Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Attack


  • Please log in to reply
26 replies to this topic

#1 Harsh Deshpande

Harsh Deshpande

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 23 February 2008 - 06:13 AM

Hello Sir,
I have a lot of problems!! I was directed here from http://www.bleepingcomputer.com/forums/t/132284/hidden-files-extension/
My McAfee Virus Scan Enterprise 8.5 i won't work properly. I can't open the virus scan console nor on access scan properties. Hijack this was disabled. I renamed the Hijack this file and it opened. In folder options, the hide protected operating system files option is missing. When I uncheck the hide extensions option, it gets checked on its own. I get many error messages while starting my computer and shutting it down. My antivirus detected trojan zlob, generic!atr, smitfaud, etc. I did SD fix, msncleaner, Ad-aware, Spybot. Here is Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:30:35 PM, on 2/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\WINDOWS\system\services.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Trend Micro\HijackThis\Copy of HijackThis.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E794189-7575-4306-8F49-CCDD291A59CD} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\real player\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {52B2C227-9E7A-483B-AEC4-E5DA9302D409} - C:\WINDOWS\system32\ssqrr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: (no name) - {AA38CFB4-F530-4219-A25F-338918E50A2C} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: {57bb2360-b2d5-566a-c344-e046ef134f8d} - {d8f431fe-640e-443c-a665-5d2b0632bb75} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Policies\Explorer\Run: [AudioMan] C:\WINDOWS\System32\Explorer.sm1
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [AudioMan] C:\WINDOWS\System32\Explorer.sm1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [AudioMan] C:\WINDOWS\System32\Explorer.sm1 (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://E:\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O20 - Winlogon Notify: qomnlkl - qomnlkl.dll (file missing)
O20 - Winlogon Notify: yotbachl - yotbachl.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe (file missing)
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8496 bytes

I get this error message when I start my computer: Attached File  Error.jpg   427.53KB   12 downloads

Edited by Harsh Deshpande, 23 February 2008 - 07:36 AM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:57 AM

Posted 01 March 2008 - 12:23 PM

Hello Harsh Deshpande and welcome to the BC HijackThis forum. That log looks interesting. Let's see what else we can find.

Before running a new scan let's clean out the temporoary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Now download WinPFind35u.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind35u on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Harsh Deshpande

Harsh Deshpande
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 02 March 2008 - 12:17 AM

Sir, thanks for your prompt help!! Here is the log:

