 bytes | Modified Date = 3/26/2003 2:33:58 PM | Attr = ] (ctdvda2k) Creative DVD-Audio Device Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ctdvda2k.sys -> Creative Technology Ltd [Ver = 5.13.01.0351-1.56.0010 | Size = 287920 bytes | Modified Date = 3/27/2003 9:58:56 AM | Attr = ] (ctprxy2k) Creative Proxy Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ctprxy2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0323-1.50.1020 | Size = 6144 bytes | Modified Date = 2/20/2003 3:24:18 PM | Attr = ] (ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ctsfm2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0324-1.50.1020 | Size = 135248 bytes | Modified Date = 2/20/2003 3:24:34 PM | Attr = ] (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\DAC2W2K.SYS -> Mylex Corporation [Ver = 6.00-21 (XPClient.010817-1148) | Size = 179584 bytes | Modified Date = 8/17/2001 12:52:16 PM | Attr = ] (dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/3/2004 11:07:17 PM | Attr = ] (dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/3/2004 11:07:16 PM | Attr = ] (dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\DMLOAD.SYS -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/29/2002 4:00:00 AM | Attr = ] (DMSKSSRh) DMSKSSRh [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\Robert\LOCALS~1\Temp\DMSKSSRh.sys -> File not found (E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\e100b325.sys -> Intel Corporation [Ver = 8.0.15.0 built by: WinDDK | Size = 155648 bytes | Modified Date = 10/14/2004 4:30:46 PM | Attr = ] (EL90X) 3Com EtherLink XL 90X Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\EL90XND5.SYS -> 3Com Corporation [Ver = 3.60.50.008 | Size = 153631 bytes | Modified Date = 8/17/2001 11:11:02 AM | Attr = ] (EL90XBC) 3Com EtherLink XL 90XB/C Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\EL90XBC5.SYS -> 3Com Corporation [Ver = 4.05.00.0000 | Size = 66591 bytes | Modified Date = 8/17/2001 11:11:06 AM | Attr = ] (emupia) E-mu Plug-in Architecture Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\emupia2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0324-1.50.1020 | Size = 116000 bytes | Modified Date = 2/20/2003 3:24:46 PM | Attr = ] (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\GEARAspiWDM.sys -> GEAR Software Inc. [Ver = 2.0.6.1 | Size = 15664 bytes | Modified Date = 9/19/2006 2:44:04 PM | Attr = ] (ha10kx2k) Creative Hardware Abstract Layer Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ha10kx2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0329-1.50.1040 | Size = 823616 bytes | Modified Date = 3/26/2003 2:31:40 PM | Attr = ] (hap16v2k) Creative P16V HAL Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\hap16v2k.sys -> Creative Technology Ltd [Ver = 5.12.01.0328-1.50.1030 | Size = 141536 bytes | Modified Date = 3/26/2003 2:32:02 PM | Attr = ] (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZid412.sys -> HP [Ver = 9, 0, 0, 0 | Size = 51120 bytes | Modified Date = 10/4/2004 4:26:03 PM | Attr = R ] (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZipr12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 16496 bytes | Modified Date = 10/4/2004 4:26:04 PM | Attr = R ] (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\HPZius12.sys -> HP [Ver = 9, 0, 0, 0 | Size = 21744 bytes | Modified Date = 10/4/2004 4:26:08 PM | Attr = R ] (i81x) i81x [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\i81xnt5.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 161020 bytes | Modified Date = 8/3/2004 10:29:36 PM | Attr = ] (iAimFP0) iAimFP0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12415 bytes | Modified Date = 8/3/2004 10:29:37 PM | Attr = ] (iAimFP1) iAimFP1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12127 bytes | Modified Date = 8/3/2004 10:29:37 PM | Attr = ] (iAimFP2) iAimFP2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wadv05nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 11775 bytes | Modified Date = 8/3/2004 10:29:37 PM | Attr = ] (iAimFP3) iAimFP3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wsiintxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 12063 bytes | Modified Date = 8/3/2004 10:29:47 PM | Attr = ] (iAimFP4) iAimFP4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wvchntxx.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 19455 bytes | Modified Date = 8/3/2004 10:29:49 PM | Attr = ] (iAimTV0) iAimTV0 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv01nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 29311 bytes | Modified Date = 8/3/2004 10:29:41 PM | Attr = ] (iAimTV1) iAimTV1 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv02nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 19551 bytes | Modified Date = 8/3/2004 10:29:42 PM | Attr = ] (iAimTV2) iAimTV2 [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\wATV03nt.sys -> File not found (iAimTV3) iAimTV3 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\watv04nt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 33599 bytes | Modified Date = 8/3/2004 10:29:43 PM | Attr = ] (iAimTV4) iAimTV4 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wch7xxnt.sys -> Intel(R) Corporation [Ver = 6.13.01.3198 | Size = 23615 bytes | Modified Date = 8/3/2004 10:29:45 PM | Attr = ] (ialm) ialm [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmnt5.sys -> Intel Corporation [Ver = 6.14.10.3762 | Size = 681469 bytes | Modified Date = 2/10/2004 12:17:06 PM | Attr = ] (InCDfs) InCD File System [File_System | Disabled | Running] -> %SystemRoot%\System32\drivers\InCDfs.sys -> Nero AG [Ver = 4, 3, 12, 0 | Size = 99200 bytes | Modified Date = 1/27/2005 8:08:02 PM | Attr = ] (InCDPass) InCDPass [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\InCDpass.sys -> Nero AG [Ver = 4, 3, 12, 0 | Size = 28928 bytes | Modified Date = 1/27/2005 8:07:34 PM | Attr = ] (incdrm) InCD Reader [Kernel | System | Running] -> %SystemRoot%\System32\drivers\InCDrm.sys -> Nero AG [Ver = 4, 3, 12, 0 | Size = 27776 bytes | Modified Date = 1/27/2005 10:07:28 AM | Attr = ] (iomdisk) Iomega Devices Disk Filter Services [Kernel | Boot | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\IomDisk.sys -> Iomega Corporation [Ver = 2,0,2,5 | Size = 30258 bytes | Modified Date = 9/4/2002 2:11:08 PM | Attr = ] (motmodem) Motorola USB CDC ACM Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\motmodem.sys -> File not found (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\MRAID35X.SYS -> American Megatrends Inc. [Ver = 6.19 (XPClient.010817-1148) | Size = 17280 bytes | Modified Date = 8/17/2001 12:52:12 PM | Attr = ] (MxlW2k) MxlW2k [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\MxlW2k.sys -> MusicMatch, Inc. [Ver = 1.1.0.121 | Size = 28352 bytes | Modified Date = 8/29/2004 