[code] OTScanIt logfile created on: 14/07/2008 9:59:27 PM OTScanIt by OldTimer - Version 1.0.16.2 Folder = C:\Documents and Settings\sean\Desktop\SYSTEM STUFF\OTScanIt Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy 509.98 Mb Total Physical Memory | 290.05 Mb Available Physical Memory | 56.87% Memory free 1.22 Gb Paging File | 0.82 Gb Available in Paging File | 67.58% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 145.22 Gb Total Space | 57.48 Gb Free Space | 39.58% Space Free | Partition Type: NTFS Drive D: | 3.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 298.09 Gb Total Space | 62.79 Gb Free Space | 21.07% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ME Current User Name: sean Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user [Processes - Non-Microsoft Only] aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,3 | Size = 611664 bytes | Modified Date = 12/05/2008 12:38:28 PM | Attr = ] lexbces.exe -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 15/04/2004 4:26:50 AM | Attr = ] lexpps.exe -> %SystemRoot%\SYSTEM32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 15/04/2004 4:20:38 AM | Attr = ] avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 04/07/2008 10:51:06 AM | Attr = ] smartboardservice.exe -> %ProgramFiles%\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe -> SMART Technologies Inc. [Ver = 9.7.98.1 | Size = 1283336 bytes | Modified Date = 02/11/2007 6:48:32 AM | Attr = ] avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 287000 bytes | Modified Date = 04/07/2008 10:50:59 AM | Attr = ] intelmem.exe -> %ProgramFiles%\Intel\Modem Event Monitor\IntelMEM.exe -> Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Modified Date = 03/09/2003 10:12:44 PM | Attr = ] dlbkbmgr.exe -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmgr.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 270336 bytes | Modified Date = 15/04/2004 4:32:22 AM | Attr = ] dlbkbmon.exe -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmon.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 15/04/2004 5:18:38 AM | Attr = ] ulcdrsvr.exe -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 31/01/2005 10:45:20 AM | Attr = ] avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 04/07/2008 10:51:11 AM | Attr = ] hkcmd.exe -> %SystemRoot%\SYSTEM32\hkcmd.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 20/09/2005 10:32:24 AM | Attr = ] igfxpers.exe -> %SystemRoot%\SYSTEM32\igfxpers.exe -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 20/09/2005 10:36:20 AM | Attr = ] realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 19/08/2006 6:11:15 PM | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 5:25:21 AM | Attr = ] pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Modified Date = 11/04/2004 10:15:14 PM | Attr = ] avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 04/07/2008 10:51:23 AM | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 10/06/2008 9:28:52 PM | Attr = ] orbitdm.exe -> %ProgramFiles%\Orbitdownloader\orbitdm.exe -> Orbitdownloader.com [Ver = 2, 7, 0, 1 | Size = 1690824 bytes | Modified Date = 10/06/2008 10:47:18 AM | Attr = ] smartboardtools.exe -> %ProgramFiles%\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe -> SMART Technologies Inc. [Ver = 9.7.98.1 | Size = 4519176 bytes | Modified Date = 02/11/2007 6:48:46 AM | Attr = ] orbitnet.exe -> %ProgramFiles%\Orbitdownloader\orbitnet.exe -> Orbitdownloader.com [Ver = 2, 6, 0, 4 | Size = 356352 bytes | Modified Date = 18/03/2008 3:34:14 PM | Attr = ] stickies.exe -> %ProgramFiles%\Stickies\stickies.exe -> Zhorn Software [Ver = 6.5a | Size = 757760 bytes | Modified Date = 16/01/2008 10:39:45 PM | Attr = ] aware.exe -> %ProgramFiles%\SMART Technologies Inc\SMART Board Software\Aware.exe -> SMART Technologies Inc. [Ver = 9.7.98.1 | Size = 2090248 bytes | Modified Date = 02/11/2007 6:48:34 AM | Attr = ] marker.exe -> %ProgramFiles%\SMART Technologies Inc\SMART Board Software\Marker.exe -> SMART Technologies Inc. [Ver = 9.7.98.1 | Size = 3990792 bytes | Modified Date = 02/11/2007 6:48:40 AM | Attr = ] acrord32.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AcroRd32.exe -> Adobe Systems Incorporated [Ver = 7.0.8.2006051600 | Size = 71288 bytes | Modified Date = 16/05/2006 11:15:10 PM | Attr = ] otscanit.exe -> %UserProfile%\Desktop\SYSTEM STUFF\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 12/07/2008 9:29:54 AM | Attr = ] [Win32 Services - Non-Microsoft Only] (aawservice) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe -> Lavasoft [Ver = 7,1,0,3 | Size = 611664 bytes | Modified Date = 12/05/2008 12:38:28 PM | Attr = ] (avg8emc) AVG8 E-mail Scanner [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgemc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 04/07/2008 10:51:11 AM | Attr = ] (avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 231192 bytes | Modified Date = 04/07/2008 10:51:06 AM | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\SYSTEM32\DMADMIN.EXE -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 03/01/2007 9:40:21 PM | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 04/04/2005 1:41:10 AM | Attr = ] (LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\SYSTEM32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 15/04/2004 4:26:50 AM | Attr = ] (Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft Office 2007\Office12\GrooveAuditService.exe -> File not found (NetSvc) Intel NCS NetService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Intel\PROSetWired\NCS\Sync\NetSvc.exe -> Intel(R) Corporation [Ver = 1.6.3.0 | Size = 143360 bytes | Modified Date = 17/12/2003 3:59:48 PM | Attr = ] (odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> File not found (SMART Board Service) SMART Board Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe -> SMART Technologies Inc. [Ver = 9.7.98.1 | Size = 1283336 bytes | Modified Date = 02/11/2007 6:48:32 AM | Attr = ] (SMART Web Server) SMART Web Server [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SMART Technologies Inc\SMART Board Software\WebServer.exe -> [Ver = | Size = 767240 bytes | Modified Date = 02/11/2007 6:48:58 AM | Attr = ] (UleadBurningHelper) Ulead Burning Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Ulead Systems\DVD\ULCDRSvr.exe -> Ulead Systems, Inc. [Ver = 1, 0, 0, 4 | Size = 49152 bytes | Modified Date = 31/01/2005 10:45:20 AM | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 1232152 bytes | Modified Date = 04/07/2008 10:51:23 AM | Attr = ] Dell AIO Printer A920 -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmgr.exe ["C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"] -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 