Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan-spy.win32.greenscreen Infection


  • This topic is locked This topic is locked
3 replies to this topic

#1 hdprogger

hdprogger

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 25 August 2008 - 07:24 AM

Good Morning!

I got hit with the Windows Security Alert pop-up, showing the Trojan-Spy.Win32.GreenScreen, Trojan-Spy.HTML.Bankfraud.dq and Trojan-Clicker.Win32.Tiny.h viruses. I've tried all I can think of and could use help cleaning this. I'm running Panda Corporate security and have scanned with Spybot S&D and Malwarebytes AntiMalware and still have the problem. Attached is a Hijack-This log (I used the attachments instead of inserting).

Thanks for your Help!

Attached File  hijackthis.log   11.49KB   10 downloads

BC AdBot (Login to Remove)

 


m

#2 hdprogger

hdprogger
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:41 PM

Posted 25 August 2008 - 05:14 PM

I ran the OTScanIt program per the instructions in another e-mail. Below is the output file. Could someone please help me get rid of these infections?

Thanks!

OTScanIt logfile created on: 8/25/2008 11:20:02 AM
OTScanIt by OldTimer - Version 1.0.16.2	 Folder = C:\Documents and Settings\krs.KSCOMPUTINGINC\Desktop\OTScanIt
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
511.48 Mb Total Physical Memory | 54.80 Mb Available Physical Memory | 10.71% Memory free
1.22 Gb Paging File | 0.82 Gb Available in Paging File | 67.53% Paging File free
Paging file location(s): c:\pagefile.sys 768 1536;
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 64.83 Gb Free Space | 43.51% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive T: | 149.04 Gb Total Space | 106.76 Gb Free Space | 71.63% Space Free | Partition Type: NTFS
Drive Z: | 149.04 Gb Total Space | 106.76 Gb Free Space | 71.63% Space Free | Partition Type: NTFS

Computer Name: DESKTOP
Current User Name: krs
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

[Processes - Non-Microsoft Only]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 2/21/2006 9:39:16 PM | Attr =	]
lexbces.exe -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 5/12/2003 3:02:32 PM | Attr =	]
lexpps.exe -> %SystemRoot%\system32\LEXPPS.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 174592 bytes | Modified Date = 5/12/2003 3:02:32 PM | Attr =	]
psctrls.exe -> %ProgramFiles%\Panda Software\AVTC\PSCtrlS.exe -> Panda Software International [Ver = 1, 3, 9, 11 | Size = 378672 bytes | Modified Date = 8/22/2007 8:50:20 AM | Attr =	]
pagent.exe -> %ProgramFiles%\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe -> Panda Software [Ver = 4, 2, 0, 0 | Size = 431408 bytes | Modified Date = 10/19/2007 4:17:35 AM | Attr =	]
pavsched.exe -> %ProgramFiles%\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe -> Panda Software [Ver = 4, 2, 0, 0 | Size = 193840 bytes | Modified Date = 10/19/2007 4:16:25 AM | Attr =	]
pagentwd.exe -> %ProgramFiles%\Panda Software\Panda Administrator 3\Pav_Agent\Pagentwd.exe -> Panda Software [Ver = 4, 2, 0, 0 | Size = 58672 bytes | Modified Date = 10/19/2007 4:17:38 AM | Attr =	]
pavprsrv.exe -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Security [Ver = 1.3.2.0 | Size = 41776 bytes | Modified Date = 10/16/2007 4:40:26 AM | Attr =	]
pavsrv51.exe -> %ProgramFiles%\Panda Software\AVTC\pavsrv51.exe -> Panda Software International [Ver = 2, 1, 26, 0 | Size = 148272 bytes | Modified Date = 7/16/2007 9:14:20 AM | Attr =	]
avengine.exe -> %ProgramFiles%\Panda Software\AVTC\AVENGINE.EXE -> Panda Software International [Ver = 2, 1, 29, 0 | Size = 96560 bytes | Modified Date = 7/6/2007 8:14:09 AM | Attr =	]
psimsvc.exe -> %ProgramFiles%\Panda Software\AVTC\PSIMSVC.EXE -> Panda Software International [Ver = 2, 8, 8, 0 | Size = 108592 bytes | Modified Date = 5/24/2007 4:31:25 AM | Attr =	]
dlbkpswx.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\DLBKPSWX.EXE ->  [Ver = 1.0.0.0 | Size = 110592 bytes | Modified Date = 5/12/2003 3:02:32 PM | Attr =	]
rdiconverterservice.exe -> %CommonProgramFiles%\ICWM\Printer\RDIConverterService.exe -> Web Meeting [Ver = 3, 0, 71, 0 | Size = 59392 bytes | Modified Date = 1/17/2008 9:23:16 AM | Attr =	]
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 2/21/2006 9:39:16 PM | Attr =	]
hpgs2wnd.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe -> Hewlett-Packard [Ver = 2,4,0,26 | Size = 57344 bytes | Modified Date = 7/3/2001 9:11:52 AM | Attr =	]
hpztsb09.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.236.4.0 | Size = 176128 bytes | Modified Date = 7/22/2005 9:33:48 PM | Attr =	]
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> InstallShield Software Corporation [Ver = 4, 10, 100, 25539 | Size = 81920 bytes | Modified Date = 2/16/2005 5:15:20 PM | Attr =	]
psctrlc.exe -> %ProgramFiles%\Panda Software\AVTC\PSCtrlC.exe -> Panda Software International [Ver = 1, 3, 6, 9 | Size = 226608 bytes | Modified Date = 7/4/2007 3:48:46 AM | Attr =	]
dlbkbmgr.exe -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmgr.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 270336 bytes | Modified Date = 5/12/2003 3:02:26 PM | Attr =	]
hpgs2wnf.exe -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ->  [Ver = 2,4,0,26 | Size = 65536 bytes | Modified Date = 7/3/2001 9:17:04 AM | Attr =	]
mrohijup.exe -> %SystemRoot%\system32\mrohijup.exe ->  [Ver =  | Size = 81920 bytes | Modified Date = 8/18/2008 12:21:15 PM | Attr =	]
javaw.exe -> %ProgramFiles%\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe ->  [Ver =  | Size = 20549 bytes | Modified Date = 5/6/2001 11:14:22 AM | Attr =	]
teatimer.exe -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS]
dlbkbmon.exe -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmon.exe -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 53248 bytes | Modified Date = 5/12/2003 3:02:26 PM | Attr =	]
reader_sl.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr =	]
printkey.exe -> %SystemDrive%\PrintKey\printkey.exe -> Fred's Software Company [Ver = 4.0.0.1 | Size = 589824 bytes | Modified Date = 2/17/2005 7:41:25 AM | Attr =	]
mtstsmon.exe -> %ProgramFiles%\MicroTouch\TouchWare\MtsTsMon.exe -> 3M Touch Systems, Inc. [Ver = 5.64.1.1 | Size = 90112 bytes | Modified Date = 1/20/2003 3:36:38 PM | Attr =	]
otscanit.exe -> %UserProfile%\desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.16.2 | Size = 397312 bytes | Modified Date = 7/12/2008 9:29:54 AM | Attr =	]