WinPFind35 logfile created on: 3/2/2008 10:40:20 AM
WinPFind35U Version 1.0.3.0	 Folder = C:\Documents and Settings\owner1\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
959.29 Mb Total Physical Memory | 544.17 Mb Available Physical Memory | 56.73% Memory free
1.83 Gb Paging File | 1.55 Gb Available in Paging File | 84.45% Paging File free
Paging file location(s): E:\pagefile.sys 1000 4096;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.32 Gb Total Space | 2.27 Gb Free Space | 24.33% Space Free | Partition Type: NTFS
Drive D: | 9.31 Gb Total Space | 0.10 Gb Free Space | 1.07% Space Free | Partition Type: FAT32
Drive E: | 9.31 Gb Total Space | 2.70 Gb Free Space | 29.00% Space Free | Partition Type: FAT32
Drive F: | 9.29 Gb Total Space | 1.97 Gb Free Space | 21.16% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER
Current User Name: owner1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 11/3/2007 9:08:48 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
shstat.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 112216 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr =	]
udaterui.exe -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:00 AM | Attr =	]
services.exe -> %SystemRoot%\system\services.exe ->  [Ver =  | Size = 590336 bytes | Modified Date = 10/19/2007 10:56:04 PM | Attr = RHS]
mctray.exe -> %ProgramFiles%\McAfee\Common Framework\Mctray.exe -> McAfee, Inc. [Ver = 1.0.0.125 | Size = 86016 bytes | Modified Date = 12/19/2006 3:06:00 PM | Attr =	]
utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe ->  [Ver =  | Size = 219952 bytes | Modified Date = 2/14/2008 8:20:21 PM | Attr =	]
adskscsrv.exe -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.80.011 | Size = 85096 bytes | Modified Date = 11/9/2007 10:27:24 AM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 4/13/2006 4:14:26 PM | Attr =	]
frameworkservice.exe -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 104000 bytes | Modified Date = 12/19/2006 11:24:50 AM | Attr =	]
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 4/13/2006 4:14:26 PM | Attr =	]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 144960 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr =	]
vstskmgr.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 54872 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr =	]
naprdmgr.exe -> %ProgramFiles%\McAfee\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:54 AM | Attr =	]
raysat_3dsmax9_32server.exe -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe ->  [Ver =  | Size = 65536 bytes | Modified Date = 9/29/2006 12:48:06 PM | Attr =	]
nsvcip.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 131131 bytes | Modified Date = 6/29/2006 9:12:46 AM | Attr =	]
nsvclog.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 65599 bytes | Modified Date = 6/29/2006 9:12:30 AM | Attr =	]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9134 | Size = 155715 bytes | Modified Date = 6/29/2006 7:55:00 PM | Attr =	]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.12: 2008020121 | Size = 7655024 bytes | Modified Date = 2/10/2008 11:46:16 AM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.3.0 | Size = 310784 bytes | Modified Date = 3/1/2008 1:06:42 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.80.011 | Size = 85096 bytes | Modified Date = 11/9/2007 10:27:24 AM | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/28/2008 11:28:42 AM | Attr =	]
(ForcewareWebInterface) Forceware Web Interface [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 4/13/2006 4:14:26 PM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 6/18/2007 3:48:26 PM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =	]
(InCDsrv) InCD Helper [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> File not found
(McAfeeFramework) McAfee Framework Service [Win32_Own | Unknown | Running] ->  -> File not found
(McShield) McAfee McShield [Win32_Own | Unknown | Running] ->  -> File not found
(McTaskManager) McAfee Task Manager [Win32_Own | Unknown | Running] ->  -> File not found
(mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) [Win32_Own | Auto | Running] -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe ->  [Ver =  | Size = 65536 bytes | Modified Date = 9/29/2006 12:48:06 PM | Attr =	]
(nSvcIp) ForceWare IP service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 131131 bytes | Modified Date = 6/29/2006 9:12:46 AM | Attr =	]
(nSvcLog) ForceWare user log service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 65599 bytes | Modified Date = 6/29/2006 9:12:30 AM | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9134 | Size = 155715 bytes | Modified Date = 6/29/2006 7:55:00 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ADIHdAud.sys -> Analog Devices, Inc. [Ver = 5.10.01.4151 built by: WinDDK | Size = 141312 bytes | Modified Date = 10/5/2005 2:51:10 PM | Attr = R  ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(AEAudioService) AEAudio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.0.1.14 | Size = 127872 bytes | Modified Date = 3/4/2005 6:23:00 PM | Attr = R  ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Asp0xmtcpa) Asp0xmtcpa [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(CableFlt) Quick Heal Network Protection Service [Kernel | On_Demand | Stopped] -> system32\DRIVERS\CableFlt.sys -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\owner1\LOCALS~1\Temp\catchme.sys -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Hdaudio.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5012 built by: WinDDK | Size = 145920 bytes | Modified Date = 10/27/2004 3:21:30 PM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5012 built by: WinDDK | Size = 138240 bytes | Modified Date = 10/27/2004 3:21:36 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(InCDfs) InCD File System [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\InCDfs.sys -> Nero AG [Ver = 4, 3, 18, 0 | Size = 99584 bytes | Modified Date = 7/8/2005 5:17:54 PM | Attr =	]
(InCDPass) InCDPass [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDpass.sys -> Nero AG [Ver = 4, 3, 18, 0 | Size = 29696 bytes | Modified Date = 7/8/2005 5:17:36 PM | Attr =	]
(incdrm) InCD Reader [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDrm.sys -> Nero AG [Ver = 4, 3, 18, 0 | Size = 28672 bytes | Modified Date = 7/8/2005 7:47:32 PM | Attr =	]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mfeapfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeapfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 64360 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
(mfeavfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 72264 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
(mfebopk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 34152 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
(mfehidk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 170408 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr =	]
(mferkdk) VSCore mferkdk [Kernel | System | Stopped] -> E:\McAfee\mferkdk.sys -> File not found
(mfetdik) McAfee Inc. [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfetdik.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 52136 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ASACPI.sys ->  [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Modified Date = 8/13/2004 4:26:20 PM | Attr = R  ]
(NCHSSVAD) SoundTap Recorder [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nchssvad.sys -> NCH Swift Sound [Ver = 1.0.0.0 | Size = 21120 bytes | Modified Date = 5/7/2007 9:25:06 AM | Attr =	]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.9134 | Size = 3929184 bytes | Modified Date = 6/29/2006 7:55:00 PM | Attr =	]
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.03.06515 | Size = 57856 bytes | Modified Date = 6/29/2006 2:34:50 PM | Attr = R  ]
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.03.06515 | Size = 20480 bytes | Modified Date = 6/29/2006 2:34:54 PM | Attr = R  ]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(portD) CMS PortIO Service [Kernel | Auto | Stopped] -> system32\DRIVERS\portd2k.sys -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/8/2007 5:21:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:55:53 PM | Attr =	]
(SenFiltService) SenFilt Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\senfilt.sys -> Sensaura [Ver = 5.10.00.3522 | Size = 393088 bytes | Modified Date = 10/10/2005 1:37:38 PM | Attr = R  ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(WIBUKEY) WIBU-KEY Kernel Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\WibuKey.sys -> WIBU-SYSTEMS AG [Ver = Version 5.10 of 2006-Mar-06 | Size = 72192 bytes | Modified Date = 3/6/2006 5:10:00 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
McAfeeUpdaterUI -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:00 AM | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.9134 | Size = 7626752 bytes | Modified Date = 6/29/2006 7:55:00 PM | Attr =	]
ShStatEXE -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 112216 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 11/3/2007 9:08:48 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = Reg Error: Value Installed does not exist or could not be read. -> 
MAPI-> Installed = Reg Error: Value Installed does not exist or could not be read. -> 
MSFS-> Installed = Reg Error: Value Installed does not exist or could not be read. -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/18/2007 3:48:29 PM | Attr =	]
uTorrent -> %ProgramFiles%\uTorrent\uTorrent.exe ->  [Ver =  | Size = 219952 bytes | Modified Date = 2/14/2008 8:20:21 PM | Attr =	]
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ -> 
AgentSvr.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
AppSvc32.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
ArSwp.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
AST.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
autoruns.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
AvastU3.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
avgrssvc.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
AvMonitor.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
CCenter.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
ccSvcHst.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
FileDsty.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
FTCleanerShell.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
FYFireWall.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
ghost.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
HijackThis.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
irsetup.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
isPwdSvc.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KaScrScn.SCR -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KASMain.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KASTask.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KAVDX.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KAVPF.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KAVSetup.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KAVStart.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KISLnchr.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KMailMon.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KMFilter.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KPFW32.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KPFW32X.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KPfwSvc.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KRepair.com -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KsLoader.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KVCenter.kxp -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KvfwMcl.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KVMonXP_1.kxp -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
kvol.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
kvolself.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KvReport.kxp -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KVScan.kxp -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KVStub.kxp -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
kvupload.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KvXP_1.kxp -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KWatch.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KWatch9x.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
KWatchX.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
loaddll.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
mcconsol.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
mmqczj.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
nod32krn.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
nod32kui.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
NPFMntor.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
QHSET.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
QQKav.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
QQSC.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
RavStub.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
RavTask.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
RegClean.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
rfwcfg.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
rfwmain.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
rfwsrv.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
RsAgent.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
Rsaupd.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
safelive.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
shcfg32.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
SmartUp.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
symlcsvc.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
SysSafe.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
TrojanDetector.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
Trojanwall.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
UIHost.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
UmxAgent.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
UmxAttachment.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
UmxCfg.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
UmxFwHlp.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
UmxPol.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
upiea.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
UpLive.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
USBCleaner.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
zjb.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
{1E794189-7575-4306-8F49-CCDD291A59CD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
vistaui.exe -> %SystemRoot%\system32\vistaui.exe ->  [Ver =  | Size = 5214208 bytes | Modified Date = 8/30/2006 6:24:18 AM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
qomnlkl -> qomnlkl.dll -> File not found
yotbachl -> yotbachl.dll -> File not found
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\AudioMan -> C:\WINDOWS\system32\Explorer.sm1 [C:\WINDOWS\System32\Explorer.sm1] ->  [Ver =  | Size = 2 bytes | Modified Date = 2/23/2008 7:19:15 AM | Attr = RHS]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{000123B4-9B42-4900-B3F7-F4B073EFC214} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Orbitdownloader\orbitcth.dll [Octh Class] -> Orbitdownloader.com [Ver = 2, 4, 0, 1 | Size = 187512 bytes | Modified Date = 2/25/2008 11:27:08 AM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]
{1E794189-7575-4306-8F49-CCDD291A59CD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> F:\real player\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.336 | Size = 296312 bytes | Modified Date = 11/3/2007 9:09:12 PM | Attr =	]
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> File not found
{52B2C227-9E7A-483B-AEC4-E5DA9302D409} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqrr.dll [Reg Error: Value  does not exist or could not be read.] ->  [Ver =  | Size = 335968 bytes | Modified Date = 11/30/2007 9:12:48 AM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan Enterprise\ScriptCl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 67136 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
{AA38CFB4-F530-4219-A25F-338918E50A2C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 8/29/2007 6:48:39 PM | Attr =	]
{d8f431fe-640e-443c-a665-5d2b0632bb75} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:41 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 1/9/2008 3:01:48 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:41 AM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Download by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr =	]
&Grab video by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr =	]
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr -> Google Inc. [Ver = 2.0.0.1073 | Size = 2783048 bytes | Modified Date = 4/12/2007 5:50:16 PM | Attr =	]
Do&wnload selected by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr =	]
Down&load all by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{42CEB110-A7B6-4557-820D-A6556C2E749B} ->	(NVIDIA nForce Networking Controller) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> 
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> N -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\DoNotAllowXPSP2 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
C:\WINDOWS\system32\ssqrr.dll -> %SystemRoot%\system32\ssqrr.dll ->  [Ver =  | Size = 335968 bytes | Modified Date = 11/30/2007 9:12:48 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> (binary data) -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 11:19:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 7:51:15 PM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49152 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 784 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> C:\WINDOWS\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> C:\WINDOWS\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\System32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 84302 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> C:\WINDOWS\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orbitdownloader\orbitdm.exe -> C:\Program Files\Orbitdownloader\orbitdm.exe [C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit] -> Orbitdownloader.com [Ver = 2, 6, 0, 3 | Size = 1674440 bytes | Modified Date = 2/25/2008 11:27:08 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orbitdownloader\orbitnet.exe -> C:\Program Files\Orbitdownloader\orbitnet.exe [C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit] -> Orbitdownloader.com [Ver = 1, 5, 0, 5 | Size = 356352 bytes | Modified Date = 10/23/2007 9:36:02 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\15797:TCP -> 15797:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\13942:TCP -> 13942:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16982:TCP -> 16982:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\14540:TCP -> 14540:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12316:TCP -> 12316:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\17739:TCP -> 17739:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\14386:TCP -> 14386:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\18316:TCP -> 18316:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\14852:TCP -> 14852:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\13028:TCP -> 13028:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\18114:TCP -> 18114:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\17545:TCP -> 17545:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\15383:TCP -> 15383:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\13848:TCP -> 13848:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\13253:TCP -> 13253:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12242:TCP -> 12242:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12723:TCP -> 12723:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\14625:TCP -> 14625:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16258:TCP -> 16258:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\17792:TCP -> 17792:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\13394:TCP -> 13394:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16601:TCP -> 16601:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12761:TCP -> 12761:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\15441:TCP -> 15441:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\15987:TCP -> 15987:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16345:TCP -> 16345:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\18898:TCP -> 18898:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\15128:TCP -> 15128:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\15064:TCP -> 15064:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16635:TCP -> 16635:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16430:TCP -> 16430:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12251:TCP -> 12251:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12892:TCP -> 12892:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\13026:TCP -> 13026:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\17281:TCP -> 17281:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\17032:TCP -> 17032:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12744:TCP -> 12744:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\14507:TCP -> 14507:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\17860:TCP -> 17860:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\15638:TCP -> 15638:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\18297:TCP -> 18297:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\17097:TCP -> 17097:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\13663:TCP -> 13663:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\17544:TCP -> 17544:TCP:*:Enabled:NortonAV -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll [1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll [2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 10:09:49 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> C:\WINDOWS\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> C:\WINDOWS\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/26/2005 10:09:49 AM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> (binary data) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 2/22/2008 10:31:07 AM | Attr =	]
mfeapfk.sys -> %SystemRoot%\System32\drivers\mfeapfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 64360 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
mfeavfk.sys -> %SystemRoot%\System32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 72264 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
mfebopk.sys -> %SystemRoot%\System32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 34152 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
mfehidk.sys -> %SystemRoot%\System32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 170408 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr =	]
mfetdik.sys -> %SystemRoot%\System32\drivers\mfetdik.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 52136 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
Explorer.sm1 -> %SystemRoot%\System32\Explorer.sm1 ->  [Ver =  | Size = 2 bytes | Modified Date = 2/23/2008 7:19:15 AM | Attr = RHS]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 2/8/2008 10:37:48 AM | Attr =	]
MRT.INI -> %SystemRoot%\System32\MRT.INI ->  [Ver =  | Size = 247 bytes | Modified Date = 2/13/2008 12:34:25 PM | Attr =	]
msinfo.exe -> %SystemRoot%\System32\msinfo.exe ->  [Ver =  | Size = 484352 bytes | Modified Date = 3/2/2008 10:27:25 AM | Attr = RHS]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86016 bytes | Modified Date = 2/22/2008 6:44:12 PM | Attr =	]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Modified Date = 10/3/2007 11:36:46 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created Date = 2/13/2008 12:20:05 PM | Attr =  H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
avisplitter.INI -> %SystemRoot%\avisplitter.INI ->  [Ver =  | Size = 38 bytes | Modified Date = 2/20/2008 5:55:30 PM | Attr =	]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Created Date = 2/23/2008 1:00:00 PM | Attr =	]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 2/22/2008 11:09:36 AM | Attr =	]
Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Created Date = 2/23/2008 1:42:50 PM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 2/23/2008 4:02:15 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
avg8 -> %AllUsersProfile%\Application Data\avg8 ->  [Folder | Created Date = 2/20/2008 6:18:46 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/23/2008 10:38:57 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2/23/2008 12:22:38 PM | Attr =	]
WinAVI -> %UserProfile%\Local Settings\Application Data\WinAVI ->  [Folder | Created Date = 2/18/2008 11:45:12 AM | Attr =	]
20080205 -> %UserProfile%\Desktop\20080205 ->  [Folder | Created Date = 2/5/2008 5:34:42 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 3/2/2008 10:32:00 AM | Attr =	]
DNA -> %UserProfile%\Desktop\DNA ->  [Folder | Created Date = 2/2/2008 10:58:11 AM | Attr =	]
elixir.JPG -> %UserProfile%\Desktop\elixir.JPG ->  [Ver =  | Size = 417640 bytes | Modified Date = 2/9/2008 5:43:11 PM | Attr =	]
Family Portrait -> %UserProfile%\Desktop\Family Portrait ->  [Folder | Created Date = 2/3/2008 11:43:47 PM | Attr =	]
Gigi.gif -> %UserProfile%\Desktop\Gigi.gif ->  [Ver =  | Size = 6303 bytes | Modified Date = 2/10/2008 7:30:55 PM | Attr =	]
New Folder -> %UserProfile%\Desktop\New Folder ->  [Folder | Created Date = 2/24/2008 10:48:42 AM | Attr =	]
Passport.htm -> %UserProfile%\Desktop\Passport.htm ->  [Ver =  | Size = 4774 bytes | Modified Date = 2/12/2008 9:18:04 AM | Attr =	]
Salary Rel Feb-08.xls -> %UserProfile%\Desktop\Salary Rel Feb-08.xls ->  [Ver =  | Size = 43520 bytes | Modified Date = 3/1/2008 9:15:39 PM | Attr =	]
SITE - SEM 6.dwg -> %UserProfile%\Desktop\SITE - SEM 6.dwg ->  [Ver =  | Size = 51072 bytes | Modified Date = 2/18/2008 11:58:54 AM | Attr =	]
Thumbs.db -> %UserProfile%\Desktop\Thumbs.db ->  [Ver =  | Size = 10240 bytes | Modified Date = 2/23/2008 5:39:01 PM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
Warren Buffet.pps -> %UserProfile%\Desktop\Warren Buffet.pps ->  [Ver =  | Size = 482816 bytes | Modified Date = 2/28/2008 4:53:56 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 3/2/2008 10:37:06 AM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 482000 bytes | Modified Date = 3/2/2008 10:36:54 AM | Attr =	]
McAfee -> %CommonProgramFiles%\McAfee ->  [Folder | Created Date = 2/23/2008 10:07:45 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2/21/2008 3:19:12 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/1/2008 8:47:33 PM | Attr =	]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Modified Date = 2/22/2008 12:16:48 PM | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2/23/2008 1:18:24 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 2/25/2008 5:30:08 PM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/23/2008 12:56:08 PM | Attr =	]
1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> 
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS ->  [Ver =  | Size = 686 bytes | Modified Date = 2/23/2008 3:20:06 PM | Attr =	]
AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT ->  [Ver =  | Size = 1789 bytes | Modified Date = 2/21/2008 3:02:25 PM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/20/2008 6:18:53 PM | Attr =	]
2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/1/2008 11:09:43 AM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/25/2008 4:50:37 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 2/23/2008 4:12:13 PM | Attr =	]
Explorer.sm1 -> %SystemRoot%\System32\Explorer.sm1 ->  [Ver =  | Size = 2 bytes | Modified Date = 2/23/2008 7:19:15 AM | Attr = RHS]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 2/8/2008 10:37:48 AM | Attr =	]
MRT.INI -> %SystemRoot%\System32\MRT.INI ->  [Ver =  | Size = 247 bytes | Modified Date = 2/13/2008 12:34:25 PM | Attr =	]
msinfo.exe -> %SystemRoot%\System32\msinfo.exe ->  [Ver =  | Size = 484352 bytes | Modified Date = 3/2/2008 10:27:25 AM | Attr = RHS]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 71307 bytes | Modified Date = 3/2/2008 10:27:24 AM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 62344 bytes | Modified Date = 2/21/2008 2:57:26 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 401064 bytes | Modified Date = 2/21/2008 2:57:26 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 471326 bytes | Modified Date = 2/21/2008 2:57:26 PM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 2/23/2008 1:18:24 PM | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86016 bytes | Modified Date = 2/22/2008 6:44:12 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 3/2/2008 10:29:35 AM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/20/2008 4:29:14 PM | Attr =  H ]
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
avisplitter.INI -> %SystemRoot%\avisplitter.INI ->  [Ver =  | Size = 38 bytes | Modified Date = 2/20/2008 5:55:30 PM | Attr =	]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Modified Date = 2/23/2008 1:00:59 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/2/2008 10:27:19 AM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 2/23/2008 1:00:06 PM | Attr =   S]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 2/22/2008 11:09:47 AM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2/21/2008 2:57:27 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 12:33:23 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/25/2008 4:50:42 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/23/2008 4:12:18 PM | Attr =  HS]
Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Modified Date = 2/23/2008 1:43:15 PM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 202 bytes | Modified Date = 2/29/2008 8:41:07 PM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 2/23/2008 4:02:15 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/2/2008 10:37:09 AM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/21/2008 3:03:03 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 2/23/2008 7:19:15 AM | Attr =	]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI ->  [Ver =  | Size = 274 bytes | Modified Date = 2/21/2008 3:02:25 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/2/2008 10:27:24 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 3/2/2008 10:33:01 AM | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 3/2/2008 10:35:19 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/2/2008 10:27:22 AM | Attr =  H ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 7010 bytes | Modified Date = 6/11/2007 12:16:45 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 2447719 bytes | Modified Date = 3/2/2008 10:29:47 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 2447719 bytes | Modified Date = 3/2/2008 10:29:47 AM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1388 bytes | Modified Date = 2/21/2008 12:58:03 PM | Attr =	]
SZSetup.exe -> C:\Documents and Settings\owner1\Local Settings\Temp\STOPzilla!\SZSetup.exe ->  [Ver =  | Size = 1024 bytes | Modified Date = 2/26/2008 7:27:33 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
avg8 -> %AllUsersProfile%\Application Data\avg8 ->  [Folder | Modified Date = 2/21/2008 3:20:59 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/23/2008 10:41:33 AM | Attr =	]
McAfee -> %AllUsersProfile%\Application Data\McAfee ->  [Folder | Modified Date = 2/23/2008 10:08:18 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/23/2008 4:12:34 PM | Attr =	]
Orbit -> %AppData%\Orbit ->  [Folder | Modified Date = 3/1/2008 8:48:01 PM | Attr =	]
Real -> %AppData%\Real ->  [Folder | Modified Date = 2/22/2008 5:27:47 PM | Attr =	]
uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 3/2/2008 10:40:14 AM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 196608 bytes | Modified Date = 2/22/2008 5:59:00 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 7359894 bytes | Modified Date = 3/1/2008 8:21:05 AM | Attr =  H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 2/23/2008 5:24:18 PM | Attr =	]
WinAVI -> %UserProfile%\Local Settings\Application Data\WinAVI ->  [Folder | Modified Date = 2/18/2008 11:45:12 AM | Attr =	]
20080205 -> %UserProfile%\Desktop\20080205 ->  [Folder | Modified Date = 2/19/2008 9:26:01 PM | Attr =	]
ATF-Cleaner.exe -> %UserProfile%\Desktop\ATF-Cleaner.exe -> Atribune.org [Ver = 3.00.0002 | Size = 50688 bytes | Modified Date = 3/2/2008 10:32:00 AM | Attr =	]
DNA -> %UserProfile%\Desktop\DNA ->  [Folder | Modified Date = 2/5/2008 7:57:28 PM | Attr =	]
elixir.JPG -> %UserProfile%\Desktop\elixir.JPG ->  [Ver =  | Size = 417640 bytes | Modified Date = 2/9/2008 5:43:11 PM | Attr =	]
Family Portrait -> %UserProfile%\Desktop\Family Portrait ->  [Folder | Modified Date = 2/22/2008 3:27:51 PM | Attr =	]
Gigi.gif -> %UserProfile%\Desktop\Gigi.gif ->  [Ver =  | Size = 6303 bytes | Modified Date = 2/10/2008 7:30:55 PM | Attr =	]
Microsoft PowerPoint.lnk -> %UserProfile%\Desktop\Microsoft PowerPoint.lnk ->  [Ver =  | Size = 2469 bytes | Modified Date = 2/27/2008 1:33:02 PM | Attr =	]
New Folder -> %UserProfile%\Desktop\New Folder ->  [Folder | Modified Date = 2/27/2008 7:54:16 PM | Attr =	]
Passport.htm -> %UserProfile%\Desktop\Passport.htm ->  [Ver =  | Size = 4774 bytes | Modified Date = 2/12/2008 9:18:04 AM | Attr =	]
Salary Rel Feb-08.xls -> %UserProfile%\Desktop\Salary Rel Feb-08.xls ->  [Ver =  | Size = 43520 bytes | Modified Date = 3/1/2008 9:15:39 PM | Attr =	]
SITE - SEM 6.dwg -> %UserProfile%\Desktop\SITE - SEM 6.dwg ->  [Ver =  | Size = 51072 bytes | Modified Date = 2/18/2008 11:58:54 AM | Attr =	]
Thumbs.db -> %UserProfile%\Desktop\Thumbs.db ->  [Ver =  | Size = 10240 bytes | Modified Date = 2/23/2008 5:39:01 PM | Attr =  HS]
@Alternate Data Stream - 0 bytes -> %UserProfile%\Desktop\Thumbs.db:encryptable
Warren Buffet.pps -> %UserProfile%\Desktop\Warren Buffet.pps ->  [Ver =  | Size = 482816 bytes | Modified Date = 2/28/2008 4:53:56 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 3/2/2008 10:37:06 AM | Attr =	]
WinPFind35u.exe -> %UserProfile%\Desktop\WinPFind35u.exe ->  [Ver =  | Size = 482000 bytes | Modified Date = 3/2/2008 10:36:54 AM | Attr =	]
McAfee -> %CommonProgramFiles%\McAfee ->  [Folder | Modified Date = 2/23/2008 10:07:45 AM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 2/21/2008 4:54:11 PM | Attr =  HS]
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 2/20/2008 4:20:17 PM | Attr =  HS]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/23/2008 4:12:18 PM | Attr =	]