270336 bytes | Modified Date = 15/04/2004 4:32:22 AM | Attr = ] GrooveMonitor -> %ProgramFiles%\Microsoft Office 2007\Office12\GrooveMonitor.exe ["C:\Program Files\Microsoft Office 2007\Office12\GrooveMonitor.exe"] -> File not found igfxhkcmd -> %SystemRoot%\SYSTEM32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> Intel Corporation [Ver = 3.0.0.4396 | Size = 77824 bytes | Modified Date = 20/09/2005 10:32:24 AM | Attr = ] igfxpers -> %SystemRoot%\SYSTEM32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> Intel Corporation [Ver = 3.0.0.4396 | Size = 114688 bytes | Modified Date = 20/09/2005 10:36:20 AM | Attr = ] igfxtray -> %SystemRoot%\SYSTEM32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> Intel Corporation [Ver = 3.0.0.4396 | Size = 94208 bytes | Modified Date = 20/09/2005 10:35:40 AM | Attr = ] IntelMeM -> %ProgramFiles%\Intel\Modem Event Monitor\IntelMEM.exe [C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe] -> Intel Corporation [Ver = 0, 1, 0, 10 | Size = 221184 bytes | Modified Date = 03/09/2003 10:12:44 PM | Attr = ] PCMService -> %ProgramFiles%\Dell\Media Experience\PCMService.exe ["C:\Program Files\Dell\Media Experience\PCMService.exe"] -> CyberLink Corp. [Ver = 1.0.1611 | Size = 290816 bytes | Modified Date = 11/04/2004 10:15:14 PM | Attr = ] QuickFinder Scheduler -> %ProgramFiles%\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE ["C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"] -> Novell, Inc., c/o Corel Corporation Limited [Ver = 10.0.0.663 | Size = 77887 bytes | Modified Date = 02/10/2001 2:36:56 AM | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_05\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 144784 bytes | Modified Date = 22/02/2008 5:25:21 AM | Attr = ] TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> RealNetworks, Inc. [Ver = 0.1.0.3510 | Size = 180269 bytes | Modified Date = 19/08/2006 6:11:15 PM | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 15, 0, 1000 | Size = 1506544 bytes | Modified Date = 10/06/2008 9:28:52 PM | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 30/03/2006 4:45:08 PM | Attr = R ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Orbit.lnk -> %ProgramFiles%\Orbitdownloader\orbitdm.exe -> Orbitdownloader.com [Ver = 2, 7, 0, 1 | Size = 1690824 bytes | Modified Date = 10/06/2008 10:47:18 AM | Attr = ] %AllUsersProfile%\Start Menu\Programs\Startup\SMART Board Tools.lnk -> %ProgramFiles%\SMART Technologies Inc\SMART Board Software\SMARTBoardTools.exe -> SMART Technologies Inc. [Ver = 9.7.98.1 | Size = 4519176 bytes | Modified Date = 02/11/2007 6:48:46 AM | Attr = ] < sean Startup Folder > -> C:\Documents and Settings\sean\Start Menu\Programs\Startup -> %UserProfile%\Start Menu\Programs\Startup\Stickies.lnk -> %ProgramFiles%\Stickies\stickies.exe -> Zhorn Software [Ver = 6.5a | Size = 757760 bytes | Modified Date = 16/01/2008 10:39:45 PM | Attr = ] < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> avgrsstx.dll -> %SystemRoot%\SYSTEM32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 04/07/2008 10:50:59 AM | Attr = ] *MultiFile Done* -> -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 10/06/2008 9:28:52 PM | Attr = ] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> File not found < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 13/06/2007 6:23:07 AM | Attr = ] *MultiFile Done* -> -> *UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\SYSTEM32\USERINIT.EXE -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> *UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> logonui.exe -> %SystemRoot%\SYSTEM32\LOGONUI.EXE -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> *VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> rundll32 shell32 -> %SystemRoot%\SYSTEM32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 25/10/2007 11:34:01 PM | Attr = ] Control_RunDLL "sysdm.cpl" -> %SystemRoot%\SYSTEM32\SYSDM.CPL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.DLL -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 20/09/2007 10:22:26 PM | Attr = ] igfxcui -> %SystemRoot%\SYSTEM32\igfxdev.dll -> Intel Corporation [Ver = 3.0.0.4396 | Size = 135168 bytes | Modified Date = 20/09/2005 10:31:28 AM | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDrives -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableRegistryTools -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsHistory -> [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoRecentDocsMenu -> 01 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClearRecentDocsOnExit -> 01 00 00 00 [binary data] -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> 1 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> 0 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\SYSTEM32\DRIVERS\CDROM.SYS [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> -> File not found NEC MBR-7.4 -> -> File not found PIONEER CHANGR DRM-1804X -> -> File not found PIONEER CD-ROM DRM-6324X -> -> File not found PIONEER CD-ROM DRM-624X -> -> File not found TORiSAN CD-ROM CDR_C36 -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomPHILIPS_DVD+-RW_DVD8631_________________CD21____\594d543034373430303735313439324231305559 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> SCSI\CdRom&Ven_EM5958T&Prod_KMB563J&Rev_1.0\5&36e5972&0&000 -> < Drives - Autoruns > -> -> AUTOEXEC.BAT [SET PATH=%PATH%;C:\localcai\bin;C:\localcai\vdi | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 49 bytes | Modified Date = 20/08/2007 2:51:22 PM | Attr = ] < HOSTS File > (23 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.fisher-price.com/fp.aspx?st=10&e=gamesLanding&mcat=game_infant,game_toddler,game_preschool&site=us -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 6975 domain(s) found. -> 51 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 93 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {000123B4-9B42-4900-B3F7-F4B073EFC214} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Orbitdownloader\orbitcth.dll [Octh Class] -> Orbitdownloader.com [Ver = 2, 4, 0, 1 | Size = 187512 bytes | Modified Date = 10/06/2008 10:47:14 AM | Attr = ] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 18/12/2006 4:16:42 AM | Attr = ] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.136 | Size = 455960 bytes | Modified Date = 05/07/2008 8:52:43 AM | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 1:04:00 AM | Attr = ] {67BCF957-85FC-4036-8DC4-D4D80E00A77B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll [CIEDownload Object] -> SMART Technologies Inc. [Ver = 9.7.98.1 | Size = 587016 bytes | Modified Date = 02/11/2007 7:08:38 AM | Attr = ] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft Office 2007\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 5:25:19 AM | Attr = ] < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {C55BBCD6-41AD-48AD-9953-3609C48EACC7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Orbitdownloader\GrabPro.dll [Grab Pro] -> [Ver = 1, 0, 0, 1 | Size = 457848 bytes | Modified Date = 10/06/2008 10:47:16 AM | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{C55BBCD6-41AD-48AD-9953-3609C48EACC7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Orbitdownloader\GrabPro.dll [Grab Pro] -> [Ver = 1, 0, 0, 1 | Size = 457848 bytes | Modified Date = 10/06/2008 10:47:16 AM | Attr = ] WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22/02/2008 5:25:19 AM | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 509328 bytes | Modified Date = 22/02/2008 5:25:19 AM | Attr = ] {2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft Office 2007\Office12\ONBttnIE.dll [Send to OneNote] -> File not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}:BandCLSID -> Reg Error: Key does not exist or could not be opened. [Research] -> File not found < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.50.13 | Size = 132496 bytes | Modified Date = 22/02/2008 5:25:19 AM | Attr = ] CmdMapping\\{4B30061A-5B39-11D3-80F8-0090276F843F} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 56440 bytes | Modified Date = 10/06/2008 10:47:10 AM | Attr = ] &Grab video by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 56440 bytes | Modified Date = 10/06/2008 10:47:10 AM | Attr = ] Do&wnload selected by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 56440 bytes | Modified Date = 10/06/2008 10:47:10 AM | Attr = ] Down&load all by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 56440 bytes | Modified Date = 10/06/2008 10:47:10 AM | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {65DAECD5-0291-434F-BA21-72D9E077F543} -> (Intel(R) PRO/100 VE Network Connection) -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> belarc:{6318E0AB-2E93-11D1-B8ED-00608CC9A71F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Belarc\Advisor\System\BAVoilaX.dll[VoilaXctl Class] -> Belarc, Inc. [Ver = 7.2t | Size = 106496 bytes | Modified Date = 04/06/2007 6:41:12 PM | Attr = ] grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Microsoft Office 2007\Office12\GrooveSystemServices.dll[Local Groove Web Services Protocol] -> File not found intu-qt2007:{026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\QuickTax 2007\ic2007pp.dll[qt2007 Pluggable Protocol Handler Class] -> Intuit Canada, a general partnership/une société en nom collectif. [Ver = 1.0.4.0 | Size = 69632 bytes | Modified Date = 12/12/2007 2:17:12 PM | Attr = ] ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 04/07/2008 10:51:10 AM | Attr = ] msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {02BCC737-B171-4746-94C9-0D8A0B2C0089}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/templates/ieawsdc.cab[Microsoft Office Template and Media Control] -> {17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {1E3F888F-96D7-4A1B-8514-8991264E8B7D}[HKEY_LOCAL_MACHINE] -> http://www.pc.gc.ca/apps/dci/source/bin/iS3DCtrl.cab[iSite 3D Renderer Class] -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1178977234109[MUWebControl Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {F127B9BA-89EA-4B04-9C67-2074A9DF61FD}[HKEY_LOCAL_MACHINE] -> http://walmart.pnimedia.com/upload/activex/v2_0_0_9/PCAXSetupv2.0.0.9.cab?[Photo Upload Plugin Class] -> {F137B9BA-89EA-4B04-9C67-2074A9DF61FD}[HKEY_LOCAL_MACHINE] -> http://walmart.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?[Photo Upload Plugin Class] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\.Owner -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/Photochannel.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/Photochannel.dll\\.Owner -> {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/Photochannel.dll\\{F137B9BA-89EA-4B04-9C67-2074A9DF61FD} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\.Owner -> {02BCC737-B171-4746-94C9-0D8A0B2C0089} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/IEAWSDC.DLL\\{02BCC737-B171-4746-94C9-0D8A0B2C0089} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/iS3DCtrl.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/iS3DCtrl.dll\\.Owner -> {1E3F888F-96D7-4A1B-8514-8991264E8B7D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/iS3DCtrl.dll\\{1E3F888F-96D7-4A1B-8514-8991264E8B7D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/iSiteD3D8.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/iSiteD3D8.dll\\.Owner -> {1E3F888F-96D7-4A1B-8514-8991264E8B7D} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/iSiteD3D8.dll\\{1E3F888F-96D7-4A1B-8514-8991264E8B7D} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Photochannel.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Photochannel.dll\\.Owner -> {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Photochannel.dll\\{F127B9BA-89EA-4B04-9C67-2074A9DF61FD} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/GWFSPidGen.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> {17492023-C23A-453E-A040-C7C580BBF700} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/muweb.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/SYSTEM32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/resourceGeneric.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/resourceGeneric.dll\\.Owner -> {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/resourceGeneric.dll\\{F127B9BA-89EA-4B04-9C67-2074A9DF61FD} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/resourceGeneric.dll\\{F137B9BA-89EA-4B04-9C67-2074A9DF61FD} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82/gdiplus.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82/gdiplus.dll\\.Owner -> Unknown Owner -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82/gdiplus.dll\\{F127B9BA-89EA-4B04-9C67-2074A9DF61FD} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82/gdiplus.dll\\{F137B9BA-89EA-4B04-9C67-2074A9DF61FD} -> -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> *Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0 -> %SystemRoot%\SYSTEM32\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0 [binary data] -> *Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos -> %SystemRoot%\SYSTEM32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 15/06/2005 1:49:30 PM | Attr = ] msv1_0 -> %SystemRoot%\SYSTEM32\MSV1_0.