[Win32 Services - Non-Microsoft Only]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 2/21/2006 9:39:16 PM | Attr =	]
(awhost32) pcAnywhere Host Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\pcAnywhere\awhost32.exe -> Symantec Corporation [Ver = 11.5.1.152 | Size = 106496 bytes | Modified Date = 5/20/2005 11:51:00 AM | Attr =	]
(Boonty Games) Boonty Games [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\BOONTY Shared\Service\Boonty.exe -> File not found
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(LexBceS) LexBce Server [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LEXBCES.EXE -> Lexmark International, Inc. [Ver = 8.16 | Size = 303104 bytes | Modified Date = 5/12/2003 3:02:32 PM | Attr =	]
(Panda Software Controller) Panda Software Controller [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\AVTC\PSCtrlS.exe -> Panda Software International [Ver = 1, 3, 9, 11 | Size = 378672 bytes | Modified Date = 8/22/2007 8:50:20 AM | Attr =	]
(PAVAGENTE) Panda AdminSecure Communications Agent [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe -> Panda Software [Ver = 4, 2, 0, 0 | Size = 431408 bytes | Modified Date = 10/19/2007 4:17:35 AM | Attr =	]
(PavAtScheduler) Panda AdminSecure Scheduler [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe -> Panda Software [Ver = 4, 2, 0, 0 | Size = 193840 bytes | Modified Date = 10/19/2007 4:16:25 AM | Attr =	]
(PavFnSvr) Panda Function Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Panda Software\AVTC\PavFnSvr.exe -> Panda Software International [Ver = 8.14.02.00 | Size = 167936 bytes | Modified Date = 7/12/2007 4:18:33 AM | Attr =	]
(PavPrSrv) Panda Process Protection Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Security [Ver = 1.3.2.0 | Size = 41776 bytes | Modified Date = 10/16/2007 4:40:26 AM | Attr =	]
(PavReport) Panda Antivirus Report Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Panda Software\Panda Administrator 3\PavReport\PavReport.exe -> Panda Software [Ver = 4, 2, 0, 0 | Size = 759088 bytes | Modified Date = 10/19/2007 4:18:30 AM | Attr =	]
(PavSrv) Panda Antivirus Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\AVTC\pavsrv51.exe -> Panda Software International [Ver = 2, 1, 26, 0 | Size = 148272 bytes | Modified Date = 7/16/2007 9:14:20 AM | Attr =	]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\system32\hpzipm12.exe -> HP [Ver = 5, 0, 5, 3 | Size = 65536 bytes | Modified Date = 8/1/2002 10:22:40 AM | Attr =	]
(PMShellSrv) Panda AntiSpam Engine [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Panda Software\AVTC\pskmssvc.exe -> Panda Software International [Ver = 1, 4, 3, 1 | Size = 67120 bytes | Modified Date = 1/15/2007 8:42:14 AM | Attr =	]
(PSHost) Panda Host Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Panda Software\AVTC\PSHost.exe -> Panda Software International [Ver = 1, 0, 0, 20 | Size = 226864 bytes | Modified Date = 5/31/2007 12:43:13 PM | Attr =	]
(PsImSvc) Panda IManager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\AVTC\PSIMSVC.EXE -> Panda Software International [Ver = 2, 8, 8, 0 | Size = 108592 bytes | Modified Date = 5/24/2007 4:31:25 AM | Attr =	]
(RDIConverterPrintHelper) RDI Document Conversion Helper [Win32_Own | Auto | Running] -> %CommonProgramFiles%\ICWM\Printer\RDIConverterService.exe -> Web Meeting [Ver = 3, 0, 71, 0 | Size = 59392 bytes | Modified Date = 1/17/2008 9:23:16 AM | Attr =	]
(TPSrv) Panda TPSrv [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Panda Software\AVTC\TPSrv.exe -> Panda Software International [Ver = 8, 0, 1, 0 | Size = 404784 bytes | Modified Date = 7/2/2007 6:14:36 AM | Attr =	]