< End of report >

And also, I wanted to inform you that I get this error while shutting down my computer:Attached File  Error.jpg   23.75KB   14 downloads

#4 Harsh Deshpande

Harsh Deshpande
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 02 March 2008 - 01:55 AM

Sir,
The virus has also disabled my windows firewall and I cannot enable it!!

#5 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:57 AM

Posted 02 March 2008 - 02:56 PM

Hi Harsh Deshpande. Let's see what we can do with this. Follow the steps below in order.

Step #1

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
%SystemRoot%\system\services.exe
%SystemRoot%\System32\Explorer.sm1
%SystemRoot%\System32\msinfo.exe
%SystemRoot%\system32\ssqrr.dll
%SystemRoot%\system32\ssqrr.dll 
C:\WINDOWS\system32\Explorer.sm1

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Click in the window labeled Input Scrupt Here and paste the text copied to the clipboard into it by pressing (Ctrl+V).
  • Click the Execute button
  • Answer "Yes" twice when prompted.
The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avengerís actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
Step #2

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YY -> services.exe -> %SystemRoot%\system\services.exe
[Registry - Non-Microsoft Only]
< IFEO [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
YN -> AgentSvr.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> AppSvc32.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> ArSwp.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> AST.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> autoruns.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> AvastU3.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> avgrssvc.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> AvMonitor.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> CCenter.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> ccSvcHst.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> FileDsty.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> FTCleanerShell.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> FYFireWall.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> ghost.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> HijackThis.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> irsetup.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> isPwdSvc.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KaScrScn.SCR -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KASMain.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KASTask.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KAVDX.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KAVPF.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KAVSetup.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KAVStart.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KISLnchr.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KMailMon.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KMFilter.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KPFW32.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KPFW32X.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KPfwSvc.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KRepair.com -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KsLoader.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KVCenter.kxp -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KvfwMcl.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KVMonXP_1.kxp -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> kvol.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> kvolself.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KvReport.kxp -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KVScan.kxp -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KVStub.kxp -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> kvupload.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KvXP_1.kxp -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KWatch.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KWatch9x.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> KWatchX.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> loaddll.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> mcconsol.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> mmqczj.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> nod32krn.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> nod32kui.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> NPFMntor.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> QHSET.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> QQKav.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> QQSC.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> RavStub.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> RavTask.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> RegClean.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> rfwcfg.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> rfwmain.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> rfwsrv.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> RsAgent.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> Rsaupd.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> safelive.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> shcfg32.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> SmartUp.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> symlcsvc.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> SysSafe.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> TrojanDetector.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> Trojanwall.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> UIHost.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> UmxAgent.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> UmxAttachment.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> UmxCfg.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> UmxFwHlp.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> UmxPol.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> upiea.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> UpLive.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> USBCleaner.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
YN -> zjb.exe -> %CommonProgramFiles%\Microsoft Shared\boxovqw.exe [Debugger]
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {1E794189-7575-4306-8F49-CCDD291A59CD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. []
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> qomnlkl -> qomnlkl.dll
YN -> yotbachl -> yotbachl.dll
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
YY -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\AudioMan -> C:\WINDOWS\system32\Explorer.sm1 [C:\WINDOWS\System32\Explorer.sm1]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {1E794189-7575-4306-8F49-CCDD291A59CD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search]
YY -> {52B2C227-9E7A-483B-AEC4-E5DA9302D409} [HKEY_LOCAL_MACHINE] -> %SystemRoot%\system32\ssqrr.dll [Reg Error: Value  does not exist or could not be read.]
YN -> {AA38CFB4-F530-4219-A25F-338918E50A2C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {d8f431fe-640e-443c-a665-5d2b0632bb75} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {0BF43445-2F28-4351-9252-17FE6E806AA0} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> 
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YY -> C:\WINDOWS\system32\ssqrr.dll -> %SystemRoot%\system32\ssqrr.dll
< BotCheck > -> 
[Files/Folders - Created Within 30 days]
NY -> Explorer.sm1 -> %SystemRoot%\System32\Explorer.sm1
NY -> msinfo.exe -> %SystemRoot%\System32\msinfo.exe
NY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Files/Folders - Modified Within 30 days]
NY -> 1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp
NY -> 2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> Explorer.sm1 -> %SystemRoot%\System32\Explorer.sm1
NY -> msinfo.exe -> %SystemRoot%\System32\msinfo.exe
NY -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp
[Empty Temp Folders]
[Start Explorer]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

Step #3

Run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Click on Online Services and then Online Scanner
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.
Step #4

Run a new WinPFind35u scan with the following options:

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program.
  • In the Driver Services section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:

    • File - Additional Folder Scans
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Step #5

Post the following back here:The Avenger report (c:\Avenger.txt)
The latest WinPFind35u fix log (look in the WinPFind35u folder for the MovedFiles folder. In that folder will be a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. )
The new WinPFind35u scan log
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#6 Harsh Deshpande

Harsh Deshpande
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 03 March 2008 - 07:05 AM

Sir, Thanks for your kind help!! My computer is much better now. After these fixes, My McAfee is woking fine!! But the hidden files and extensions problem persists. Now I don't receive errors while starting and shutting down my computer. My windows firewall is still disabled and I can't enable it. But now I can open Hijack this without renaming the file.
Here is the Avenger log:

Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\system\services.exe" deleted successfully.
File "C:\WINDOWS\System32\Explorer.sm1" deleted successfully.
File "C:\WINDOWS\System32\msinfo.exe" deleted successfully.
File "C:\WINDOWS\system32\ssqrr.dll" deleted successfully.