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] schannel -> %SystemRoot%\SYSTEM32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 25/04/2007 10:21:15 AM | Attr = ] wdigest -> %SystemRoot%\SYSTEM32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 24/03/2006 12:37:50 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 844 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> *Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli -> %SystemRoot%\SYSTEM32\SCECLI.DLL -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> *ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider -> -> File not found *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\SYSTEM32\NTMARTA.DLL [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> 45 01 48 81 51 7A CC 2C DD 31 2C 3F 71 9D 71 E2 63 35 62 33 36 66 32 37 00 00 00 00 C9 35 00 00 18 CA 06 00 99 D0 BF 71 04 CA 06 00 10 00 00 00 00 00 00 00 5B 68 5F 6E 68 85 B3 CE A6 70 46 C5 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 3F 89 11 C4 3E B2 DE F2 64 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 28 1C EE 66 8A A5 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\msv1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> CF E6 49 BE 73 1E 30 DD 5C E9 FA 50 86 31 5F 16 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> D8 3B A9 DC 10 E5 C8 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E8 36 7A 44 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 78 9C 2F 12 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E8 36 7A 44 7A C4 01 [binary data] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\SYSTEM32\SVCHOST.EXE [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 698175 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\IPNATHLP.DLL [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\SYSTEM32\SESSMGR.EXE [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.2946 (xpsp.060706-0011) | Size = 557568 bytes | Modified Date = 06/07/2006 4:49:52 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\WinMX\WinMX.exe -> %ProgramFiles%\WinMX\WinMX.exe [C:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application] -> Frontcode Technologies [Ver = 3.53 | Size = 806912 bytes | Modified Date = 06/11/2004 9:20:02 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe -> %ProgramFiles%\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe [C:\Program Files\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe:*:Disabled:NAVBrowser] -> Naviant, Inc. [Ver = 1.0.1.2 | Size = 212992 bytes | Modified Date = 12/09/2001 3:42:58 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> %SystemRoot%\SYSTEM32\SESSMGR.EXE [C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Real\RealPlayer\realplay.exe -> %ProgramFiles%\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer] -> RealNetworks, Inc. [Ver = 6.0.12.1483 | Size = 208941 bytes | Modified Date = 19/08/2006 6:11:17 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Shareaza\Shareaza.exe -> %ProgramFiles%\Shareaza\Shareaza.exe [C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza] -> Shareaza Development Team [Ver = 2, 2, 1, 0 | Size = 3887104 bytes | Modified Date = 27/10/2005 7:44:40 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Azureus\Azureus.exe -> %ProgramFiles%\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus.exe] -> Azureus Inc [Ver = 3.0.0.0 | Size = 254976 bytes | Modified Date = 08/03/2008 10:30:06 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.2946 (xpsp.060706-0011) | Size = 557568 bytes | Modified Date = 06/07/2006 4:49:52 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\SYSTEM32\LEXPPS.EXE -> %SystemRoot%\SYSTEM32\LEXPPS.EXE [C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE] -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 15/04/2004 4:20:38 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orbitdownloader\orbitnet.exe -> %ProgramFiles%\Orbitdownloader\orbitnet.exe [C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:P2P service of Orbit Downloader] -> Orbitdownloader.com [Ver = 2, 6, 0, 4 | Size = 356352 bytes | Modified Date = 18/03/2008 3:34:14 PM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orbitdownloader\orbitdm.exe -> %ProgramFiles%\Orbitdownloader\orbitdm.exe [C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit Downloader] -> Orbitdownloader.com [Ver = 2, 7, 0, 1 | Size = 1690824 bytes | Modified Date = 10/06/2008 10:47:18 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> %ProgramFiles%\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 640280 bytes | Modified Date = 02/07/2008 9:32:30 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgemc.exe -> %ProgramFiles%\AVG\AVG8\avgemc.exe [C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 873752 bytes | Modified Date = 04/07/2008 10:51:11 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12001:UDP -> 12001:UDP:*:Enabled:SMART WebServer Handshake Multicast Port -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\SYSTEM32\SVCHOST.EXE [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\SYSTEM32\WUAUSERV.DLL [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 04/08/2004 7:00:00 AM | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ not found. -> -> Reg Error: Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> [Files/Folders - Created Within 90 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Created Date = 21/05/2008 3:19:43 AM | Attr = H ] 1 C:\*.tmp files -> C:\*.tmp -> BOOT.BAK -> %SystemDrive%\BOOT.BAK -> [Ver = | Size = 211 bytes | Created Date = 13/07/2008 11:38:10 AM | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Created Date = 13/07/2008 11:37:45 AM | Attr = RHS] cmldr -> %SystemDrive%\cmldr -> [Ver = | Size = 260272 bytes | Created Date = 13/07/2008 11:38:04 AM | Attr = RHS] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 13/07/2008 8:54:07 AM | Attr = ] fixwareout -> %SystemDrive%\fixwareout -> [Folder | Created Date = 13/07/2008 8:34:47 AM | Attr = ] QooBox -> %SystemDrive%\QooBox -> [Folder | Created Date = 13/07/2008 11:28:00 AM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Created Date = 13/07/2008 2:38:22 PM | Attr = HS] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Created Date = 16/05/2008 8:57:46 PM | Attr = ] avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 6061540 bytes | Created Date = 16/05/2008 8:57:46 PM | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 25444160 bytes | Created Date = 16/05/2008 8:57:47 PM | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 106404 bytes | Created Date = 16/05/2008 8:57:47 PM | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 116658 bytes | Created Date = 16/05/2008 8:57:47 PM | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 96520 bytes | Created Date = 16/05/2008 8:57:55 PM | Attr = ] avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 76040 bytes | Created Date = 16/05/2008 8:57:56 PM | Attr = ] Awrtpd.sys -> %SystemRoot%\System32\drivers\Awrtpd.sys -> Lavasoft AB [Ver = 1.0.0.134 | Size = 12960 bytes | Created Date = 29/04/2008 11:19:50 AM | Attr = ] Awrtrd.sys -> %SystemRoot%\System32\drivers\Awrtrd.