5:50:25 PM | Attr = ] (nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.5673 | Size = 1897408 bytes | Modified Date = 8/3/2004 10:29:54 PM | Attr = ] (nvport) NVIDIA PORT IO Control Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\nvport.sys -> NVIDIA Corporation. [Ver = 1.00 | Size = 4608 bytes | Modified Date = 6/30/2005 12:23:34 PM | Attr = ] (omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\omci.sys -> Dell Computer Corporation [Ver = 7, 0, 323, 0 | Size = 17217 bytes | Modified Date = 11/8/2002 12:45:06 PM | Attr = ] (ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\ctoss2k.sys -> Creative Technology Ltd. [Ver = 5.12.01.0326-1.50.1040 | Size = 189504 bytes | Modified Date = 3/26/2003 2:32:32 PM | Attr = ] (pfc) Padus ASPI Shell [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\pfc.sys -> Padus, Inc. [Ver = 2, 5, 0, 201 | Size = 9856 bytes | Modified Date = 6/13/2005 4:27:56 PM | Attr = ] (PfModNT) PfModNT [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PFMODNT.SYS -> Creative Technology Ltd. [Ver = 3.0.0.3 | Size = 15840 bytes | Modified Date = 3/6/2003 8:10:34 AM | Attr = ] (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\PTILINK.SYS -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/29/2002 4:00:00 AM | Attr = ] (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1080.SYS -> QLogic Corporation [Ver = 3.04 | Size = 40320 bytes | Modified Date = 8/17/2001 12:52:20 PM | Attr = ] (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL12160.SYS -> QLogic Corporation [Ver = 7.13.02 (W64) | Size = 45312 bytes | Modified Date = 8/17/2001 12:52:20 PM | Attr = ] (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\QL1280.SYS -> QLogic Corporation [Ver = 7.13.01 (W2K) | Size = 49024 bytes | Modified Date = 8/17/2001 12:52:18 PM | Attr = ] (SASDIFSV) SASDIFSV [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\sasdifsv.sys -> [Ver = 1, 0, 0, 1006 | Size = 5632 bytes | Modified Date = 10/10/2006 2:53:48 PM | Attr = ] (SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> %ProgramFiles%\SUPERAntiSpyware\SASENUM.SYS -> SuperAdBlocker, Inc. [Ver = 1, 0, 0, 1002 | Size = 4096 bytes | Modified Date = 2/16/2006 6:51:08 PM | Attr = R ] (SASKUTIL) SASKUTIL [Kernel | System | Running] -> %ProgramFiles%\SUPERAntiSpyware\SASKUTIL.SYS -> [Ver = 1, 0, 0, 1036 | Size = 32256 bytes | Modified Date = 2/27/2007 1:39:26 PM | Attr = ] (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:25:53 AM | Attr = ] (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\sisagp.sys -> Silicon Integrated Systems Corporation [Ver = 5.12.01.2010 (xpsp_sp2_rtm.040803-2158) | Size = 41088 bytes | Modified Date = 8/3/2004 11:07:42 PM | Attr = ] (smwdm) smwdm [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\smwdm.sys -> Analog Devices, Inc. [Ver = 5.12.01.3600 | Size = 580992 bytes | Modified Date = 5/6/2003 8:14:34 AM | Attr = ] (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SPARROW.SYS -> Adaptec, Inc. [Ver = v2.0a (ReleaseBinaries.001205-1804) | Size = 19072 bytes | Modified Date = 8/17/2001 1:07:44 PM | Attr = ] (symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC810.SYS -> Symbios Logic Inc. [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 16256 bytes | Modified Date = 8/17/2001 1:07:34 PM | Attr = ] (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYMC8XX.SYS -> LSI Logic [Ver = 5.1.2409.1 (ReleaseBinaries.001205-1804) | Size = 32640 bytes | Modified Date = 8/17/2001 1:07:36 PM | Attr = ] (symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\SYSTEM32\DRIVERS\symlcbrd.sys -> Symantec Corporation [Ver = 1.8.54.834 | Size = 10344 bytes | Modified Date = 1/29/2006 12:03:17 AM | Attr = ] (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_HI.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 28384 bytes | Modified Date = 8/17/2001 1:07:40 PM | Attr = ] (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\SYM_U3.SYS -> LSI Logic [Ver = 5.1.2462.0 (Lab01_N.010309-0027) | Size = 30688 bytes | Modified Date = 8/17/2001 1:07:42 PM | Attr = ] (ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ULTRA.SYS -> Promise Technology, Inc. [Ver = 1.43 (Build 0603) | Size = 36736 bytes | Modified Date = 8/17/2001 12:52:22 PM | Attr = ] (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\wanatw4.sys -> America Online, Inc. [Ver = 8.3.0.0 | Size = 33588 bytes | Modified Date = 1/10/2003 5:13:04 PM | Attr = ] (WinDriver6) WinDriver6 [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\windrvr6.sys -> Jungo [Ver = 6.22 | Size = 316152 bytes | Modified Date = 9/7/2004 7:57:00 PM | Attr = ] ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmsbw.sys -> Intel Corporation [Ver = 6.13.10.3510 | Size = 113504 bytes | Modified Date = 4/15/2003 9:40:54 AM | Attr = ] ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DRIVERS\ialmkchw.sys -> Intel Corporation [Ver = 6.13.10.3510 | Size = 78752 bytes | Modified Date = 4/15/2003 9:40:46 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 1/11/2008 11:16:38 PM | Attr = ] avast! -> %ProgramFiles%\Alwil Software\Avast4\ashDisp.exe ["C:\Program Files\Alwil Software\Avast4\ashDisp.exe"] -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 79224 bytes | Modified Date = 5/15/2008 4:19:31 PM | Attr = ] braviax -> %SystemRoot%\SYSTEM32\braviax.exe [C:\WINDOWS\system32\braviax.exe] -> [Ver = | Size = 17920 bytes | Modified Date = 5/15/2008 7:22:22 PM | Attr = ] QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> Apple Computer, Inc. [Ver = 7.1.5 | Size = 282624 bytes | Modified Date = 2/16/2007 10:54:04 AM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AIM -> F:\Program Files\aim.exe -cnetwait.odl [F:\Program Files\aim.exe -cnetwait.odl] -> File not found ATI Remote Control -> %ProgramFiles%\ATI Multimedia\RemCtrl\ATIRW.EXE [C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe] -> ATI Technologies Inc. [Ver = 2.5.0.0 | Size = 196608 bytes | Modified Date = 4/16/2004 7:43:58 AM | Attr = ] braviax -> %SystemRoot%\SYSTEM32\braviax.exe [C:\WINDOWS\system32\braviax.exe] -> [Ver = | Size = 17920 bytes | Modified Date = 5/15/2008 7:22:22 PM | Attr = ] Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe [C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R] -> Creative Technology Ltd [Ver = 1.0.19.0 | Size = 90112 bytes | Modified Date = 2/14/2003 4:24:24 PM | Attr = ] NetZero_uoltray -> %ProgramFiles%\NetZero\exec.exe [C:\Program Files\NetZero\exec.exe regrun] -> NetZero, Inc. [Ver = 8.7.1.0 | Size = 1701376 bytes | Modified Date = 3/13/2008 1:16:08 PM | Attr = ] Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe ["C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet] -> Yahoo! Inc. [Ver = 8,1,0,421 | Size = 4670704 bytes | Modified Date = 8/30/2007 6:43:18 PM | Attr = ] < RunOnce [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce -> Shockwave Updater -> %SystemRoot%\SYSTEM32\Macromed\Shockwave 10\SwHelper_1030024.exe ["C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\SwHelper_1030024.exe" -Update -1030024 -iexplore.exe6.0] -> Adobe Systems, Inc. [Ver = 10.3r24 | Size = 390568 bytes | Modified Date = 1/7/2008 12:26:28 PM | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1008 | Size = 77824 bytes | Modified Date = 12/20/2006 2:55:48 PM | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> zwebauth.dll -> %SystemRoot%\SYSTEM32\ZWebAuth.dll -> [Ver = | Size = 16973 bytes | Modified Date = 9/18/2001 7:37:34 PM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 2:41:36 PM | Attr = ] AtiExtEvent -> %SystemRoot%\SYSTEM32\ati2evxx.dll -> [Ver = | Size = 86016 bytes | Modified Date = 7/10/2004 6:35:16 PM | Attr = ] igfxcui -> %SystemRoot%\SYSTEM32\igfxsrvc.dll -> Intel Corporation [Ver = 3.0.0.3762 | Size = 339968 bytes | Modified Date = 2/10/2004 11:51:10 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoViewOnDrive -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\SYSTEM32\DRIVERS\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/3/2004 10:59:52 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomHP_DVD_Writer_1040d_____________________EH25____\5&33fcab6&0&0.0.0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> IDE\CdRomHL-DT-ST_DVD-ROM_GDR8162B_______________0015____\5&33fcab6&0&0.1.0 -> < HOSTS File > (698 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Bar -> about:blank -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.com -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://www.google.com -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Page_URL -> http://www.dell4me.com/myway -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Bar -> http://my.netzero.net/s/search?r=minisearch -> HKEY_CURRENT_USER\: Main\\Search Page -> http://my.netzero.net/s/search?r=minisearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.com -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com -> HKEY_CURRENT_USER\: SearchURL\\ -> http://my.netzero.net/s/search?r=minisearch[Reg Error: Value provider does not exist or could not be read.] -> HKEY_CURRENT_USER\: URLSearchHooks\\{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetZero\SearchEnh1.dll [URLSearchHook Class] -> NetZero, Inc. [Ver = 8.7.1.0 | Size = 262144 bytes | Modified Date = 3/13/2008 1:15:30 PM | Attr = ] HKEY_CURRENT_USER\: ProxyEnable -> 0 -> HKEY_CURRENT_USER\: ProxyOverride -> 64.136.44.66;64.136.52.66;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*.dir.untd.com;cf.netzero.net;qs.netzero.net;*.prod.untd.com; -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4174 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> grab.com .[http] -> Trusted sites -> hoylegames_sierra.com [http] -> Trusted sites -> 38 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {52706EF7-D7A2-49AD-A615-E903858CF284} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetZero\qsacc\X1IEBHO.dll [Popup-Blocker Class] -> NetZero, Inc. [Ver = 3.6.00 | Size = 175560 bytes | Modified Date = 6/27/2005 5:06:14 PM | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetZero\Toolbar.dll [ZeroBar] -> NetZero, Inc. [Ver = 8.7.1.0 | Size = 325120 bytes | Modified Date = 3/13/2008 1:48:10 PM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{BDE1999F-C91A-4F5D-8E3F-B7BB7624DCE8} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\NetZero\Toolbar.dll [ZeroBar] -> NetZero, Inc. [Ver = 8.7.1.0 | Size = 325120 bytes | Modified Date = 3/13/2008 1:48:10 PM | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:41 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_01\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 501400 bytes | Modified Date = 3/14/2007 3:43:40 AM | Attr = ] {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}:{A1EDC4A1-940F-48E0-8DFD-E38F1D501021} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [Spyware Doctor] -> GuideWorks Pty. Ltd. [Ver = 3.0.0.255 | Size = 671392 bytes | Modified Date = 3/9/2005 9:55:46 AM | Attr = ] {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> F:\Program Files\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 3:50:04 PM | Attr = ] {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A}:Exec -> %ProgramFiles%\IrfanView\Ebay\Ebay.htm [eBay - Homepage] -> [Ver = | Size = 378 bytes | Modified Date = 3/16/2005 4:33:16 PM | Attr = ] CmdMapping: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spyware Doctor\tools\iesdpb.dll [Spyware Doctor] -> GuideWorks Pty. Ltd. [Ver = 3.0.0.255 | Size = 671392 bytes | Modified Date = 3/9/2005 9:55:46 AM | Attr = ] CmdMapping\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> F:\Program Files\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3702 | Size = 67160 bytes | Modified Date = 12/8/2004 3:50:04 PM | Attr = ] CmdMapping\\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\IrfanView\Ebay\Ebay.htm [eBay - Homepage] -> [Ver = | Size = 378 bytes | Modified Date = 3/16/2005 4:33:16 PM | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &AOL Toolbar search -> %ProgramFiles%\AOL Toolbar\toolbar.dll -> File not found Display All Images with Full Quality -> %ProgramFiles%\NetZero\qsacc\appres.dll -> NetZero, Inc. [Ver = 3.6.00 | Size = 368128 bytes | Modified Date = 6/27/2005 5:06:14 PM | Attr = ] Display Image with Full Quality -> %ProgramFiles%\NetZero\qsacc\appres.dll -> NetZero, Inc. [Ver = 3.6.00 | Size = 368128 bytes | Modified Date = 6/27/2005 5:06:14 PM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> SV1 -> -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {280EAC0F-8602-41C3-BA3B-F44224BDC660} -> (1394 Net Adapter) -> {5EA95BE2-24A7-4446-88ED-6BE3A2B2FCB4} -> (Intel(R) PRO/100 VE Network Connection) -> {DED4B328-2636-44D6-BB12-963596AF7CFD} -> (1394 Net Adapter) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> cetihpz:{CF184AD3-CDCB-4168-A3F7-8E447D129300} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll[CZipHandler Object] -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02A2D714-433E-46E4-B217-7C3B3FAF8EAE}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v46/scrabblecubes/scrabblecubes.cab[ScrabbleCubes Control] -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=58813[Office Genuine Advantage Validation Tool] -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {1A1F56AA-3401-46F9-B277-D57F3421F821}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab[FunGamesLoader Object] -> {233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/trix/default/TriJinx.1.0.0.87.cab[CPlayFirstTriJinxControl