Error: file "C:\WINDOWS\system32\ssqrr.dll" not found!
Deletion of file "C:\WINDOWS\system32\ssqrr.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\Explorer.sm1" not found!
Deletion of file "C:\WINDOWS\system32\Explorer.sm1" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Edited by Harsh Deshpande, 03 March 2008 - 07:37 AM.


#7 Harsh Deshpande

Harsh Deshpande
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 03 March 2008 - 07:09 AM

I did the WinPFind35U fix. During that my computer rebooted. And after the rebooting, I did not get any message that the fix was complete and the log file did not open. Is that normal?? Here is the log:

Explorer killed successfully
[Processes - Non-Microsoft Only]
Unable to kill process services.exe .
File C:\WINDOWS\system\services.exe not found.
[Registry - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvastU3.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ghost.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\irsetup.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQSC.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zjb.exe\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{1E794189-7575-4306-8F49-CCDD291A59CD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E794189-7575-4306-8F49-CCDD291A59CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomnlkl\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yotbachl\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\AudioMan deleted successfully.
File C:\WINDOWS\system32\Explorer.sm1 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E794189-7575-4306-8F49-CCDD291A59CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E794189-7575-4306-8F49-CCDD291A59CD}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52B2C227-9E7A-483B-AEC4-E5DA9302D409}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52B2C227-9E7A-483B-AEC4-E5DA9302D409}\ deleted successfully.
File C:\WINDOWS\system32\ssqrr.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA38CFB4-F530-4219-A25F-338918E50A2C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA38CFB4-F530-4219-A25F-338918E50A2C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d8f431fe-640e-443c-a665-5d2b0632bb75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d8f431fe-640e-443c-a665-5d2b0632bb75}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}\ not found.
[Registry - Additional Scans - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\ssqrr.dll deleted successfully.
File C:\WINDOWS\system32\ssqrr.dll not found.
[Files/Folders - Created Within 30 days]
File C:\WINDOWS\System32\Explorer.sm1 not found!
File C:\WINDOWS\System32\msinfo.exe not found!
C:\WINDOWS\msdownld.tmp folder deleted successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\System32\Explorer.sm1 not found!
File C:\WINDOWS\System32\msinfo.exe not found!
[Empty Temp Folders]
File delete failed. C:\Documents and Settings\owner1\Local Settings\Temp\NAILogs\UpdaterUI_OWNER.log scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User temp folders emptied.
SystemRoot temp folder emptied.
IE temp folders emptied
RecycleBin -> emptied.
Explorer started successfully
< End of fix log >
WinPFind35U Version 1.0.3.0 fix logfile created on 03032008_155349

Edited by Harsh Deshpande, 03 March 2008 - 07:34 AM.


#8 Harsh Deshpande

Harsh Deshpande
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 03 March 2008 - 07:21 AM

Step 3: I could not do F-Secure Online Scan. It downloaded the files and the status was 100% and then I got this error:Attached File  Error.jpg   51.52KB   9 downloads
I tried it 5 times and everytime I got the error.

#9 Harsh Deshpande

Harsh Deshpande
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 03 March 2008 - 07:30 AM

Step 4: Here is WinPFind35u scan log:
WinPFind35 logfile created on: 3/3/2008 4:49:17 PM
WinPFind35U Version 1.0.3.0	 Folder = C:\Documents and Settings\owner1\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
959.29 Mb Total Physical Memory | 549.73 Mb Available Physical Memory | 57.31% Memory free
1.83 Gb Paging File | 1.54 Gb Available in Paging File | 83.85% Paging File free
Paging file location(s): E:\pagefile.sys 1000 4096;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.32 Gb Total Space | 2.55 Gb Free Space | 27.39% Space Free | Partition Type: NTFS
Drive D: | 9.31 Gb Total Space | 0.10 Gb Free Space | 1.03% Space Free | Partition Type: FAT32
Drive E: | 9.31 Gb Total Space | 2.09 Gb Free Space | 22.48% Space Free | Partition Type: FAT32
Drive F: | 9.29 Gb Total Space | 1.95 Gb Free Space | 20.96% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER
Current User Name: owner1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
realsched.exe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 11/3/2007 9:08:48 PM | Attr =	]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
shstat.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 112216 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr =	]
udaterui.exe -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:00 AM | Attr =	]
mctray.exe -> %ProgramFiles%\McAfee\Common Framework\Mctray.exe -> McAfee, Inc. [Ver = 1.0.0.125 | Size = 86016 bytes | Modified Date = 12/19/2006 3:06:00 PM | Attr =	]
utorrent.exe -> %ProgramFiles%\uTorrent\uTorrent.exe ->  [Ver =  | Size = 219952 bytes | Modified Date = 2/14/2008 8:20:21 PM | Attr =	]
adskscsrv.exe -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.80.011 | Size = 85096 bytes | Modified Date = 11/9/2007 10:27:24 AM | Attr =	]
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 4/13/2006 4:14:26 PM | Attr =	]
frameworkservice.exe -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 104000 bytes | Modified Date = 12/19/2006 11:24:50 AM | Attr =	]
mcshield.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 144960 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr =	]
apache.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 4/13/2006 4:14:26 PM | Attr =	]
naprdmgr.exe -> %ProgramFiles%\McAfee\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:54 AM | Attr =	]
vstskmgr.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 54872 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr =	]
raysat_3dsmax9_32server.exe -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe ->  [Ver =  | Size = 65536 bytes | Modified Date = 9/29/2006 12:48:06 PM | Attr =	]
nsvcip.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 131131 bytes | Modified Date = 6/29/2006 9:12:46 AM | Attr =	]
nsvclog.exe -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 65599 bytes | Modified Date = 6/29/2006 9:12:30 AM | Attr =	]
nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9134 | Size = 155715 bytes | Modified Date = 6/29/2006 7:55:00 PM | Attr =	]
winpfind35u.exe -> %UserProfile%\Desktop\WinPFind35u\WinPFind35U.exe -> OldTimer Tools [Ver = 1.0.3.0 | Size = 310784 bytes | Modified Date = 3/1/2008 1:06:42 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Autodesk Licensing Service) Autodesk Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Autodesk Shared\Service\AdskScSrv.exe -> Autodesk [Ver = 2.80.011 | Size = 85096 bytes | Modified Date = 11/9/2007 10:27:24 AM | Attr =	]
(Bonjour Service) ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 229376 bytes | Modified Date = 2/28/2006 12:42:38 PM | Attr =	]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 1/28/2008 11:28:42 AM | Attr =	]
(ForcewareWebInterface) Forceware Web Interface [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -> Apache Software Foundation [Ver = 2.0.52 | Size = 20543 bytes | Modified Date = 4/13/2006 4:14:26 PM | Attr =	]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.2.824.5515.beta | Size = 138680 bytes | Modified Date = 6/18/2007 3:48:26 PM | Attr =	]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr =	]
(InCDsrv) InCD Helper [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Ahead\InCD\InCDsrv.exe -> File not found
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 104000 bytes | Modified Date = 12/19/2006 11:24:50 AM | Attr =	]
(McShield) McAfee McShield [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\Mcshield.exe -> McAfee, Inc. [Ver = VSCORE.13.3.2.101.x86 | Size = 144960 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr =	]
(McTaskManager) McAfee Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\VsTskMgr.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 54872 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr =	]
(mi-raysat_3dsmax9_32) mental ray 3.5 Satellite (32-bit) [Win32_Own | Auto | Running] -> %ProgramFiles%\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe ->  [Ver =  | Size = 65536 bytes | Modified Date = 9/29/2006 12:48:06 PM | Attr =	]
(nSvcIp) ForceWare IP service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 131131 bytes | Modified Date = 6/29/2006 9:12:46 AM | Attr =	]
(nSvcLog) ForceWare user log service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -> NVIDIA Corporation [Ver = 2, 2, 0, 464 | Size = 65599 bytes | Modified Date = 6/29/2006 9:12:30 AM | Attr =	]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.9134 | Size = 155715 bytes | Modified Date = 6/29/2006 7:55:00 PM | Attr =	]