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 15648 bytes | Created Date = 29/04/2008 11:19:54 AM | Attr = ] bvrp_pci.sys -> %SystemRoot%\System32\drivers\bvrp_pci.sys -> [Ver = | Size = 4272 bytes | Created Date = 10/06/2008 3:57:20 PM | Attr = R ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 11/07/2008 3:05:46 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Created Date = 11/07/2008 3:05:45 PM | Attr = ] NSDriver.sys -> %SystemRoot%\System32\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 15648 bytes | Created Date = 29/04/2008 11:20:00 AM | Attr = ] pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0 | Size = 28544 bytes | Created Date = 12/07/2008 10:17:51 PM | Attr = ] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Created Date = 16/05/2008 8:57:58 PM | Attr = ] DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 683520 bytes | Created Date = 30/05/2008 7:22:46 PM | Attr = ] DivXCodecVersionChecker.exe -> %SystemRoot%\System32\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 0,0,0,0 | Size = 161096 bytes | Created Date = 22/05/2008 6:19:12 PM | Attr = ] divxsm.tlb -> %SystemRoot%\System32\divxsm.tlb -> [Ver = | Size = 4816 bytes | Created Date = 22/05/2008 6:22:22 PM | Attr = ] DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll -> [Ver = | Size = 12288 bytes | Created Date = 22/05/2008 6:18:54 PM | Attr = ] divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 823296 bytes | Created Date = 30/05/2008 7:22:48 PM | Attr = ] divx_xx0a.dll -> %SystemRoot%\System32\divx_xx0a.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 815104 bytes | Created Date = 30/05/2008 7:22:46 PM | Attr = ] divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 823296 bytes | Created Date = 30/05/2008 7:22:48 PM | Attr = ] divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 802816 bytes | Created Date = 30/05/2008 7:22:48 PM | Attr = ] dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 81920 bytes | Created Date = 22/05/2008 6:19:46 PM | Attr = ] dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest -> [Ver = | Size = 416 bytes | Created Date = 22/05/2008 6:19:46 PM | Attr = ] dpu10.dll -> %SystemRoot%\System32\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 30/05/2008 7:22:54 PM | Attr = ] dpu11.dll -> %SystemRoot%\System32\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Created Date = 30/05/2008 7:22:54 PM | Attr = ] dpuGUI10.dll -> %SystemRoot%\System32\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Created Date = 30/05/2008 7:22:58 PM | Attr = ] dpuGUI11.dll -> %SystemRoot%\System32\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Created Date = 30/05/2008 7:22:54 PM | Attr = ] dpus11.dll -> %SystemRoot%\System32\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Created Date = 30/05/2008 7:22:54 PM | Attr = ] dpv11.dll -> %SystemRoot%\System32\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Created Date = 30/05/2008 7:22:54 PM | Attr = ] dtu100.dll -> %SystemRoot%\System32\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 196608 bytes | Created Date = 22/05/2008 6:19:46 PM | Attr = ] dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest -> [Ver = | Size = 416 bytes | Created Date = 22/05/2008 6:19:46 PM | Attr = ] libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Created Date = 22/05/2008 6:20:42 PM | Attr = ] lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [Ver = | Size = 12632 bytes | Created Date = 16/05/2008 11:58:04 AM | Attr = ] ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Created Date = 22/05/2008 6:20:42 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Created Date = 13/07/2008 8:55:03 AM | Attr = ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> fdsv.exe -> %SystemRoot%\fdsv.exe -> Smallfrogs Studio [Ver = 1, 2, 0, 22 | Size = 89504 bytes | Created Date = 13/07/2008 1:09:13 PM | Attr = ] grep.exe -> %SystemRoot%\grep.exe -> [Ver = | Size = 80412 bytes | Created Date = 13/07/2008 1:09:13 PM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Created Date = 14/07/2008 2:04:55 AM | Attr = ] Nircmd.exe -> %SystemRoot%\Nircmd.exe -> NirSoft [Ver = 2.10 | Size = 28672 bytes | Created Date = 13/07/2008 1:09:14 PM | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 13/07/2008 1:15:30 PM | Attr = ] sed.exe -> %SystemRoot%\sed.exe -> [Ver = | Size = 98816 bytes | Created Date = 13/07/2008 1:09:13 PM | Attr = ] setup.pss -> %SystemRoot%\setup.pss -> [Folder | Created Date = 13/07/2008 11:37:40 AM | Attr = ] setupupd -> %SystemRoot%\setupupd -> [Folder | Created Date = 13/07/2008 11:37:26 AM | Attr = ] swreg.exe -> %SystemRoot%\swreg.exe -> SteelWerX [Ver = 3.0.0.0 | Size = 161792 bytes | Created Date = 13/07/2008 1:09:13 PM | Attr = ] swsc.exe -> %SystemRoot%\swsc.exe -> SteelWerX [Ver = 2.0.0.5 | Size = 136704 bytes | Created Date = 13/07/2008 1:09:13 PM | Attr = ] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 13/07/2008 1:09:13 PM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 13/07/2008 1:18:26 PM | Attr = ] VFind.exe -> %SystemRoot%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 13/07/2008 1:09:13 PM | Attr = ] zip.exe -> %SystemRoot%\zip.exe -> [Ver = | Size = 68096 bytes | Created Date = 13/07/2008 1:09:13 PM | Attr = ] [Files Created - Additional Folder Scans - Non-Microsoft Only] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Created Date = 16/05/2008 8:57:34 PM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Created Date = 11/07/2008 3:05:45 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Created Date = 12/07/2008 9:29:42 PM | Attr = ] @Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34 GrabPro -> %AppData%\GrabPro -> [Folder | Created Date = 08/07/2008 8:16:14 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 11/07/2008 3:05:50 PM | Attr = ] stickies -> %AppData%\stickies -> [Folder | Created Date = 08/07/2008 2:16:34 PM | Attr = ] Opera -> %UserProfile%\Local Settings\Application Data\Opera -> [Folder | Created Date = 10/07/2008 11:59:00 PM | Attr = ] My DVDs -> %UserProfile%\My Documents\My DVDs -> [Folder | Created Date = 18/06/2008 8:22:08 PM | Attr = S] 5 C:\Documents and Settings\sean\My Documents\*.tmp files -> C:\Documents and Settings\sean\My Documents\*.tmp -> Picasa2.lnk -> %AllUsersProfile%\Desktop\Picasa2.lnk -> [Ver = | Size = 666 bytes | Created Date = 30/04/2008 8:53:26 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 2612206 bytes | Created Date = 13/07/2008 11:29:29 AM | Attr = ] Downloads -> %UserProfile%\Desktop\Downloads -> [Folder | Created Date = 08/07/2008 2:15:45 PM | Attr = ] SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Created Date = 12/07/2008 9:29:35 PM | Attr = ] Orbit.