Object] -> {41F17733-B041-4099-A042-B518BB6A408C}[HKEY_LOCAL_MACHINE] -> http://appldnld.m7z.net/content.info.apple.com/iTunes4/WW/win/019-0312.20050111.MmVrT/iTunesSetup.exe[Reg Error: Key does not exist or could not be opened.] -> {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}[HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> {58FC4C77-71C2-4972-A8CD-78691AD85158}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v63/bjattack/bja.cab[Reg Error: Key does not exist or could not be opened.] -> {62969CF2-0F7A-433B-A221-FD8818C06C2F}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab[Blockwerx Control] -> {6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188091002687[WUWebControl Class] -> {64D01C7F-810D-446E-A07E-16C764235644}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/amad/default/atomaders.cab[AtlAtomadersCtlAttrib Class] -> {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/chnz/default/mjolauncher.cab[MJLauncherCtrl Class] -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/shared/wwlaunch.cab[Wwlaunch Control] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {9AA73F41-EC64-489E-9A73-9CD52E528BC4}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binframework/v10/ZAxRcMgr.cab31267.cab[ZoneAxRcMgr Class] -> {A031D222-B496-11D2-9CC8-00105A10AAF6}[HKEY_LOCAL_MACHINE] -> http://hoylegames.igl.net/cab/WONWebLauncherControl.cab[WONWebLauncher Class] -> {AB9820A0-02A9-11D5-A72F-004F4E002BD6}[HKEY_LOCAL_MACHINE] -> http://igweb07.iamgame.com/java2/cabs/swing.cab[JFC Classes] -> {B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> {BAC761D3-DFFD-4DB4-A01D-173346E090A7}[HKEY_LOCAL_MACHINE] -> http://www.shockwave.com/content/zenerchi/sis/ZenerchiWeb.1.0.0.10.cab[CPlayFirstzenerchiControl Object] -> {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}[HKEY_LOCAL_MACHINE] -> http://www.gamehouse.com/games/zylom/zylomplayer.cab[Zylom Games Player] -> {C5326A4D-E9AA-40AD-A09A-E74304D86B47}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v50/dinerdash/dinerdash.cab[DinerDash Control] -> {C86FF4B0-AA1D-46D4-8612-025FB86583C7}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/jobo/default/AstoundLauncher.cab#version=1,0,0,10[AstoundLauncher Control] -> {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab[Java Plug-in 1.5.0_05] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CF969D51-F764-4FBF-9E90-475248601C8A}[HKEY_LOCAL_MACHINE] -> http://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab[FamilyFeud Control] -> {D0C0F75C-683A-4390-A791-1ACFD5599AB8}[HKEY_LOCAL_MACHINE] -> http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab[Oberon Flash Game Host] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D}[HKEY_LOCAL_MACHINE] -> http://cdn.ll.neoedge.com/webgames/SandScript/SandScript.1.0.0.21.cab[CPlayFirstSandScriptControl Object] -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/popcaploader_v10.cab[PopCapLoader Object] -> {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4}[HKEY_LOCAL_MACHINE] -> http://zone.msn.com/bingame/swet/default/Sweetopia.1.0.0.46.cab[CPlayFirstSweetopiaControl Object] -> Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Java/jre1.5.0_11/bin/ssv.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Java/jre1.5.0_11/bin/ssv.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/Program Files/Java/jre1.5.0_11/bin/ssv.dll\\{8AD9C840-044E-11D1-B3E9-00805F499D93} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Atomaders.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Atomaders.dll\\.Owner -> {64D01C7F-810D-446E-A07E-16C764235644} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Atomaders.dll\\{64D01C7F-810D-446E-A07E-16C764235644} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/blockwerx.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/blockwerx.ocx\\.Owner -> {62969CF2-0F7A-433B-A221-FD8818C06C2F} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/blockwerx.ocx\\{62969CF2-0F7A-433B-A221-FD8818C06C2F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/AstoundLauncher.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/AstoundLauncher.ocx\\.Owner -> {C86FF4B0-AA1D-46D4-8612-025FB86583C7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/AstoundLauncher.ocx\\{C86FF4B0-AA1D-46D4-8612-025FB86583C7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FunGamesLoader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FunGamesLoader.dll\\.Owner -> {1A1F56AA-3401-46F9-B277-D57F3421F821} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/FunGamesLoader.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/WONWebLauncherControl.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/WONWebLauncherControl.ocx\\.Owner -> {A031D222-B496-11D2-9CC8-00105A10AAF6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/WONWebLauncherControl.ocx\\{A031D222-B496-11D2-9CC8-00105A10AAF6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/Atomaders.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/Atomaders.dll\\.Owner -> {64D01C7F-810D-446E-A07E-16C764235644} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/Atomaders.dll\\{64D01C7F-810D-446E-A07E-16C764235644} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/Interface.mid\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/Interface.mid\\.Owner -> {64D01C7F-810D-446E-A07E-16C764235644} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/Interface.mid\\{64D01C7F-810D-446E-A07E-16C764235644} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/LedaPrime.tdf\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/LedaPrime.tdf\\.Owner -> {64D01C7F-810D-446E-A07E-16C764235644} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/LedaPrime.tdf\\{64D01C7F-810D-446E-A07E-16C764235644} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/Music1.mid\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/Music1.mid\\.Owner -> {64D01C7F-810D-446E-A07E-16C764235644} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/Music1.mid\\{64D01C7F-810D-446E-A07E-16C764235644} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/WONWebLauncherControl.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/WONWebLauncherControl.ocx\\.Owner -> {A031D222-B496-11D2-9CC8-00105A10AAF6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.2/WONWebLauncherControl.ocx\\{A031D222-B496-11D2-9CC8-00105A10AAF6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.3/WONWebLauncherControl.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.3/WONWebLauncherControl.ocx\\.Owner -> {A031D222-B496-11D2-9CC8-00105A10AAF6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.3/WONWebLauncherControl.ocx\\{A031D222-B496-11D2-9CC8-00105A10AAF6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.4/WONWebLauncherControl.