[Driver Services - Non-Microsoft Only]
(Abiosdsk) Abiosdsk [Kernel | Disabled | Stopped] ->  -> File not found
(abp480n5) abp480n5 [Kernel | Disabled | Stopped] ->  -> File not found
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ADIHdAud.sys -> Analog Devices, Inc. [Ver = 5.10.01.4151 built by: WinDDK | Size = 141312 bytes | Modified Date = 10/5/2005 2:51:10 PM | Attr = R  ]
(adpu160m) adpu160m [Kernel | Disabled | Stopped] ->  -> File not found
(AEAudioService) AEAudio Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> Andrea Electronics Corporation [Ver = 4.0.1.14 | Size = 127872 bytes | Modified Date = 3/4/2005 6:23:00 PM | Attr = R  ]
(Aha154x) Aha154x [Kernel | Disabled | Stopped] ->  -> File not found
(aic78u2) aic78u2 [Kernel | Disabled | Stopped] ->  -> File not found
(aic78xx) aic78xx [Kernel | Disabled | Stopped] ->  -> File not found
(AliIde) AliIde [Kernel | Disabled | Stopped] ->  -> File not found
(amsint) amsint [Kernel | Disabled | Stopped] ->  -> File not found
(asc) asc [Kernel | Disabled | Stopped] ->  -> File not found
(asc3350p) asc3350p [Kernel | Disabled | Stopped] ->  -> File not found
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->  -> File not found
(Asp0xmtcpa) Asp0xmtcpa [Kernel | Disabled | Stopped] ->  -> File not found
(Atdisk) Atdisk [Kernel | Disabled | Stopped] ->  -> File not found
(CableFlt) Quick Heal Network Protection Service [Kernel | On_Demand | Stopped] -> system32\DRIVERS\CableFlt.sys -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> %SystemDrive%\DOCUME~1\owner1\LOCALS~1\Temp\catchme.sys -> File not found
(cd20xrnt) cd20xrnt [Kernel | Disabled | Stopped] ->  -> File not found
(Changer) Changer [Kernel | System | Stopped] ->  -> File not found
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->  -> File not found
(Cpqarray) Cpqarray [Kernel | Disabled | Stopped] ->  -> File not found
(dac960nt) dac960nt [Kernel | Disabled | Stopped] ->  -> File not found
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
(dpti2o) dpti2o [Kernel | Disabled | Stopped] ->  -> File not found
(HdAudAddService) Microsoft UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\Hdaudio.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5012 built by: WinDDK | Size = 145920 bytes | Modified Date = 10/27/2004 3:21:30 PM | Attr =	]
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Hdaudbus.sys -> Windows (R) Server 2003 DDK provider [Ver = 5.10.01.5012 built by: WinDDK | Size = 138240 bytes | Modified Date = 10/27/2004 3:21:36 PM | Attr =	]
(hpn) hpn [Kernel | Disabled | Stopped] ->  -> File not found
(i2omgmt) i2omgmt [Kernel | System | Stopped] ->  -> File not found
(i2omp) i2omp [Kernel | Disabled | Stopped] ->  -> File not found
(InCDfs) InCD File System [File_System | Disabled | Running] -> %SystemRoot%\system32\drivers\InCDfs.sys -> Nero AG [Ver = 4, 3, 18, 0 | Size = 99584 bytes | Modified Date = 7/8/2005 5:17:54 PM | Attr =	]
(InCDPass) InCDPass [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDpass.sys -> Nero AG [Ver = 4, 3, 18, 0 | Size = 29696 bytes | Modified Date = 7/8/2005 5:17:36 PM | Attr =	]
(incdrm) InCD Reader [Kernel | System | Running] -> %SystemRoot%\system32\drivers\InCDrm.sys -> Nero AG [Ver = 4, 3, 18, 0 | Size = 28672 bytes | Modified Date = 7/8/2005 7:47:32 PM | Attr =	]
(ini910u) ini910u [Kernel | Disabled | Stopped] ->  -> File not found
(IntelIde) IntelIde [Kernel | Disabled | Stopped] ->  -> File not found
(lbrtfdc) lbrtfdc [Kernel | System | Stopped] ->  -> File not found
(mfeapfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeapfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 64360 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
(mfeavfk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 72264 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
(mfebopk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 34152 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
(mfehidk) McAfee Inc. [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 170408 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr =	]
(mferkdk) VSCore mferkdk [Kernel | System | Stopped] -> E:\McAfee\mferkdk.sys -> File not found
(mfetdik) McAfee Inc. [Kernel | System | Running] -> %SystemRoot%\system32\drivers\mfetdik.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 52136 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->  -> File not found
(MTsensor) ATK0110 ACPI UTILITY [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ASACPI.sys ->  [Ver = 1043, 2, 15, 37 | Size = 5810 bytes | Modified Date = 8/13/2004 4:26:20 PM | Attr = R  ]
(NCHSSVAD) SoundTap Recorder [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nchssvad.sys -> NCH Swift Sound [Ver = 1.0.0.0 | Size = 21120 bytes | Modified Date = 5/7/2007 9:25:06 AM | Attr =	]
(nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.10.9134 | Size = 3929184 bytes | Modified Date = 6/29/2006 7:55:00 PM | Attr =	]
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> NVIDIA Corporation [Ver = 1.00.03.06515 | Size = 57856 bytes | Modified Date = 6/29/2006 2:34:50 PM | Attr = R  ]
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> NVIDIA Corporation [Ver = 1.00.03.06515 | Size = 20480 bytes | Modified Date = 6/29/2006 2:34:54 PM | Attr = R  ]
(PCIDump) PCIDump [Kernel | System | Stopped] ->  -> File not found
(PDCOMP) PDCOMP [Kernel | On_Demand | Stopped] ->  -> File not found
(PDFRAME) PDFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRELI) PDRELI [Kernel | On_Demand | Stopped] ->  -> File not found
(PDRFRAME) PDRFRAME [Kernel | On_Demand | Stopped] ->  -> File not found
(perc2) perc2 [Kernel | Disabled | Stopped] ->  -> File not found
(perc2hib) perc2hib [Kernel | Disabled | Stopped] ->  -> File not found
(portD) CMS PortIO Service [Kernel | Auto | Stopped] -> system32\DRIVERS\portd2k.sys -> File not found
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> Sonic Solutions [Ver = 3.00.56a | Size = 43528 bytes | Modified Date = 3/8/2007 5:21:00 AM | Attr =	]
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->  -> File not found
(Ql10wnt) Ql10wnt [Kernel | Disabled | Stopped] ->  -> File not found
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1240) ql1240 [Kernel | Disabled | Stopped] ->  -> File not found
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->  -> File not found
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 3:55:53 PM | Attr =	]
(SenFiltService) SenFilt Service [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\senfilt.sys -> Sensaura [Ver = 5.10.00.3522 | Size = 393088 bytes | Modified Date = 10/10/2005 1:37:38 PM | Attr = R  ]
(Simbad) Simbad [Kernel | Disabled | Stopped] ->  -> File not found
(SONYPVU1) Sony USB Filter Driver (SONYPVU1) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SONYPVU1.SYS -> Sony Corporation [Ver = 1.3.0526.0 (XPClient.010817-1148) | Size = 7552 bytes | Modified Date = 8/17/2001 1:56:16 PM | Attr =	]
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->  -> File not found
(symc810) symc810 [Kernel | Disabled | Stopped] ->  -> File not found
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->  -> File not found
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->  -> File not found
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->  -> File not found
(TosIde) TosIde [Kernel | Disabled | Stopped] ->  -> File not found
(ultra) ultra [Kernel | Disabled | Stopped] ->  -> File not found
(ViaIde) ViaIde [Kernel | Disabled | Stopped] ->  -> File not found
(WDICA) WDICA [Kernel | On_Demand | Stopped] ->  -> File not found
(WIBUKEY) WIBU-KEY Kernel Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\WibuKey.sys -> WIBU-SYSTEMS AG [Ver = Version 5.10 of 2006-Mar-06 | Size = 72192 bytes | Modified Date = 3/6/2006 5:10:00 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
McAfeeUpdaterUI -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 11:27:00 AM | Attr =	]
NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.10.9134 | Size = 7626752 bytes | Modified Date = 6/29/2006 7:55:00 PM | Attr =	]
ShStatEXE -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 112216 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 1:11:35 AM | Attr =	]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.4083 | Size = 185632 bytes | Modified Date = 11/3/2007 9:08:48 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = Reg Error: Value Installed does not exist or could not be read. -> 
MAPI-> Installed = Reg Error: Value Installed does not exist or could not be read. -> 
MSFS-> Installed = Reg Error: Value Installed does not exist or could not be read. -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
swg -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> Google Inc. [Ver = 2, 0, 301, 1654 | Size = 68856 bytes | Modified Date = 6/18/2007 3:48:29 PM | Attr =	]
uTorrent -> %ProgramFiles%\uTorrent\uTorrent.exe ->  [Ver =  | Size = 219952 bytes | Modified Date = 2/14/2008 8:20:21 PM | Attr =	]
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
vistaui.exe -> %SystemRoot%\system32\vistaui.exe ->  [Ver =  | Size = 5214208 bytes | Modified Date = 8/30/2006 6:24:18 AM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_CURRENT_USER\: Search\\Default_Search_URL -> http://www.google.com/ie -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{000123B4-9B42-4900-B3F7-F4B073EFC214} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Orbitdownloader\orbitcth.dll [Octh Class] -> Orbitdownloader.com [Ver = 2, 4, 0, 1 | Size = 187512 bytes | Modified Date = 2/25/2008 11:27:08 AM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKEY_LOCAL_MACHINE] -> F:\real player\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> RealPlayer [Ver = 1.0.0.336 | Size = 296312 bytes | Modified Date = 11/3/2007 9:09:12 PM | Attr =	]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\McAfee\VirusScan Enterprise\ScriptCl.dll [scriptproxy] -> McAfee, Inc. [Ver = VSCORE.13.3.1.100.x86 | Size = 67136 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [Google Toolbar Helper] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll [Google Toolbar Notifier BHO] -> Google Inc. [Ver = 2, 1, 615, 5858 | Size = 654832 bytes | Modified Date = 8/29/2007 6:48:39 PM | Attr =	]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google] -> Google Inc. [Ver = 4, 0, 1601, 4978 | Size = 2403392 bytes | Modified Date = 1/19/2007 11:55:32 PM | Attr = R  ]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:41 AM | Attr =	]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 1:11:33 AM | Attr =	]
{85d1f590-48f4-11d9-9669-0800200c9a66}:Exec -> %SystemRoot%\bdoscandel.exe [Uninstall BitDefender Online Scanner v8] ->  [Ver =  | Size = 53248 bytes | Modified Date = 1/9/2008 3:01:48 PM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_01\bin\npjpi160_01.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.10.6 | Size = 132760 bytes | Modified Date = 3/14/2007 3:43:41 AM | Attr =	]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Download by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr =	]
&Grab video by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr =	]
Add to Google Photos Screensa&ver -> %SystemRoot%\system32\GPhotos.scr -> Google Inc. [Ver = 2.0.0.1073 | Size = 2783048 bytes | Modified Date = 4/12/2007 5:50:16 PM | Attr =	]
Do&wnload selected by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr =	]
Down&load all by Orbit -> %ProgramFiles%\Orbitdownloader\orbitmxt.dll -> Orbitdownloader.com [Ver = 2, 1, 0, 1 | Size = 53248 bytes | Modified Date = 7/13/2007 5:23:42 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{42CEB110-A7B6-4557-820D-A6556C2E749B} ->	(NVIDIA nForce Networking Controller) -> 
< Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> 
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> Apple Computer, Inc. [Ver = 1,0,3,1 | Size = 94208 bytes | Modified Date = 2/28/2006 12:42:30 PM | Attr =	]
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
msdaipp: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened.[Reg Error: Value  does not exist or could not be read.] -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}[HKEY_LOCAL_MACHINE] -> http://download.bitdefender.com/resources/scan8/oscan8.cab[BDSCANONLINE Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}[HKEY_LOCAL_MACHINE] -> http://support.f-secure.com/ols/fscax.cab[F-Secure Online Scanner 3.3] -> 
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab[Java Plug-in 1.5.0_01] -> 
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab[Java Plug-in 1.5.0_03] -> 
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab[Java Plug-in 1.6.0_03] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 



[Files/Folders - Created Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Created Date = 3/3/2008 3:45:49 PM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Created Date = 3/3/2008 4:34:01 PM | Attr =	]
mfeapfk.sys -> %SystemRoot%\System32\drivers\mfeapfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 64360 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
mfeavfk.sys -> %SystemRoot%\System32\drivers\mfeavfk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 72264 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
mfebopk.sys -> %SystemRoot%\System32\drivers\mfebopk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 34152 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
mfehidk.sys -> %SystemRoot%\System32\drivers\mfehidk.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.120.x86 | Size = 170408 bytes | Modified Date = 2/22/2007 8:50:00 PM | Attr =	]
mfetdik.sys -> %SystemRoot%\System32\drivers\mfetdik.sys -> McAfee, Inc. [Ver = SYSCORE.13.3.0.116.x86 | Size = 52136 bytes | Modified Date = 11/30/2006 8:50:00 AM | Attr =	]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 2/8/2008 10:37:48 AM | Attr =	]
MRT.INI -> %SystemRoot%\System32\MRT.INI ->  [Ver =  | Size = 247 bytes | Modified Date = 2/13/2008 12:34:25 PM | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86016 bytes | Modified Date = 2/22/2008 6:44:12 PM | Attr =	]
WS2Fix.exe -> %SystemRoot%\System32\WS2Fix.exe ->  [Ver =  | Size = 25600 bytes | Modified Date = 10/3/2007 11:36:46 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Created Date = 2/13/2008 12:20:05 PM | Attr =  H ]
avisplitter.INI -> %SystemRoot%\avisplitter.INI ->  [Ver =  | Size = 38 bytes | Modified Date = 2/20/2008 5:55:30 PM | Attr =	]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Created Date = 2/23/2008 1:00:00 PM | Attr =	]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 2/22/2008 11:09:36 AM | Attr =	]
Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Created Date = 2/23/2008 1:42:50 PM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 2/23/2008 4:02:15 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
avg8 -> %AllUsersProfile%\Application Data\avg8 ->  [Folder | Created Date = 2/20/2008 6:18:46 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Created Date = 2/23/2008 10:38:57 AM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 2/23/2008 12:22:38 PM | Attr =	]
WinAVI -> %UserProfile%\Local Settings\Application Data\WinAVI ->  [Folder | Created Date = 2/18/2008 11:45:12 AM | Attr =	]
20080205 -> %UserProfile%\Desktop\20080205 ->  [Folder | Created Date = 2/5/2008 5:34:42 PM | Attr =	]
avenger.exe -> %UserProfile%\Desktop\avenger.exe ->  [Ver =  | Size = 1802378 bytes | Modified Date = 2/24/2008 4:10:10 AM | Attr =	]
elixir.JPG -> %UserProfile%\Desktop\elixir.JPG ->  [Ver =  | Size = 417640 bytes | Modified Date = 2/9/2008 5:43:11 PM | Attr =	]
Error.jpg -> %UserProfile%\Desktop\Error.jpg ->  [Ver =  | Size = 52753 bytes | Modified Date = 3/3/2008 4:46:56 PM | Attr =	]
Family Portrait -> %UserProfile%\Desktop\Family Portrait ->  [Folder | Created Date = 2/3/2008 11:43:47 PM | Attr =	]
Gigi.gif -> %UserProfile%\Desktop\Gigi.gif ->  [Ver =  | Size = 6303 bytes | Modified Date = 2/10/2008 7:30:55 PM | Attr =	]
New Folder -> %UserProfile%\Desktop\New Folder ->  [Folder | Created Date = 2/24/2008 10:48:42 AM | Attr =	]
Passport.htm -> %UserProfile%\Desktop\Passport.htm ->  [Ver =  | Size = 4774 bytes | Modified Date = 2/12/2008 9:18:04 AM | Attr =	]
SITE - SEM 6.dwg -> %UserProfile%\Desktop\SITE - SEM 6.dwg ->  [Ver =  | Size = 51072 bytes | Modified Date = 2/18/2008 11:58:54 AM | Attr =	]
Untitled-1.psd -> %UserProfile%\Desktop\Untitled-1.psd ->  [Ver =  | Size = 3022806 bytes | Modified Date = 3/2/2008 3:47:22 PM | Attr =	]
Warren Buffet.pps -> %UserProfile%\Desktop\Warren Buffet.pps ->  [Ver =  | Size = 482816 bytes | Modified Date = 2/28/2008 4:53:56 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Created Date = 3/3/2008 3:52:38 PM | Attr =	]
McAfee -> %CommonProgramFiles%\McAfee ->  [Folder | Created Date = 2/23/2008 10:07:45 AM | Attr =	]