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Orbit.lnk -> [Ver = | Size = 1554 bytes | Created Date = 08/07/2008 8:16:43 AM | Attr = ] Stickies.lnk -> %UserProfile%\Start Menu\Programs\Startup\Stickies.lnk -> [Ver = | Size = 696 bytes | Created Date = 08/07/2008 2:16:26 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Created Date = 11/07/2008 3:05:23 PM | Attr = ] AVG -> %ProgramFiles%\AVG -> [Folder | Created Date = 16/05/2008 8:57:36 PM | Attr = ] Bazooka Scanner -> %ProgramFiles%\Bazooka Scanner -> [Folder | Created Date = 11/07/2008 2:49:42 PM | Attr = ] Lavasoft -> %ProgramFiles%\Lavasoft -> [Folder | Created Date = 11/07/2008 9:40:39 AM | Attr = ] Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [Folder | Created Date = 11/07/2008 3:05:44 PM | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 11/07/2008 3:07:49 PM | Attr = ] Picasa2 -> %ProgramFiles%\Picasa2 -> [Folder | Created Date = 30/04/2008 8:52:57 PM | Attr = ] Stickies -> %ProgramFiles%\Stickies -> [Folder | Created Date = 08/07/2008 2:16:25 PM | Attr = ] [Files/Folders - Modified Within 90 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Modified Date = 17/06/2008 11:10:53 PM | Attr = H ] 1 C:\*.tmp files -> C:\*.tmp -> boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 282 bytes | Modified Date = 13/07/2008 11:38:10 AM | Attr = RHS] cmdcons -> %SystemDrive%\cmdcons -> [Folder | Modified Date = 13/07/2008 11:38:10 AM | Attr = RHS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 14/07/2008 2:14:24 AM | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 13/07/2008 8:54:07 AM | Attr = ] DELL -> %SystemDrive%\DELL -> [Folder | Modified Date = 10/06/2008 3:56:12 PM | Attr = ] fixwareout -> %SystemDrive%\fixwareout -> [Folder | Modified Date = 13/07/2008 5:47:50 PM | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 534827008 bytes | Modified Date = 14/07/2008 2:31:43 AM | Attr = HS] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 12/07/2008 9:05:44 PM | Attr = R ] QooBox -> %SystemDrive%\QooBox -> [Folder | Modified Date = 13/07/2008 1:17:34 PM | Attr = ] RECYCLER -> %SystemDrive%\RECYCLER -> [Folder | Modified Date = 13/07/2008 2:38:22 PM | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 14/07/2008 2:33:59 AM | Attr = ] quartz.dll -> %SystemRoot%\System32\dllcache\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 07/05/2008 1:18:48 AM | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Modified Date = 14/07/2008 9:59:46 AM | Attr = ] avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 6061540 bytes | Modified Date = 05/06/2008 1:46:38 AM | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 25444160 bytes | Modified Date = 14/07/2008 9:59:44 AM | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 106404 bytes | Modified Date = 12/07/2008 8:36:44 PM | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 116658 bytes | Modified Date = 18/06/2008 1:53:23 AM | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 96520 bytes | Modified Date = 04/07/2008 10:50:58 AM | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.132 | Size = 26824 bytes | Modified Date = 04/07/2008 10:50:59 AM | Attr = ] avgtdix.sys -> %SystemRoot%\System32\drivers\avgtdix.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.116 | Size = 76040 bytes | Modified Date = 04/07/2008 10:51:19 AM | Attr = ] Awrtpd.sys -> %SystemRoot%\System32\drivers\Awrtpd.sys -> Lavasoft AB [Ver = 1.0.0.134 | Size = 12960 bytes | Modified Date = 29/04/2008 11:19:50 AM | Attr = ] Awrtrd.sys -> %SystemRoot%\System32\drivers\Awrtrd.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 15648 bytes | Modified Date = 29/04/2008 11:19:54 AM | Attr = ] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 07/07/2008 5:35:30 PM | Attr = ] mbamcatchme.sys -> %SystemRoot%\System32\drivers\mbamcatchme.sys -> [Ver = | Size = 34296 bytes | Modified Date = 07/07/2008 5:35:36 PM | Attr = ] NSDriver.sys -> %SystemRoot%\System32\drivers\NSDriver.sys -> Lavasoft AB [Ver = 7.0.1.3 | Size = 15648 bytes | Modified Date = 29/04/2008 11:20:00 AM | Attr = ] pavboot.sys -> %SystemRoot%\System32\drivers\pavboot.sys -> Panda Security, S.L. [Ver = 1.0.10.0 | Size = 28544 bytes | Modified Date = 19/06/2008 5:24:30 PM | Attr = ] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 04/07/2008 10:50:59 AM | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 13/07/2008 8:10:17 PM | Attr = ] 4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> DivX.dll -> %SystemRoot%\System32\DivX.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 683520 bytes | Modified Date = 30/05/2008 7:22:46 PM | Attr = ] DivXCodecVersionChecker.exe -> %SystemRoot%\System32\DivXCodecVersionChecker.exe -> DivX, Inc. [Ver = 0,0,0,0 | Size = 161096 bytes | Modified Date = 22/05/2008 6:19:12 PM | Attr = ] divxdec.ax -> %SystemRoot%\System32\divxdec.ax -> DivX, Inc. [Ver = 6.3.0.63 | Size = 630784 bytes | Modified Date = 30/05/2008 7:22:40 PM | Attr = ] DivXsm.exe -> %SystemRoot%\System32\DivXsm.exe -> DivX Inc. [Ver = 6, 6, 1, 4 | Size = 524288 bytes | Modified Date = 22/05/2008 6:22:22 PM | Attr = ] divxsm.tlb -> %SystemRoot%\System32\divxsm.tlb -> [Ver = | Size = 4816 bytes | Modified Date = 22/05/2008 6:22:22 PM | Attr = ] DivXWMPExtType.dll -> %SystemRoot%\System32\DivXWMPExtType.dll -> [Ver = | Size = 12288 bytes | Modified Date = 22/05/2008 6:18:54 PM | Attr = ] divx_xx07.dll -> %SystemRoot%\System32\divx_xx07.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 823296 bytes | Modified Date = 30/05/2008 7:22:48 PM | Attr = ] divx_xx0a.dll -> %SystemRoot%\System32\divx_xx0a.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 815104 bytes | Modified Date = 30/05/2008 7:22:46 PM | Attr = ] divx_xx0c.dll -> %SystemRoot%\System32\divx_xx0c.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 823296 bytes | Modified Date = 30/05/2008 7:22:48 PM | Attr = ] divx_xx11.dll -> %SystemRoot%\System32\divx_xx11.dll -> DivX, Inc. [Ver = 6.8.3.13 | Size = 802816 bytes | Modified Date = 30/05/2008 7:22:48 PM | Attr = ] DLLCACHE -> %SystemRoot%\System32\DLLCACHE -> [Folder | Modified Date = 14/07/2008 2:12:49 AM | Attr = RHS] dpl100.dll -> %SystemRoot%\System32\dpl100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 81920 bytes | Modified Date = 22/05/2008 6:19:46 PM | Attr = ] dpl100.dll.manifest -> %SystemRoot%\System32\dpl100.dll.manifest -> [Ver = | Size = 416 bytes | Modified Date = 22/05/2008 6:19:46 PM | Attr = ] dpu10.dll -> %SystemRoot%\System32\dpu10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 30/05/2008 7:22:54 PM | Attr = ] dpu11.dll -> %SystemRoot%\System32\dpu11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 294912 bytes | Modified Date = 30/05/2008 7:22:54 PM | Attr = ] dpuGUI10.dll -> %SystemRoot%\System32\dpuGUI10.