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.4/WONWebLauncherControl.ocx\\.Owner -> {A031D222-B496-11D2-9CC8-00105A10AAF6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.4/WONWebLauncherControl.ocx\\{A031D222-B496-11D2-9CC8-00105A10AAF6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.5/WONWebLauncherControl.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.5/WONWebLauncherControl.ocx\\.Owner -> {A031D222-B496-11D2-9CC8-00105A10AAF6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.5/WONWebLauncherControl.ocx\\{A031D222-B496-11D2-9CC8-00105A10AAF6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.6/WONWebLauncherControl.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.6/WONWebLauncherControl.ocx\\.Owner -> {A031D222-B496-11D2-9CC8-00105A10AAF6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.6/WONWebLauncherControl.ocx\\{A031D222-B496-11D2-9CC8-00105A10AAF6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.7/WONWebLauncherControl.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.7/WONWebLauncherControl.ocx\\.Owner -> {A031D222-B496-11D2-9CC8-00105A10AAF6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.7/WONWebLauncherControl.ocx\\{A031D222-B496-11D2-9CC8-00105A10AAF6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dinerdash.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dinerdash.ocx\\.Owner -> {C5326A4D-E9AA-40AD-A09A-E74304D86B47} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dinerdash.ocx\\{C5326A4D-E9AA-40AD-A09A-E74304D86B47} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/familyfeud.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/familyfeud.ocx\\.Owner -> {CF969D51-F764-4FBF-9E90-475248601C8A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/familyfeud.ocx\\{CF969D51-F764-4FBF-9E90-475248601C8A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\.Owner -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Interface.mid\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Interface.mid\\.Owner -> {64D01C7F-810D-446E-A07E-16C764235644} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Interface.mid\\{64D01C7F-810D-446E-A07E-16C764235644} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LedaPrime.tdf\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LedaPrime.tdf\\.Owner -> {64D01C7F-810D-446E-A07E-16C764235644} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LedaPrime.tdf\\{64D01C7F-810D-446E-A07E-16C764235644} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mjolauncher.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mjolauncher.dll\\.Owner -> {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mjolauncher.dll\\{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Music1.mid\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Music1.mid\\.Owner -> {64D01C7F-810D-446E-A07E-16C764235644} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Music1.mid\\{64D01C7F-810D-446E-A07E-16C764235644} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/OberonGameHost.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/OberonGameHost.dll\\.Owner -> {D0C0F75C-683A-4390-A791-1ACFD5599AB8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/OberonGameHost.dll\\{D0C0F75C-683A-4390-A791-1ACFD5599AB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SandScript.1.0.0.21.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SandScript.1.0.0.21.dll\\.Owner -> {D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SandScript.1.0.0.21.dll\\{D410AFBD-4E26-4D5F-840F-0412D6F6BB8D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scrabblecubes.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scrabblecubes.ocx\\.Owner -> {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/scrabblecubes.ocx\\{02A2D714-433E-46E4-B217-7C3B3FAF8EAE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Sweetopia.1.0.0.46.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Sweetopia.1.0.0.46.dll\\.Owner -> {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Sweetopia.1.0.0.46.dll\\{FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TriJinx.1.0.0.55.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TriJinx.1.0.0.55.dll\\.Owner -> {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TriJinx.1.0.0.55.dll\\{2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TriJinx.1.0.0.87.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TriJinx.1.0.0.87.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TriJinx.1.0.0.87.dll\\{2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WONWebLauncherControl.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WONWebLauncherControl.ocx\\.Owner -> {A031D222-B496-11D2-9CC8-00105A10AAF6} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WONWebLauncherControl.ocx\\{A031D222-B496-11D2-9CC8-00105A10AAF6} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\.Owner -> {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wwlaunch.ocx\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZAxRcMgr.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZAxRcMgr.ocx\\.Owner -> {9AA73F41-EC64-489E-9A73-9CD52E528BC4} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZAxRcMgr.ocx\\{9AA73F41-EC64-489E-9A73-9CD52E528BC4} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zenerchi.1.0.0.10.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zenerchi.1.0.0.10.dll\\.Owner -> {BAC761D3-DFFD-4DB4-A01D-173346E090A7} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zenerchi.1.0.0.10.dll\\{BAC761D3-DFFD-4DB4-A01D-173346E090A7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zylomgamesplayer.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zylomgamesplayer.dll\\.Owner -> {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zylomgamesplayer.dll\\{BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\HardTruck2 -> HardTruck2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> HardTruck2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\HardTruck2 -> HardTruck2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> HardTruck2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/GWFSPidGen.