[Files/Folders - Modified Within 30 days]
Avenger -> %SystemDrive%\Avenger ->  [Folder | Modified Date = 3/3/2008 3:47:03 PM | Attr =	]
Documents and Settings -> %SystemDrive%\Documents and Settings ->  [Folder | Modified Date = 2/21/2008 3:19:12 PM | Attr =	]
fsaua.data -> %SystemDrive%\fsaua.data ->  [Folder | Modified Date = 3/3/2008 4:34:01 PM | Attr =	]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 3/2/2008 12:19:44 PM | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 2/23/2008 1:18:24 PM | Attr =  HS]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 3/3/2008 3:53:49 PM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 2/23/2008 12:56:08 PM | Attr =	]
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS ->  [Ver =  | Size = 686 bytes | Modified Date = 2/23/2008 3:20:06 PM | Attr =	]
AUTOEXEC.NT -> %SystemRoot%\System32\AUTOEXEC.NT ->  [Ver =  | Size = 1789 bytes | Modified Date = 2/21/2008 3:02:25 PM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 2/20/2008 6:18:53 PM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 3/3/2008 4:05:23 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 2/25/2008 4:50:37 PM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 3/3/2008 3:53:49 PM | Attr =	]
IEDFix.exe -> %SystemRoot%\System32\IEDFix.exe -> S!Ri.URZ [Ver =  | Size = 82432 bytes | Modified Date = 2/8/2008 10:37:48 AM | Attr =	]
MRT.INI -> %SystemRoot%\System32\MRT.INI ->  [Ver =  | Size = 247 bytes | Modified Date = 2/13/2008 12:34:25 PM | Attr =	]
nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 71307 bytes | Modified Date = 3/3/2008 3:54:46 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 62344 bytes | Modified Date = 2/21/2008 2:57:26 PM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 401064 bytes | Modified Date = 2/21/2008 2:57:26 PM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 471326 bytes | Modified Date = 2/21/2008 2:57:26 PM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 2/23/2008 1:18:24 PM | Attr =	]
VACFix.exe -> %SystemRoot%\System32\VACFix.exe -> S!Ri.URZ [Ver =  | Size = 86016 bytes | Modified Date = 2/22/2008 6:44:12 PM | Attr =	]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 3/3/2008 3:56:54 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 2/20/2008 4:29:14 PM | Attr =  H ]
avisplitter.INI -> %SystemRoot%\avisplitter.INI ->  [Ver =  | Size = 38 bytes | Modified Date = 2/20/2008 5:55:30 PM | Attr =	]
BDOSCAN8 -> %SystemRoot%\BDOSCAN8 ->  [Folder | Modified Date = 2/23/2008 1:00:59 PM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 3/3/2008 3:54:42 PM | Attr =   S]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files ->  [Folder | Modified Date = 3/3/2008 4:05:24 PM | Attr =   S]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 2/22/2008 11:09:47 AM | Attr =	]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 2/21/2008 2:57:27 PM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 2/13/2008 12:33:23 PM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 2/25/2008 4:50:42 PM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 2/23/2008 4:12:18 PM | Attr =  HS]
Internet Logs -> %SystemRoot%\Internet Logs ->  [Folder | Modified Date = 2/23/2008 1:43:15 PM | Attr =	]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini ->  [Ver =  | Size = 202 bytes | Modified Date = 3/2/2008 8:35:05 PM | Attr =	]
nsreg.dat -> %SystemRoot%\nsreg.dat ->  [Ver =  | Size = 0 bytes | Modified Date = 2/23/2008 4:02:15 PM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 3/3/2008 4:23:04 PM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 2/21/2008 3:03:03 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 3/3/2008 3:45:49 PM | Attr =	]
SYSTEM.INI -> %SystemRoot%\SYSTEM.INI ->  [Ver =  | Size = 274 bytes | Modified Date = 2/21/2008 3:02:25 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 3/3/2008 3:53:49 PM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 3/3/2008 3:45:00 PM | Attr =   S]
TEMP -> %SystemRoot%\TEMP ->  [Folder | Modified Date = 3/3/2008 3:56:58 PM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 3/3/2008 3:54:43 PM | Attr =  H ]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 7010 bytes | Modified Date = 6/11/2007 12:16:45 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 2440867 bytes | Modified Date = 3/3/2008 3:57:01 PM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 2440867 bytes | Modified Date = 3/3/2008 3:57:01 PM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat ->  [Ver =  | Size = 1388 bytes | Modified Date = 2/21/2008 12:58:03 PM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
fsgk32.exe -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgk32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 413696 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
fssm32.exe -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fssm32.exe -> F-Secure Corp. [Ver = 7.60.14020.0 | Size = 494592 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
daas_s.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\daas_s.dll -> F-Secure Corporation [Ver = 6.00.14023 | Size = 495616 bytes | Modified Date = 2/27/2008 3:59:28 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fm4av.dll ->  [Ver =  | Size = 513536 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
fsblu.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 3/3/2008 4:31:55 PM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsecr32.dll -> F-Secure Corporation [Ver = 2.06.7470 | Size = 262144 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
fsmart.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 27 | Size = 147456 bytes | Modified Date = 3/3/2008 4:33:07 PM | Attr =	]
fspe32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fspe32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 135168 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 3/3/2008 4:31:48 PM | Attr =	]
fsup32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsup32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 803328 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupcx32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 131584 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupfg32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 151552 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupmw32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 146944 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupnp32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 153600 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupux32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 155136 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupwu32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 147968 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsusscr.dll -> F-Secure Corporation [Ver = 2.20.13471 | Size = 856064 bytes | Modified Date = 3/3/2008 4:33:07 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 3/3/2008 4:31:28 PM | Attr =	]
AVPFPI0.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\fsav_beta\AVPFPI0.dll -> Kaspersky Lab [Ver = 7.0.171.8410 | Size = 147538 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
avpproxy.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\fsav_beta\avpproxy.dll -> F-Secure Corporation [Ver = 1.2.12160 | Size = 77910 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
fm4av.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fm4av.dll ->  [Ver =  | Size = 513536 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
fpinor.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fpinor.dll -> F-Secure Corporation [Ver = 1.20.13330 | Size = 113664 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
fsbl.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsbl.dll -> F-Secure Corporation [Ver = 1, 0, 0, 1 | Size = 49152 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
fsgkiapi.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\fsav_beta\fsgkiapi.dll -> F-Secure Corp. [Ver = 7.60.13372.8144 | Size = 82432 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
fsecr32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsecr32.dll -> F-Secure Corporation [Ver = 2.06.7470 | Size = 262144 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fspe32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\hydrawin\fspe32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 135168 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsup32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsup32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 803328 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupcx32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupcx32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 131584 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupfg32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupfg32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 151552 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupmw32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupmw32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 146944 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupnp32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupnp32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 153600 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupux32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupux32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 155136 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupwu32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupwu32.dll -> F-Secure Corporation [Ver = 1.0.375 | Size = 147968 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsmart.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsmart.dll -> F-Secure Corporation [Ver = 1, 0, 0, 27 | Size = 147456 bytes | Modified Date = 3/3/2008 4:33:07 PM | Attr =	]
fsusscr.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\mlcwin\fsusscr.dll -> F-Secure Corporation [Ver = 2.20.13471 | Size = 856064 bytes | Modified Date = 3/3/2008 4:33:07 PM | Attr =	]
Nse_w32.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\Nse_w32.dll ->  [Ver =  | Size = 506936 bytes | Modified Date = 3/3/2008 4:31:28 PM | Attr =	]
fssubmit.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\fssubmit.dll -> F-Secure Corporation [Ver = 1.0.11 | Size = 651264 bytes | Modified Date = 3/3/2008 4:31:48 PM | Attr =	]
fsblu.dll -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\ols_bl\fsblu.dll -> F-Secure Corporation [Ver = 1, 0, 0, 64 | Size = 524288 bytes | Modified Date = 3/3/2008 4:31:55 PM | Attr =	]
ext.dat -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 3/3/2008 4:22:53 PM | Attr =	]
fsedb.dat -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsedb.dat ->  [Ver =  | Size = 481074 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\fsuptmpl.dat ->  [Ver =  | Size = 5858 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
sae.dat -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 3/3/2008 4:22:53 PM | Attr =	]
sai.dat -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 3/3/2008 4:22:53 PM | Attr =	]
ext.dat -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\avmisc\ext.dat ->  [Ver =  | Size = 444 bytes | Modified Date = 3/3/2008 4:22:53 PM | Attr =	]
sae.dat -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\avmisc\sae.dat ->  [Ver =  | Size = 243 bytes | Modified Date = 3/3/2008 4:22:53 PM | Attr =	]
sai.dat -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\avmisc\sai.dat ->  [Ver =  | Size = 1348 bytes | Modified Date = 3/3/2008 4:22:53 PM | Attr =	]
fsedb.dat -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsedb.dat ->  [Ver =  | Size = 481074 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupdllb.dat -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupdllb.dat ->  [Ver =  | Size = 422594 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsupplgn.dat -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsupplgn.dat ->  [Ver =  | Size = 226 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
fsuptmpl.dat -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\hydrawin\fsuptmpl.dat ->  [Ver =  | Size = 5858 bytes | Modified Date = 3/3/2008 4:32:49 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 3/3/2008 4:22:53 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 3/3/2008 4:22:51 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 3/3/2008 4:31:55 PM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 3/3/2008 4:32:48 PM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/3/2008 4:33:07 PM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 3/3/2008 4:31:47 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/3/2008 4:31:28 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\Anti-Virus\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 3/3/2008 4:22:52 PM | Attr =	]
FS@av.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\avmisc\FS@av.ini ->  [Ver =  | Size = 203 bytes | Modified Date = 3/3/2008 4:22:53 PM | Attr =	]
FS@avpe.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\avpe\FS@avpe.ini ->  [Ver =  | Size = 205 bytes | Modified Date = 3/3/2008 4:22:51 PM | Attr =	]
verdicts.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\avpe\verdicts.ini ->  [Ver =  | Size = 2539 bytes | Modified Date = 3/3/2008 4:22:52 PM | Attr =	]
FS@corp.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\fsav_beta\FS@corp.ini ->  [Ver =  | Size = 176 bytes | Modified Date = 3/3/2008 4:33:39 PM | Attr =	]
FS@hydra.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\hydrawin\FS@hydra.ini ->  [Ver =  | Size = 250 bytes | Modified Date = 3/3/2008 4:32:48 PM | Attr =	]
FS@mlc.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\mlcwin\FS@mlc.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/3/2008 4:33:07 PM | Attr =	]
FS@peg.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\ols_30_pegdb\FS@peg.ini ->  [Ver =  | Size = 204 bytes | Modified Date = 3/3/2008 4:31:28 PM | Attr =	]
FS@ols.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\ols_33_bin\FS@ols.ini ->  [Ver =  | Size = 168 bytes | Modified Date = 3/3/2008 4:31:47 PM | Attr =	]
FS@bleng.ini -> C:\Documents and Settings\owner1\Local Settings\Temp\OnlineScanner\updates\ols_bl\FS@bleng.ini ->  [Ver =  | Size = 241 bytes | Modified Date = 3/3/2008 4:31:55 PM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
avg8 -> %AllUsersProfile%\Application Data\avg8 ->  [Folder | Modified Date = 2/21/2008 3:20:59 PM | Attr =	]
Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft ->  [Folder | Modified Date = 2/23/2008 10:41:33 AM | Attr =	]
McAfee -> %AllUsersProfile%\Application Data\McAfee ->  [Folder | Modified Date = 3/3/2008 4:26:16 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 2/23/2008 4:12:34 PM | Attr =	]
Orbit -> %AppData%\Orbit ->  [Folder | Modified Date = 3/1/2008 8:48:01 PM | Attr =	]
Real -> %AppData%\Real ->  [Folder | Modified Date = 2/22/2008 5:27:47 PM | Attr =	]
uTorrent -> %AppData%\uTorrent ->  [Folder | Modified Date = 3/3/2008 4:49:17 PM | Attr =	]
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 196608 bytes | Modified Date = 2/22/2008 5:59:00 PM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 7359894 bytes | Modified Date = 3/1/2008 8:21:05 AM | Attr =  H ]
Microsoft -> %UserProfile%\Local Settings\Application Data\Microsoft ->  [Folder | Modified Date = 2/23/2008 5:24:18 PM | Attr =	]
WinAVI -> %UserProfile%\Local Settings\Application Data\WinAVI ->  [Folder | Modified Date = 2/18/2008 11:45:12 AM | Attr =	]
20080205 -> %UserProfile%\Desktop\20080205 ->  [Folder | Modified Date = 2/19/2008 9:26:01 PM | Attr =	]
avenger.exe -> %UserProfile%\Desktop\avenger.exe ->  [Ver =  | Size = 1802378 bytes | Modified Date = 2/24/2008 4:10:10 AM | Attr =	]
DNA -> %UserProfile%\Desktop\DNA ->  [Folder | Modified Date = 2/5/2008 7:57:28 PM | Attr =	]
elixir.JPG -> %UserProfile%\Desktop\elixir.JPG ->  [Ver =  | Size = 417640 bytes | Modified Date = 2/9/2008 5:43:11 PM | Attr =	]
Error.jpg -> %UserProfile%\Desktop\Error.jpg ->  [Ver =  | Size = 52753 bytes | Modified Date = 3/3/2008 4:46:56 PM | Attr =	]
Family Portrait -> %UserProfile%\Desktop\Family Portrait ->  [Folder | Modified Date = 2/22/2008 3:27:51 PM | Attr =	]
Gigi.gif -> %UserProfile%\Desktop\Gigi.gif ->  [Ver =  | Size = 6303 bytes | Modified Date = 2/10/2008 7:30:55 PM | Attr =	]
Microsoft PowerPoint.lnk -> %UserProfile%\Desktop\Microsoft PowerPoint.lnk ->  [Ver =  | Size = 2469 bytes | Modified Date = 3/3/2008 4:45:43 PM | Attr =	]
New Folder -> %UserProfile%\Desktop\New Folder ->  [Folder | Modified Date = 2/27/2008 7:54:16 PM | Attr =	]
Passport.htm -> %UserProfile%\Desktop\Passport.htm ->  [Ver =  | Size = 4774 bytes | Modified Date = 2/12/2008 9:18:04 AM | Attr =	]
SITE - SEM 6.dwg -> %UserProfile%\Desktop\SITE - SEM 6.dwg ->  [Ver =  | Size = 51072 bytes | Modified Date = 2/18/2008 11:58:54 AM | Attr =	]
Untitled-1.psd -> %UserProfile%\Desktop\Untitled-1.psd ->  [Ver =  | Size = 3022806 bytes | Modified Date = 3/2/2008 3:47:22 PM | Attr =	]
Warren Buffet.pps -> %UserProfile%\Desktop\Warren Buffet.pps ->  [Ver =  | Size = 482816 bytes | Modified Date = 2/28/2008 4:53:56 PM | Attr =	]
WinPFind35u -> %UserProfile%\Desktop\WinPFind35u ->  [Folder | Modified Date = 3/3/2008 4:15:47 PM | Attr =	]
McAfee -> %CommonProgramFiles%\McAfee ->  [Folder | Modified Date = 2/23/2008 10:07:45 AM | Attr =	]
Microsoft Shared -> %CommonProgramFiles%\Microsoft Shared ->  [Folder | Modified Date = 2/21/2008 4:54:11 PM | Attr =  HS]
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 2/20/2008 4:20:17 PM | Attr =  HS]
Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard ->  [Folder | Modified Date = 2/23/2008 4:12:18 PM | Attr =	]