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 53248 bytes | Modified Date = 30/05/2008 7:22:58 PM | Attr = ] dpuGUI11.dll -> %SystemRoot%\System32\dpuGUI11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 593920 bytes | Modified Date = 30/05/2008 7:22:54 PM | Attr = ] dpus11.dll -> %SystemRoot%\System32\dpus11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 344064 bytes | Modified Date = 30/05/2008 7:22:54 PM | Attr = ] dpv11.dll -> %SystemRoot%\System32\dpv11.dll -> DivXNetworks [Ver = 1, 1, 1, 3 | Size = 57344 bytes | Modified Date = 30/05/2008 7:22:54 PM | Attr = ] DRIVERS -> %SystemRoot%\System32\DRIVERS -> [Folder | Modified Date = 14/07/2008 2:12:49 AM | Attr = ] dtu100.dll -> %SystemRoot%\System32\dtu100.dll -> DivX, Inc. [Ver = 1, 2, 0, 44 | Size = 196608 bytes | Modified Date = 22/05/2008 6:19:46 PM | Attr = ] dtu100.dll.manifest -> %SystemRoot%\System32\dtu100.dll.manifest -> [Ver = | Size = 416 bytes | Modified Date = 22/05/2008 6:19:46 PM | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 681720 bytes | Modified Date = 14/07/2008 2:31:43 AM | Attr = ] FxsTmp -> %SystemRoot%\System32\FxsTmp -> [Folder | Modified Date = 21/06/2008 1:13:54 PM | Attr = ] libdivx.dll -> %SystemRoot%\System32\libdivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 1044480 bytes | Modified Date = 22/05/2008 6:20:42 PM | Attr = ] lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [Ver = | Size = 12632 bytes | Modified Date = 16/05/2008 11:58:04 AM | Attr = ] qt-dx331.dll -> %SystemRoot%\System32\qt-dx331.dll -> [Ver = | Size = 3596288 bytes | Modified Date = 22/05/2008 6:22:18 PM | Attr = ] quartz.dll -> %SystemRoot%\System32\quartz.dll -> [Ver = | Size = 1287680 bytes | Modified Date = 07/05/2008 1:18:48 AM | Attr = ] ssldivx.dll -> %SystemRoot%\System32\ssldivx.dll -> The OpenSSL Project, http://www.openssl.org/ [Ver = 0.9.8b | Size = 200704 bytes | Modified Date = 22/05/2008 6:20:42 PM | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 14/07/2008 2:12:46 AM | Attr = H ] 1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> BOOTSTAT.DAT -> %SystemRoot%\BOOTSTAT.DAT -> [Ver = | Size = 2048 bytes | Modified Date = 14/07/2008 2:31:46 AM | Attr = S] Debug -> %SystemRoot%\Debug -> [Folder | Modified Date = 02/07/2008 11:33:36 PM | Attr = ] dellstat.ini -> %SystemRoot%\dellstat.ini -> [Ver = | Size = 502 bytes | Modified Date = 13/07/2008 9:20:17 PM | Attr = ] ERDNT -> %SystemRoot%\ERDNT -> [Folder | Modified Date = 13/07/2008 1:10:03 PM | Attr = ] ie7updates -> %SystemRoot%\ie7updates -> [Folder | Modified Date = 14/07/2008 2:12:11 AM | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 14/07/2008 2:12:39 AM | Attr = ] INF -> %SystemRoot%\INF -> [Folder | Modified Date = 14/07/2008 2:12:50 AM | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 14/07/2008 2:14:22 AM | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 14/07/2008 9:55:27 PM | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 13/07/2008 1:18:25 PM | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 14/07/2008 9:18:35 AM | Attr = H ] setup.pss -> %SystemRoot%\setup.pss -> [Folder | Modified Date = 13/07/2008 11:37:40 AM | Attr = ] setupupd -> %SystemRoot%\setupupd -> [Folder | Modified Date = 13/07/2008 11:37:35 AM | Attr = ] Sketchpad Preferences.dat -> %SystemRoot%\Sketchpad Preferences.dat -> [Ver = | Size = 1500 bytes | Modified Date = 28/05/2008 6:53:25 AM | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 247 bytes | Modified Date = 13/07/2008 1:15:36 PM | Attr = ] SYSTEM32 -> %SystemRoot%\SYSTEM32 -> [Folder | Modified Date = 14/07/2008 2:31:38 AM | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 14/07/2008 10:00:11 PM | Attr = ] WIN.INI -> %SystemRoot%\WIN.INI -> [Ver = | Size = 2020 bytes | Modified Date = 13/07/2008 10:56:44 AM | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 16/05/2008 8:56:40 PM | Attr = ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 14/07/2008 2:31:57 AM | Attr = H ] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [Folder | Modified Date = 20/09/2007 8:57:39 AM | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 14056 bytes | Modified Date = 14/07/2008 2:34:59 AM | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 14056 bytes | Modified Date = 14/07/2008 2:34:59 AM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [Folder | Modified Date = 01/12/2007 12:52:45 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [Ver = | Size = 1632 bytes | Modified Date = 01/12/2007 12:57:27 PM | Attr = ] opa12.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\opa12.dat -> [Ver = | Size = 8206 bytes | Modified Date = 01/10/2007 10:12:29 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Plus! Digital Media Edition\data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Plus! Digital Media Edition\data -> [Folder | Modified Date = 12/12/2005 10:44:15 PM | Attr = ] data.data -> C:\Documents and Settings\All Users\Application Data\Microsoft\Plus! Digital Media Edition\data\data.data -> [Ver = | Size = 13174 bytes | Modified Date = 12/12/2005 10:45:23 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data -> [Folder | Modified Date = 16/04/2005 2:47:05 PM | Attr = ] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Genuine Advantage\data\data.dat -> [Ver = | Size = 11860 bytes | Modified Date = 16/04/2005 2:47:10 PM | Attr = ] C:\Documents and Settings\All Users\Application Data\Microsoft\Works\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works -> [Folder | Modified Date = 18/03/2008 12:00:17 AM | Attr = ] wkcalcat.