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{62969CF2-0F7A-433B-A221-FD8818C06C2F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{CF969D51-F764-4FBF-9E90-475248601C8A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{C5326A4D-E9AA-40AD-A09A-E74304D86B47} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{02A2D714-433E-46E4-B217-7C3B3FAF8EAE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{62969CF2-0F7A-433B-A221-FD8818C06C2F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{CF969D51-F764-4FBF-9E90-475248601C8A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{C5326A4D-E9AA-40AD-A09A-E74304D86B47} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{02A2D714-433E-46E4-B217-7C3B3FAF8EAE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{1A1F56AA-3401-46F9-B277-D57F3421F821} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{62969CF2-0F7A-433B-A221-FD8818C06C2F} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{CF969D51-F764-4FBF-9E90-475248601C8A} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{C5326A4D-E9AA-40AD-A09A-E74304D86B47} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{02A2D714-433E-46E4-B217-7C3B3FAF8EAE} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\HardTruck2 -> HardTruck2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> HardTruck2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:43 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 10:49:30 AM | Attr = ] msv1_0 -> %SystemRoot%\SYSTEM32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 12:56:43 AM | Attr = ] schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 7:21:15 AM | Attr = ] wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 9:37:50 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 648 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\SYSTEM32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\SYSTEM32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> BF 53 D9 B8 B1 62 EE 40 32 54 AF B1 81 1C 69 29 63 61 30 38 34 65 64 36 00 00 00 00 01 00 00 00 B4 01 00 00 B8 01 00 00 34 CA 06 00 45 9D BF 71 04 00 00 00 10 00 00 00 00 00 00 00 03 33 87 C6 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 4D 29 1F 4A 05 BB 9C 55 B3 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 64 F5 22 8D BC 86 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\SYSTEM32\IISSUBA.DLL [iissuba] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/29/2002 4:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 0F EF A4 C1 D9 42 4C F7 61 A9 8F B9 A7 45 B4 B3 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 06 B5 67 A7 78 3B C6 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 D9 4A 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 80 6F E3 94 F8 79 C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Name -> ZWebAuth -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Comment -> MSN Gaming Zone SSP -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Capabilities -> 48 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\TokenSize -> 44 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Time -> 00 6B 74 09 B4 40 C1 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\zwebauth.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\SYSTEM32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 16327 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 12:56:42 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\S\ -> -> -> Reg Error: Key does not exist or could not be opened. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{6BC0A236-9B01-4A06-8F1C-8C6B73B45824} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{D99FA2C6-52C6-4711-9DA5-49E4294ACC6D} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{D00E9B5C-17B6-45AB-AA0A-426BD2061D5D} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{47267160-0C30-4384-9691-EBEFDAE188DA} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{F11D8B8D-2D8A-4C3F-BAB0-087AF654ECD2} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{F277FB84-AC8B-4C4E-93F0-FC8F63A3647B} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{5EA95BE2-24A7-4446-88ED-6BE3A2B2FCB4} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\{C2F0E734-1310-4E9B-8467-1A01525BAD85} -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 272 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\SYSTEM32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 12:56:46 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS -> %SystemRoot%\SYSTEM32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\SYSTEM32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 12:56:44 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\SYSTEM32\tlntsvr.exe [C:\WINDOWS\System32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 12:56:57 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> *DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS -> %SystemRoot%\SYSTEM32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 9:39:49 PM | Attr = ] TCPIP -> -> File not found NTLMSSP -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\EnableAutodial -> 0 -> [Files/Folders - Created Within 30 days] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 5/15/2008 8:54:16 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 5/31/2008 11:30:13 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 5/31/2008 11:30:13 AM | Attr = H ] [Files Created - Additional Folder Scans - Non-Microsoft Only] NetZero Internet.lnk -> %SystemDrive%\DOCUME~1\ALLUSE~1\Desktop\NetZero Internet.lnk -> [Ver = | Size = 1599 bytes | Created Date = 5/13/2008 2:51:37 AM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Created Date = 5/31/2008 12:48:24 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier deckert -> %UserProfile%\Desktop\deckert -> [Folder | Created Date = 5/15/2008 8:58:09 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1750 bytes | Created Date = 5/31/2008 5:28:07 AM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 5/31/2008 12:53:55 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 544374 bytes | Created Date = 5/31/2008 12:52:59 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Trend Micro -> %ProgramFiles%\Trend Micro -> [Folder | Created Date = 5/31/2008 5:28:07 AM | Attr = ] [Files/Folders - Modified Within 30 days] 1kbestgames -> %SystemDrive%\1kbestgames -> [Folder | Modified Date = 5/31/2008 11:22:35 AM | Attr = ] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 5/15/2008 8:54:16 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 535875584 bytes | Modified Date = 5/31/2008 9:02:15 AM | Attr = HS] NetZeroInstaller -> %SystemDrive%\NetZeroInstaller -> [Folder | Modified Date = 5/13/2008 2:51:37 AM | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 5/31/2008 5:28:07 AM | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 5/31/2008 11:30:13 AM | Attr = ] aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 26944 bytes | Modified Date = 5/15/2008 4:13:26 PM | Attr = ] aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 20560 bytes | Modified Date = 5/15/2008 4:16:06 PM | Attr = ] aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 94416 bytes | Modified Date = 5/15/2008 4:18:33 PM | Attr = ] aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 23152 bytes | Modified Date = 5/15/2008 4:15:29 PM | Attr = ] aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 78416 bytes | Modified Date = 5/15/2008 4:20:32 PM | Attr = ] aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.8.1201.0 | Size = 42912 bytes | Modified Date = 5/15/2008 4:14:11 PM | Attr = ] aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 1152888 bytes | Modified Date = 5/15/2008 4:24:43 PM | Attr = ] AvastSS.scr -> %SystemRoot%\System32\AvastSS.scr -> ALWIL Software [Ver = 4, 8, 1201, 0 | Size = 95608 bytes | Modified Date = 5/15/2008 4:12:36 PM | Attr = ] BMXBkpCtrlState-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXBkpCtrlState-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx -> [Ver = | Size = 31440 bytes | Modified Date = 5/31/2008 9:01:23 AM | Attr = ] BMXCtrlState-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXCtrlState-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx -> [Ver = | Size = 31440 bytes | Modified Date = 5/31/2008 9:01:23 AM | Attr = ] BMXState-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXState-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx -> [Ver = | Size = 31560 bytes | Modified Date = 5/31/2008 9:01:23 AM | Attr = ] BMXStateBkp-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000002-00000000-00000000-00001102-00000004-10031102}.rfx -> [Ver = | Size = 31560 bytes | Modified Date = 5/31/2008 9:01:23 AM | Attr = ] braviax.exe -> %SystemRoot%\System32\braviax.exe -> [Ver = | Size = 17920 bytes | Modified Date = 5/15/2008 7:22:22 PM | Attr = ] @Alternate Data Stream - 88 bytes -> %SystemRoot%\System32\braviax.exe:SummaryInformation @Alternate Data Stream - 0 bytes -> %SystemRoot%\System32\braviax.exe:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 5/31/2008 9:02:59 AM | Attr = ] 12 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> CONFIG.NT -> %SystemRoot%\System32\CONFIG.NT -> [Ver = | Size = 2639 bytes | Modified Date = 5/30/2008 8:15:13 AM | Attr = ] DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 5/31/2008 10:24:55 AM | Attr = RHS] DVCState-{00000002-00000000-00000000-00001102-00000004-10031102}.dat -> %SystemRoot%\System32\DVCState-{00000002-00000000-00000000-00001102-00000004-10031102}.dat -> [Ver = | Size = 288 bytes | Modified Date = 5/31/2008 9:01:23 AM | Attr = ] DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-10031102}.dat -> %SystemRoot%\System32\DVCStateBkp-{00000002-00000000-00000000-00001102-00000004-10031102}.dat -> [Ver = | Size = 288 bytes | Modified Date = 5/31/2008 9:01:23 AM | Attr = ] Macromed -> %SystemRoot%\System32\Macromed -> [Folder | Modified Date = 5/22/2008 3:48:51 AM | Attr = ] settings.sfm -> %SystemRoot%\System32\settings.sfm -> [Ver = | Size = 2048 bytes | Modified Date = 5/31/2008 9:01:23 AM | Attr = ] settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm -> [Ver = | Size = 2048 bytes | Modified Date = 5/31/2008 9:01:23 AM | Attr = ] WPA.DBL -> %SystemRoot%\System32\WPA.DBL -> [Ver = | Size = 1170 bytes | Modified Date = 5/31/2008 9:02:49 AM | Attr = ] BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 5/31/2008 9:02:17 AM | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 5/25/2008 1:12:21 AM | Attr = S] 3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> Help -> %SystemRoot%\Help -> [Folder | Modified Date = 5/14/2008 1:50:09 AM | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 5/18/2008 5:54:30 AM | Attr = H ] popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 216 bytes | Modified Date = 5/29/2008 7:16:16 AM | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 5/31/2008 12:53:49 PM | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 5/31/2008 11:30:13 AM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 5/31/2008 11:30:13 AM | Attr = H ] SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 5/31/2008 9:57:44 AM | Attr = ] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 5/31/2008 12:49:20 PM | Attr = ] WORDPAD.INI -> %SystemRoot%\WORDPAD.INI -> [Ver = | Size = 754 bytes | Modified Date = 5/14/2008 2:08:38 AM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 5/31/2008 9:02:22 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [Folder | Modified Date = 9/12/2005 12:30:54 AM | Attr = ] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [Ver = | Size = 25772 bytes | Modified Date = 5/31/2008 4:18:09 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 1/16/2004 9:33:18 PM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 5504 bytes | Modified Date = 5/20/2008 8:47:59 PM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 4232 bytes | Modified Date = 5/23/2008 2:54:01 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 9/2/2007 10:58:52 AM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1388 bytes | Modified Date = 1/24/2008 3:46:58 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data -> [Folder | Modified Date = 4/15/2005 9:07:11 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\data.dat -> [Ver = | Size = 11860 bytes | Modified Date = 4/15/2005 9:07:13 PM | Attr = ] C:\Documents and Settings\Robert\Local Settings\Temp\ -> C:\Documents and Settings\Robert\Local Settings\Temp -> [Folder | Modified Date = 5/31/2008 12:53:31 PM | Attr = ] CTPBSEQ.EXE -> C:\Documents and Settings\Robert\Local Settings\Temp\CTPBSEQ.EXE -> Creative Technology Ltd. [Ver = 1, 0, 0, 3 | Size = 65536 bytes | Modified Date = 10/25/2006 6:00:00 PM | Attr = R ] 11 C:\Documents and Settings\Robert\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Robert\Local Settings\Temp\*.tmp -> C:\WINDOWS\Temp\_ISTMP0.DIR\ -> C:\WINDOWS\Temp\_ISTMP0.DIR\ -> [Folder | Modified Date = 3/26/2008 7:19:40 PM | Attr = ] UNINST16.EXE -> C:\WINDOWS\Temp\_ISTMP0.DIR\UNINST16.EXE -> InstallShield Corporation, Inc. [Ver = 2.20.924.0 | Size = 248064 bytes | Modified Date = 2/6/1998 9:23:52 PM | Attr = ] C:\WINDOWS\Temp\_ISTMP2.DIR\ -> C:\WINDOWS\Temp\_ISTMP2.DIR\ -> [Folder | Modified Date = 3/26/2008 7:19:41 PM | Attr = ] UNINST16.EXE -> C:\WINDOWS\Temp\_ISTMP2.DIR\UNINST16.EXE -> InstallShield Corporation, Inc. [Ver = 2.20.924.0 | Size = 248064 bytes | Modified Date = 2/6/1998 9:23:52 PM | Attr = ] C:\WINDOWS\Temp\_ISTMP3.DIR\ -> C:\WINDOWS\Temp\_ISTMP3.DIR\ -> [Folder | Modified Date = 3/26/2008 7:19:42 PM | Attr = ] UNINST.EXE -> C:\WINDOWS\Temp\_ISTMP3.DIR\UNINST.EXE -> InstallShield Corporation, Inc. [Ver = 2.20.924.0 | Size = 299520 bytes | Modified Date = 2/6/1998 10:37:32 PM | Attr = ] C:\WINDOWS\Temp\{5710D2D9-9907-41BA-85AA-B2CE2C2BCA86}\InstCab\TargetDir\ -> C:\WINDOWS\Temp\{5710D2D9-9907-41BA-85AA-B2CE2C2BCA86}\InstCab\TargetDir -> [Folder | Modified Date = 3/22/2008 10:40:36 PM | Attr = ] DIFRemove_x32.exe -> C:\WINDOWS\Temp\{5710D2D9-9907-41BA-85AA-B2CE2C2BCA86}\InstCab\TargetDir\DIFRemove_x32.exe -> Creative Technology Ltd [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 4/4/2007 2:06:12 PM | Attr = ] DIFRemove_x64.exe -> C:\WINDOWS\Temp\{5710D2D9-9907-41BA-85AA-B2CE2C2BCA86}\InstCab\TargetDir\DIFRemove_x64.exe -> Creative Technology Ltd [Ver = 1, 0, 0, 3 | Size = 8704 bytes | Modified Date = 