< End of report >


#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:57 AM

Posted 03 March 2008 - 01:44 PM

Hi Harsh Deshpande. The logs all looks good so let's look at some settings for the firewall and hidden file settings. First, what exactly happens when you try to enable the firewall? Is there an error message? If not, what exactly happens?

Let's check some other settings.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the WinPFind3u folder and double-click on WinPFind35U.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Basic Scans section click on None for ALL the groups.
  • In the Manual File or Registry Key Scans input box copy/paste the information in the codebox below:
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies /s
    HKEY_CURRENT_USER\Software\Policies\Microsoft /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft /s
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced /s
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not /code with brackets around it then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 Harsh Deshpande

Harsh Deshpande
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 04 March 2008 - 12:40 AM

When I try to enable firewall through Windows Security Cernter, I get this message:
'We are sorry. The Security Center could not turn on Windows Firewall. To try turning on the firewall yourself, go to Windows Firewall in Control Panel. In the Windows Firewall dialog General tab, select On(recommended), and then click OK'

And when I try to enable fire wall through control panel/Windows Firewall, I cannot use the on or off button at all. They are both greyed.

Here is the WinPFind3u log:
WinPFind35 logfile created on: 3/4/2008 10:42:57 AM
WinPFind35U Version 1.0.3.0	 Folder = C:\Documents and Settings\owner1\Desktop\WinPFind35u
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
959.29 Mb Total Physical Memory | 557.36 Mb Available Physical Memory | 58.10% Memory free
1.83 Gb Paging File | 1.56 Gb Available in Paging File | 85.04% Paging File free
Paging file location(s): E:\pagefile.sys 1000 4096;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9.32 Gb Total Space | 2.55 Gb Free Space | 27.39% Space Free | Partition Type: NTFS
Drive D: | 9.31 Gb Total Space | 0.10 Gb Free Space | 1.03% Space Free | Partition Type: FAT32
Drive E: | 9.31 Gb Total Space | 2.09 Gb Free Space | 22.48% Space Free | Partition Type: FAT32
Drive F: | 9.29 Gb Total Space | 1.95 Gb Free Space | 20.96% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER
Current User Name: owner1
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user