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wkcalcat.dat -> [Ver = | Size = 16384 bytes | Modified Date = 27/01/2005 9:07:47 PM | Attr = ] wklntsk1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Works\wklntsk1.dat -> [Ver = | Size = 182481 bytes | Modified Date = 27/05/2007 3:11:54 PM | Attr = ] C:\Documents and Settings\sean\Local Settings\Temp\ -> C:\Documents and Settings\sean\Local Settings\Temp -> [Folder | Modified Date = 14/07/2008 9:58:52 PM | Attr = ] rtdrvmon.exe -> C:\Documents and Settings\sean\Local Settings\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 14/07/2008 9:55:00 PM | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\sean\Local Settings\Temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1034 | Size = 158960 bytes | Modified Date = 10/06/2008 9:28:52 PM | Attr = ] 10 C:\Documents and Settings\sean\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\sean\Local Settings\Temp\*.tmp -> C:\Documents and Settings\sean\Local Settings\Temp\ -> C:\Documents and Settings\sean\Local Settings\Temp -> [Folder | Modified Date = 14/07/2008 9:58:52 PM | Attr = ] swt-gdip-win32-3430.dll -> C:\Documents and Settings\sean\Local Settings\Temp\swt-gdip-win32-3430.dll -> Eclipse Foundation [Ver = 3.430 | Size = 77824 bytes | Modified Date = 13/07/2008 3:24:26 PM | Attr = ] swt-win32-3430.dll -> C:\Documents and Settings\sean\Local Settings\Temp\swt-win32-3430.dll -> Eclipse Foundation [Ver = 3.430 | Size = 323584 bytes | Modified Date = 13/07/2008 3:24:25 PM | Attr = ] 10 C:\Documents and Settings\sean\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\sean\Local Settings\Temp\*.tmp -> C:\WINDOWS\Temp\ -> C:\WINDOWS\TEMP -> [Folder | Modified Date = 14/07/2008 10:00:14 PM | Attr = ] rtdrvmon.exe -> C:\WINDOWS\TEMP\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 14/07/2008 2:33:08 AM | Attr = ] [Files Modified - Additional Folder Scans - Non-Microsoft Only] avg8 -> %AllUsersProfile%\Application Data\avg8 -> [Folder | Modified Date = 16/05/2008 8:57:35 PM | Attr = ] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [Folder | Modified Date = 11/07/2008 10:27:25 AM | Attr = ] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [Folder | Modified Date = 11/07/2008 3:05:45 PM | Attr = ] Microsoft Help -> %AllUsersProfile%\Application Data\Microsoft Help -> [Folder | Modified Date = 14/07/2008 2:14:23 AM | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [Folder | Modified Date = 13/07/2008 2:38:57 PM | Attr = ] TEMP -> %AllUsersProfile%\Application Data\TEMP -> [Folder | Modified Date = 12/07/2008 9:32:05 PM | Attr = ] @Alternate Data Stream - 120 bytes -> %AllUsersProfile%\Application Data\TEMP:5C321E34 Adobe -> %AppData%\Adobe -> [Folder | Modified Date = 21/05/2008 9:17:36 PM | Attr = ] AdobeUM -> %AppData%\AdobeUM -> [Folder | Modified Date = 08/05/2008 4:37:02 PM | Attr = ] Azureus -> %AppData%\Azureus -> [Folder | Modified Date = 14/07/2008 8:25:02 PM | Attr = ] dvdcss -> %AppData%\dvdcss -> [Folder | Modified Date = 28/05/2008 9:43:58 PM | Attr = ] evpro32.prf -> %AppData%\evpro32.prf -> [Ver = | Size = 3753 bytes | Modified Date = 21/04/2008 1:58:47 PM | Attr = ] GrabPro -> %AppData%\GrabPro -> [Folder | Modified Date = 08/07/2008 9:56:54 AM | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 11/07/2008 3:05:50 PM | Attr = ] Mozilla -> %AppData%\Mozilla -> [Folder | Modified Date = 08/07/2008 2:12:54 PM | Attr = ] Opera -> %AppData%\Opera -> [Folder | Modified Date = 11/07/2008 12:16:44 AM | Attr = ] Orbit -> %AppData%\Orbit -> [Folder | Modified Date = 14/07/2008 2:34:21 AM | Attr = ] Real -> %AppData%\Real -> [Folder | Modified Date = 19/04/2008 10:16:47 PM | Attr = ] stickies -> %AppData%\stickies -> [Folder | Modified Date = 13/07/2008 5:49:36 PM | Attr = ] U3 -> %AppData%\U3 -> [Folder | Modified Date = 07/05/2008 9:05:12 PM | Attr = ] Vso -> %AppData%\Vso -> [Folder | Modified Date = 13/07/2008 12:37:42 PM | Attr = ] wklnhst.dat -> %AppData%\wklnhst.dat -> [Ver = | Size = 51306 bytes | Modified Date = 08/07/2008 4:46:32 PM | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 33792 bytes | Modified Date = 13/07/2008 12:36:11 PM | Attr = ] Google -> %UserProfile%\Local Settings\Application Data\Google -> [Folder | Modified Date = 30/04/2008 8:53:33 PM | Attr = ] Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft -> [Folder | Modified Date = 19/06/2008 9:43:54 PM | Attr = ] Opera -> %UserProfile%\Local Settings\Application Data\Opera -> [Folder | Modified Date = 11/07/2008 12:16:44 AM | Attr = ] WMTools Downloaded Files -> %UserProfile%\Local Settings\Application Data\WMTools Downloaded Files -> [Folder | Modified Date = 17/06/2008 8:27:42 PM | Attr = ] zmisc downloads -> %AllUsersProfile%\Documents\zmisc downloads -> [Folder | Modified Date = 13/07/2008 8:33:26 AM | Attr = ] !denise -> %UserProfile%\My Documents\!denise -> [Folder | Modified Date = 02/07/2008 1:00:07 PM | Attr = ] 5 C:\Documents and Settings\sean\My Documents\*.tmp files -> C:\Documents and Settings\sean\My Documents\*.tmp -> !sean -> %UserProfile%\My Documents\!sean -> [Folder | Modified Date = 08/07/2008 6:47:42 PM | Attr = ] ConvertXtoDVD -> %UserProfile%\My Documents\ConvertXtoDVD -> [Folder | Modified Date = 09/07/2008 7:07:33 PM | Attr = ] info -> %UserProfile%\My Documents\info -> [Folder | Modified Date = 12/07/2008 9:17:49 PM | Attr = ] My Downloads -> %UserProfile%\My Documents\My Downloads -> [Folder | Modified Date = 08/07/2008 2:07:09 PM | Attr = ] My DVDs -> %UserProfile%\My Documents\My DVDs -> [Folder | Modified Date = 18/06/2008 8:22:08 PM | Attr = S] My Music -> %UserProfile%\My Documents\My Music -> [Folder | Modified Date = 22/06/2008 9:14:16 AM | Attr = R ] My Pictures -> %UserProfile%\My Documents\My Pictures -> [Folder | Modified Date = 27/06/2008 11:36:55 AM | Attr = R ] My Videos -> %UserProfile%\My Documents\My Videos -> [Folder | Modified Date = 15/06/2008 10:29:20 PM | Attr = R ] Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [Ver = | Size = 1602 bytes | Modified Date = 08/07/2008 2:11:24 PM | Attr = ] Picasa2.lnk -> %AllUsersProfile%\Desktop\Picasa2.lnk -> [Ver = | Size = 666 bytes | Modified Date = 30/04/2008 8:53:26 PM | Attr = ] ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [Ver = | Size = 2612206 bytes | Modified Date = 13/07/2008 10:43:31 AM | Attr = ] Downloads -> %UserProfile%\Desktop\Downloads -> [Folder | Modified Date = 14/07/2008 9:44:48 PM | Attr = ] Paint.lnk -> %UserProfile%\Desktop\Paint.lnk -> [Ver = | Size = 1503 bytes | Modified Date = 12/06/2008 7:49:03 AM | Attr = ] SpywareBlaster.lnk -> %UserProfile%\Desktop\SpywareBlaster.lnk -> [Ver = | Size = 690 bytes | Modified Date = 12/07/2008 9:29:35 PM | Attr = ] SYSTEM STUFF -> %UserProfile%\Desktop\SYSTEM STUFF -> [Folder | Modified Date = 14/07/2008 9:47:44 PM | Attr = R ] WordPerfect.lnk -> %UserProfile%\Desktop\WordPerfect.lnk -> [Ver = | Size = 2501 bytes | Modified Date = 15/06/2008 9:52:16 AM | Attr = ] Orbit.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Orbit.lnk -> [Ver = | Size = 1554 bytes | Modified Date = 14/07/2008 2:33:53 AM | Attr = ] Stickies.lnk -> %UserProfile%\Start Menu\Programs\Startup\Stickies.lnk -> [Ver = | Size = 696 bytes | Modified Date = 08/07/2008 2:16:27 PM | Attr = ] Download Manager -> %CommonProgramFiles%\Download Manager -> [Folder | Modified Date = 11/07/2008 3:05:23 PM | Attr = ] Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared -> [Folder | Modified Date = 16/05/2008 8:56:41 PM | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 11/07/2008 9:37:34 AM | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]