4/4/2007 2:22:42 PM | Attr = ] C:\WINDOWS\Temp\_ISTMP0.DIR\ -> C:\WINDOWS\Temp\_ISTMP0.DIR\ -> [Folder | Modified Date = 3/26/2008 7:19:40 PM | Attr = ] CTL3D.DLL -> C:\WINDOWS\Temp\_ISTMP0.DIR\CTL3D.DLL -> Microsoft Corporation [Ver = 2.31.000 | Size = 26768 bytes | Modified Date = 7/13/1995 6:43:40 PM | Attr = ] CTL3D32.DLL -> C:\WINDOWS\Temp\_ISTMP0.DIR\CTL3D32.DLL -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/13/1995 6:46:26 PM | Attr = ] D1F1337.DLL -> C:\WINDOWS\Temp\_ISTMP0.DIR\D1F1337.DLL -> InstallShield Corporation, Inc. [Ver = 3.00.093.0 | Size = 66912 bytes | Modified Date = 2/15/1997 2:40:04 AM | Attr = ] D1F1347.DLL -> C:\WINDOWS\Temp\_ISTMP0.DIR\D1F1347.DLL -> [Ver = | Size = 8336 bytes | Modified Date = 2/2/1998 5:18:32 AM | Attr = ] _ISREG16.DLL -> C:\WINDOWS\Temp\_ISTMP0.DIR\_ISREG16.DLL -> Stirling Technologies Inc. [Ver = 1.0.000 | Size = 19840 bytes | Modified Date = 4/23/1997 1:07:56 AM | Attr = ] C:\WINDOWS\Temp\_ISTMP2.DIR\ -> C:\WINDOWS\Temp\_ISTMP2.DIR\ -> [Folder | Modified Date = 3/26/2008 7:19:41 PM | Attr = ] CTL3D.DLL -> C:\WINDOWS\Temp\_ISTMP2.DIR\CTL3D.DLL -> Microsoft Corporation [Ver = 2.31.000 | Size = 26768 bytes | Modified Date = 7/13/1995 6:43:40 PM | Attr = ] D225ED8.DLL -> C:\WINDOWS\Temp\_ISTMP2.DIR\D225ED8.DLL -> InstallShield Corporation, Inc. [Ver = 3.00.093.0 | Size = 66912 bytes | Modified Date = 2/15/1997 2:40:04 AM | Attr = ] D225EE8.DLL -> C:\WINDOWS\Temp\_ISTMP2.DIR\D225EE8.DLL -> [Ver = | Size = 8336 bytes | Modified Date = 2/2/1998 5:18:32 AM | Attr = ] _ISREG16.DLL -> C:\WINDOWS\Temp\_ISTMP2.DIR\_ISREG16.DLL -> Stirling Technologies Inc. [Ver = 1.0.000 | Size = 19840 bytes | Modified Date = 4/23/1997 1:07:56 AM | Attr = ] C:\WINDOWS\Temp\_ISTMP3.DIR\ -> C:\WINDOWS\Temp\_ISTMP3.DIR\ -> [Folder | Modified Date = 3/26/2008 7:19:42 PM | Attr = ] 1a927775.DLL -> C:\WINDOWS\Temp\_ISTMP3.DIR\1a927775.DLL -> InstallShield Corporation, Inc. [Ver = 3.00.093.0 | Size = 91648 bytes | Modified Date = 12/14/1999 9:49:58 AM | Attr = ] 1a927784.DLL -> C:\WINDOWS\Temp\_ISTMP3.DIR\1a927784.DLL -> [Ver = | Size = 45056 bytes | Modified Date = 12/14/1999 9:48:08 AM | Attr = ] CTL3D32.DLL -> C:\WINDOWS\Temp\_ISTMP3.DIR\CTL3D32.DLL -> Microsoft Corporation [Ver = 2.31.000 | Size = 27136 bytes | Modified Date = 7/13/1995 7:46:26 PM | Attr = ] _ISREG32.DLL -> C:\WINDOWS\Temp\_ISTMP3.DIR\_ISREG32.DLL -> Stirling [Ver = 2, 0, 0, 0 | Size = 49152 bytes | Modified Date = 3/22/2000 2:47:02 PM | Attr = ] C:\WINDOWS\Temp\_ISTMP4.DIR\ -> C:\WINDOWS\Temp\_ISTMP4.DIR\ -> [Folder | Modified Date = 3/26/2008 7:19:42 PM | Attr = ] a95722.DLL -> C:\WINDOWS\Temp\_ISTMP4.DIR\a95722.DLL -> InstallShield Corporation, Inc. [Ver = 3.00.093.0 | Size = 91648 bytes | Modified Date = 12/14/1999 9:49:58 AM | Attr = ] a95732.DLL -> C:\WINDOWS\Temp\_ISTMP4.DIR\a95732.DLL -> [Ver = | Size = 45056 bytes | Modified Date = 12/14/1999 9:48:08 AM | Attr = ] C:\WINDOWS\Temp\{5710D2D9-9907-41BA-85AA-B2CE2C2BCA86}\InstCab\TargetDir\ -> C:\WINDOWS\Temp\{5710D2D9-9907-41BA-85AA-B2CE2C2BCA86}\InstCab\TargetDir -> [Folder | Modified Date = 3/22/2008 10:40:36 PM | Attr = ] muvoRes.dll -> C:\WINDOWS\Temp\{5710D2D9-9907-41BA-85AA-B2CE2C2BCA86}\InstCab\TargetDir\muvoRes.dll -> Creative [Ver = 2.0.2.250 | Size = 139264 bytes | Modified Date = 4/10/2006 2:00:02 AM | Attr = ] regdll.dll -> C:\WINDOWS\Temp\{5710D2D9-9907-41BA-85AA-B2CE2C2BCA86}\InstCab\TargetDir\regdll.dll -> Creative [Ver = 2.1.1.250 | Size = 90112 bytes | Modified Date = 3/6/2007 3:21:40 PM | Attr = ] unregdll.dll -> C:\WINDOWS\Temp\{5710D2D9-9907-41BA-85AA-B2CE2C2BCA86}\InstCab\TargetDir\unregdll.dll -> Creative [Ver = 2.1.2.250 | Size = 49152 bytes | Modified Date = 3/6/2007 3:19:58 PM | Attr = ] C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [Folder | Modified Date = 5/31/2008 12:49:20 PM | Attr = ] Perflib_Perfdata_45c.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_45c.dat -> [Ver = | Size = 16384 bytes | Modified Date = 4/11/2008 2:20:34 AM | Attr = ] 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> C:\WINDOWS\Temp\_ISTMP0.DIR\ -> C:\WINDOWS\Temp\_ISTMP0.DIR\ -> [Folder | Modified Date = 3/26/2008 7:19:40 PM | Attr = ] CORECOMP.INI -> C:\WINDOWS\Temp\_ISTMP0.DIR\CORECOMP.INI -> [Ver = | Size = 21642 bytes | Modified Date = 2/10/1997 9:49:48 PM | Attr = ] SETUP.INI -> C:\WINDOWS\Temp\_ISTMP0.DIR\SETUP.INI -> [Ver = | Size = 21985 bytes | Modified Date = 10/6/1998 10:31:48 AM | Attr = ] C:\WINDOWS\Temp\_ISTMP2.DIR\ -> C:\WINDOWS\Temp\_ISTMP2.DIR\ -> [Folder | Modified Date = 3/26/2008 7:19:41 PM | Attr = ] SETUP.INI -> C:\WINDOWS\Temp\_ISTMP2.DIR\SETUP.INI -> [Ver = | Size = 21985 bytes | Modified Date = 10/6/1998 10:31:48 AM | Attr = ] C:\WINDOWS\Temp\_ISTMP3.DIR\ -> C:\WINDOWS\Temp\_ISTMP3.DIR\ -> [Folder | Modified Date = 3/26/2008 7:19:42 PM | Attr = ] CORECOMP.INI -> C:\WINDOWS\Temp\_ISTMP3.DIR\CORECOMP.INI -> [Ver = | Size = 28430 bytes | Modified Date = 11/11/1999 10:04:28 AM | Attr = ] SETUP.INI -> C:\WINDOWS\Temp\_ISTMP3.DIR\SETUP.INI -> [Ver = | Size = 10518 bytes | Modified Date = 1/29/2003 10:38:26 AM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] ATI MMC -> %AllUsersProfile%\Application Data\ATI MMC -> [Folder | Modified Date = 5/24/2008 4:39:00 AM | Attr = ] ApplicationHistory -> %UserProfile%\Local Settings\Application Data\ApplicationHistory -> [Folder | Modified Date = 5/24/2008 5:52:45 AM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 129024 bytes | Modified Date = 5/4/2008 4:20:09 AM | Attr = ] IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [Ver = | Size = 801896 bytes | Modified Date = 5/31/2008 9:00:36 AM | Attr = H ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 5/31/2008 8:49:52 AM | Attr = ] jess -> %UserProfile%\My Documents\jess -> [Folder | Modified Date = 5/31/2008 8:53:20 AM | Attr = ] NetZero Internet.lnk -> %SystemDrive%\DOCUME~1\ALLUSE~1\Desktop\NetZero Internet.lnk -> [Ver = | Size = 1599 bytes | Modified Date = 5/13/2008 2:51:37 AM | Attr = ] ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 5/31/2008 12:48:25 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\ATF-Cleaner.exe:Zone.Identifier deckert -> %UserProfile%\Desktop\deckert -> [Folder | Modified Date = 5/15/2008 8:58:24 PM | Attr = ] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [Ver = | Size = 1750 bytes | Modified Date = 5/31/2008 5:28:07 AM | Attr = ] OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 5/31/2008 12:53:55 PM | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 544374 bytes | Modified Date = 5/31/2008 12:52:59 PM | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Unused Desktop Shortcuts -> %UserProfile%\Desktop\Unused Desktop Shortcuts -> [Folder | Modified Date = 5/3/2008 3:56:09 PM | Attr = ] < End of report > [/code]