[Manual Scans]
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies /s >
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ -> ->
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\ -> -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ -> -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ -> -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\ -> -> 
< HKEY_CURRENT_USER\Software\Policies\Microsoft /s >
HKEY_CURRENT_USER\Software\Policies\Microsoft\ -> ->
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ -> -> 
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions\ -> -> 
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\ -> -> 
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\AppCompat\ -> -> 
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System\ -> -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies /s >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft /s >
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Conferencing\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching\\DontSearchWindowsUpdate -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DriverSearching\\DontPromptForWindowsUpdate -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\\EnableAdminTSRemote -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\ -> -> 
*ExecutableTypes* -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\\ExecutableTypes -> 
ADE ->  -> File not found
ADP ->  -> File not found
BAS ->  -> File not found
BAT ->  -> File not found
CHM ->  -> File not found
CMD -> %SystemRoot%\system32\cmd.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 388608 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
COM ->  -> File not found
CPL ->  -> File not found
CRT ->  -> File not found
EXE ->  -> File not found
HLP ->  -> File not found
HTA ->  -> File not found
INF ->  -> File not found
INS ->  -> File not found
ISP ->  -> File not found
LNK ->  -> File not found
MDB ->  -> File not found
MDE ->  -> File not found
MSC ->  -> File not found
MSI -> %SystemRoot%\system32\msi.dll -> Microsoft Corporation [Ver = 3.1.4000.4039 | Size = 2854400 bytes | Modified Date = 4/18/2007 9:42:23 PM | Attr =	]
MSP ->  -> File not found
MST ->  -> File not found
OCX ->  -> File not found
PCD ->  -> File not found
PIF ->  -> File not found
REG -> %SystemRoot%\system32\reg.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 50176 bytes | Modified Date = 8/4/2004 5:30:00 PM | Attr =	]
SCR ->  -> File not found
SHS ->  -> File not found
URL -> %SystemRoot%\system32\url.dll -> Microsoft Corporation [Ver = 7.00.6000.16608 (vista_gdr.071204-1500) | Size = 105984 bytes | Modified Date = 12/7/2007 7:51:48 AM | Attr =	]
VB ->  -> File not found
WSC ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\\TransparentEnabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\\DefaultLevel -> 262144 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\\AuthenticodeEnabled -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\\PolicyScope -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\Description -> Stop the download of this file -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\FriendlyName -> Mdac11.cab [Mdac11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\SaferFlags -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\HashAlg -> 32771 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemData -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\LastModified ->  -> 
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}\\ItemSize -> 
̋ ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\Description -> Stop the download of this file -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\FriendlyName -> mdac20.cab [mdac20.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\SaferFlags -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\HashAlg -> 32771 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemData -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\LastModified ->  -> 
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}\\ItemSize -> 
ȅ ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\Description -> Stop the download of this file -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\FriendlyName -> mdac20_a.cab [mdac20_a.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\SaferFlags -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\HashAlg -> 32771 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemData -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\LastModified ->  -> 
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}\\ItemSize -> 
Ζ ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\Description -> Stop the download of this file -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\FriendlyName -> _msadc10.cab [_msadc10.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\SaferFlags -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\HashAlg -> 32771 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemData -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\LastModified ->  -> 
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}\\ItemSize -> 
Ś ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\Description -> Stop the download of this file -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\FriendlyName -> msadc11.cab [msadc11.cab] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\SaferFlags -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\HashAlg -> 32771 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemData -> (binary data) -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\LastModified ->  -> 
*ItemSize* -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}\\ItemSize -> 
Ų ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\Description ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\SaferFlags -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\ItemData -> %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* -> 
*LastModified* -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}\\LastModified -> 
䤀籩LJY_CU ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0\\Disable Advanced -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0\\Execution -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0\\Task Creation -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0\\Task Deletion -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\\DoNotAllowXPSP2 -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\\EnableFirewall -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\\EnableFirewall -> 0 -> 
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /s >
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ -> ->
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\ServerAdminUI -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\ShowCompColor -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\DontPrettyPath -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\ShowInfoTip -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\HideIcons -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\MapNetDrvBtn -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\WebView -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Filter -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\SeparateProcess -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\ListviewAlphaSelect -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\ListviewShadow -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\ListviewWatermark -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\TaskbarAnimations -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\StartMenuInit -> 2 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\StartButtonBalloonTip -> 2 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\CascadeNetworkConnections -> YES -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\TaskbarSizeMove -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\TaskbarGlomming -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ShowNetPlaces_ShouldShow -> 65 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\NoNetCrawling -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\FolderContentsInfoTip -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\FriendlyTree -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\WebViewBarricade -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\DisableThumbnailCache -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\ClassicViewState -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\PersistBrowsers -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ShowNetPlaces -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_LargeMFUIcons -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_MinMFU -> 6 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ShowControlPanel -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_EnableDragDrop -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\StartMenuFavorites -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ShowHelp -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ShowMyComputer -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ShowMyDocs -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ShowMyMusic -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ShowMyPics -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ShowPrinters -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ShowRun -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ScrollPrograms -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ShowSearch -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ShowSetProgramAccessAndDefaults -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ShowRecentDocs -> 2 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_AutoCascade -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_NotifyNewApps -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_AdminToolsRoot -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\StartMenuAdminTools -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\ShowSuperHidden -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Hidden -> 1 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\HideFileExt -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\SuperHidden -> 0 -> 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Start_ShowNetConn_ShouldShow -> 66 -> 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced /s >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\TaskbarSizeMove -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Hidden -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\SuperHidden -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\ShowSuperHidden -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\\Type -> group -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30498 ->  -> File not found
*MultiFile Done* -> -> 
*Bitmap* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\\Bitmap -> 
%SystemRoot%\system32\SHELL32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/26/2007 9:06:51 AM | Attr =	]
4 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\\HelpID -> shell.hlp [shell.hlp#51140] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState\\Type -> checkbox -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30506 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState\\ValueName -> ClassicViewState -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState\\CheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState\\UncheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState\\DefaultValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ClassicViewState\\HelpID -> shell.hlp [shell.hlp#51076] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\HideMyComputerIcons -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30497 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\\Type -> checkbox -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\\ValueName -> {21EC2020-3AEA-1069-A2DD-08002B30309D} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\\CheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\\UncheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\\DefaultValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ControlPanelInMyComputer\\HelpID -> shell.hlp [shell.hlp#51150] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\\Type -> checkbox -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30507 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\\ValueName -> SeparateProcess -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\\UncheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\\DefaultValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\\HelpID -> shell.hlp [shell.hlp#51079] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy\SeparateProcess\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DesktopProcess\Policy\SeparateProcess\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache\\Type -> checkbox -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30517 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache\\ValueName -> DisableThumbnailCache -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache\\UncheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache\\DefaultValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\DisableThumbCache\\HelpID -> shell.hlp [shell.hlp#51155] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip\\Type -> checkbox -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30514 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip\\ValueName -> FolderContentsInfoTip -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip\\UncheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FolderSizeTip\\DefaultValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree\\Type -> checkbox -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30511 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree\\ValueName -> FriendlyTree -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree\\UncheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree\\HelpID -> shell.hlp [shell.hlp#51149] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\FriendlyTree\\DefaultValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\ -> -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30499 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\\Type -> group -> 
*Bitmap* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\\Bitmap -> 
%SystemRoot%\system32\SHELL32.dll -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/26/2007 9:06:51 AM | Attr =	]
4 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\\HelpID -> shell.hlp [shell.hlp#51131] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30501 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\Type -> radio -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\CheckedValue -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\ValueName -> Hidden -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\DefaultValue -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN\\HelpID -> shell.hlp [shell.hlp#51104] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30500 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\Type -> radio -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\ValueName -> Hidden -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\DefaultValue -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\HelpID -> shell.hlp [shell.hlp#51105] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\Type -> checkbox -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30503 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\ValueName -> HideFileExt -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\UncheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\DefaultValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\\HelpID -> shell.hlp [shell.hlp#51101] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\\Type -> checkbox -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30509 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\\ValueName -> NoNetCrawling -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\\CheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\\UncheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\\DefaultValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\\HelpID -> shell.hlp [shell.hlp#51147] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy\NoNetCrawling\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\NetCrawler\Policy\NoNetCrawling\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers\\Type -> checkbox -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30513 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers\\ValueName -> PersistBrowsers -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers\\UncheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers\\HelpID -> shell.hlp [shell.hlp#51152] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\PersistBrowsers\\DefaultValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor\\Type -> checkbox -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30512 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor\\ValueName -> ShowCompColor -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor\\UncheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor\\DefaultValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowCompColor\\HelpID -> shell.hlp [shell.hlp#51130] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath\\Type -> checkbox -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30504 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath\\ValueName -> FullPath -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath\\UncheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath\\DefaultValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath\\HelpID -> shell.hlp [shell.hlp#51100] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress\\Type -> checkbox -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30505 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress\\ValueName -> FullPathAddress -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress\\UncheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress\\DefaultValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPathAddress\\HelpID -> shell.hlp [shell.hlp#51107] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip\\Type -> checkbox -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30502 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip\\ValueName -> ShowInfoTip -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip\\UncheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip\\DefaultValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowInfoTip\\HelpID -> shell.hlp [shell.hlp#51102] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing\\Type -> checkbox -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30518 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing\\HKeyRoot -> -2147483646 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing\\RegPath -> System\CurrentControlSet\Control\LSA -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing\\ValueName -> ForceGuest -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing\\UncheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing\\HelpID -> shell.hlp [shell.hlp#51154] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SimpleSharing\\DefaultValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\Type -> checkbox2 -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30508 ->  -> File not found
*MultiFile Done* -> -> 
*WarningIfNotDefault* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\WarningIfNotDefault -> 
@shell32.dll -> @shell32.dll -> File not found
-28964 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\ValueName -> ShowSuperHidden -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\CheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\UncheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\DefaultValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\\HelpID -> shell.hlp [shell.hlp#51103] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\ ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\\Text -> Managing pairs of Web pages and folders -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\\Type -> group -> 
*Bitmap* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\\Bitmap -> 
C:\WINDOWS\system32\\SHELL32.DLL -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248) | Size = 8454656 bytes | Modified Date = 10/26/2007 9:06:51 AM | Attr =	]
4 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\\HelpID -> TBD -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO\\RegPath -> C:\WINDOWS\explorer.exe [Software\Microsoft\Windows\CurrentVersion\Explorer] -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 3:53:07 PM | Attr =	]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO\\Text -> Show and manage the pair as a single file -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO\\Type -> radio -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO\\CheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO\\ValueName -> NoFileFolderConnection -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO\\DefaultValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\AUTO\\HelpID -> TBD -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE\\RegPath -> C:\WINDOWS\explorer.exe [Software\Microsoft\Windows\CurrentVersion\Explorer] -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 3:53:07 PM | Attr =	]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE\\Text -> Show both parts but manage as a single file -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE\\Type -> radio -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE\\CheckedValue -> 2 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE\\ValueName -> NoFileFolderConnection -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE\\DefaultValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NOHIDE\\HelpID -> TBD -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE\\RegPath -> C:\WINDOWS\explorer.exe [Software\Microsoft\Windows\CurrentVersion\Explorer] -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 3:53:07 PM | Attr =	]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE\\Text -> Show both parts and manage them individually -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE\\Type -> radio -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE\\ValueName -> NoFileFolderConnection -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE\\DefaultValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Thickets\NONE\\HelpID -> TBD -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade\\Type -> checkbox -> 
*Text* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade\\Text -> 
@shell32.dll -> @shell32.dll -> File not found
-30510 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade\\HKeyRoot -> -2147483647 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade\\RegPath -> Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade\\ValueName -> WebViewBarricade -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade\\CheckedValue -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade\\UncheckedValue -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade\\HelpID -> shell.hlp [shell.hlp#51148] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\WebViewBarricade\\DefaultValue -> 0 -> 
< End of report >


#12 Harsh Deshpande

Harsh Deshpande
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 04 March 2008 - 12:49 AM

In the Folder options, in the view tab, the 'Hide Protected Operating System Files' option is missing. I can't see that option at all. The 'Hide extensions for known file types' option is visible but I can't change its status of being checked. When I uncheck it and apply the settings, it gets checked by itself.

I am unable to install many programs. I get errors everytime I install programs. I tried installing Real Player and Quick Time Player. I got the errors. The error says that the installer is unable to write the key in the registry.

Edited by Harsh Deshpande, 04 March 2008 - 06:39 AM.


#13 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:06:57 AM

Posted 04 March 2008 - 03:12 PM

Hi Harsh Deshpande. Let's try this:

Start WinPFind35U. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Manual Scans]
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0\ -> 
YN -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\ -> 
YN -> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\ShowSuperHidden -> 1
YN -> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Hidden -> 1
YN -> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\SuperHidden -> 0

The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.

If you need to reboot, the log file will be placed in the MovedFiles folder in the folder that WinPFind35 is running from. It will have a .log extension and a name in the format of mmddyyyy_hhmmss.log. Once you reboot, locate that file, open it with Notepad (not Write or any other text program) and post the contents back here.

Now launch Notepad, and copy/paste the text in the codebox below into the new document. Save it to your desktop as regfix.reg :

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt]
"UncheckedValue"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden]
"UncheckedValue"=dword:00000001

Locate regfix.reg on your Desktop and double-click on it. You will receive a prompt similar to: "Do you wish to merge the information into the registry?". Answer Yes and wait for a message to appear similar to Merged Successfully.

Restart your computer.

After the reboot try changing your firewall and file options and let me know what happens.

Post the information from the WinPFind35 fix back here and I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#14 Harsh Deshpande

Harsh Deshpande
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 04 March 2008 - 11:52 PM

Sir,
Here is the WinPFind35U fix log:

[Manual Scans]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\ShowSuperHidden deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\Hidden deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\SuperHidden deleted successfully.
< End of fix log >
WinPFind35U Version 1.0.3.0 fix logfile created on 03052008_102010

#15 Harsh Deshpande

Harsh Deshpande
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:04:27 PM

Posted 05 March 2008 - 01:29 AM

Thanks for your help!! The hidden extensions problem, the firewall problem and the program istallation problem are now solved!! Only problem left now is that I still can't see the Hide Protected Operating System Files option in folder options. That option itself is missing!! Thanks once again!! :blink: :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users