[Driver Services - Non-Microsoft Only]
(APPFLT) App Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPFLT.SYS -> Panda Software [Ver = 2.2.0.44 | Size = 71736 bytes | Modified Date = 5/11/2007 3:33:04 AM | Attr =	]
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> ATI Technologies Inc. [Ver = 6.14.10.6601 | Size = 1505792 bytes | Modified Date = 2/21/2006 9:46:26 PM | Attr =	]
(AvFlt) Antivirus Filter Driver [File_System | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\av5flt.sys -> File not found
(awecho) awecho [Kernel | System | Running] -> %SystemRoot%\system32\drivers\awechomd.sys -> Symantec Corporation [Ver = 12.0 | Size = 8368 bytes | Modified Date = 3/5/2004 12:52:22 PM | Attr =	]
(awlegacy) awlegacy [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AWLEGACY.sys -> Symantec Corporation [Ver = 11.0.1.764 | Size = 11165 bytes | Modified Date = 11/17/2003 6:06:48 PM | Attr =	]
(AW_HOST) AW_HOST [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\AW_HOST5.sys -> Symantec Corporation [Ver = 11.0.1.761 | Size = 16984 bytes | Modified Date = 10/23/2003 10:32:20 AM | Attr =	]
(cmuda) C-Media WDM Audio Interface [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\cmuda.sys -> C-Media Inc [Ver = 5.12.01.0051.3 (73) | Size = 1373120 bytes | Modified Date = 6/9/2006 11:58:22 PM | Attr =	]
(dmboot) dmboot [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dmboot.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 799744 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dmio) Logical Disk Manager Driver [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\dmio.sys -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 153344 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(dmload) dmload [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\dmload.sys -> Microsoft Corp., Veritas Software. [Ver = 2600.0.503.0 | Size = 5888 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(DSAFLT) DSA Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\dsaflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 51256 bytes | Modified Date = 5/11/2007 3:33:06 AM | Attr =	]
(E100B) Intel(R) PRO Network Connection Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> Intel Corporation [Ver = 8.0.19.0 built by: WinDDK | Size = 157696 bytes | Modified Date = 4/2/2006 5:38:02 PM | Attr = R  ]
(FNETMON) NetMon Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\fnetmon.sys -> Panda Software [Ver = 2.2.0.27 | Size = 22072 bytes | Modified Date = 5/11/2007 3:33:18 AM | Attr =	]
(Gernuwa) Gernuwa [Kernel | Boot | Running] -> %SystemRoot%\System32\drivers\GERNUWA.sys -> Symantec Corporation [Ver = 11.0.0.695 | Size = 13898 bytes | Modified Date = 4/21/2003 1:00:32 PM | Attr =	]
(IDSFLT) Ids Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\idsflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 191672 bytes | Modified Date = 7/11/2007 5:39:46 AM | Attr =	]
(ltmodem5) LT Modem Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ltmdmnt.sys -> LT [Ver = 8.28 | Size = 606684 bytes | Modified Date = 8/3/2004 5:41:36 PM | Attr =	]
(MtsTch) MicroTouch touch screen [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\MtsTch.sys -> 3M Touch Systems, Inc. [Ver = 5.64.0.0 | Size = 32416 bytes | Modified Date = 11/7/2002 12:04:50 PM | Attr =	]
(NETFLTDI) Panda Net Driver [TDI Layer] [Kernel | System | Running] -> %SystemRoot%\system32\drivers\NETFLTDI.SYS -> Panda Software [Ver = 2.2.0.26 | Size = 132920 bytes | Modified Date = 5/11/2007 3:33:24 AM | Attr =	]
(NETIMFLT) PANDA NDIS IM Filter Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\netimflt.sys -> Panda Software [Ver = 1, 5, 0, 0 | Size = 142128 bytes | Modified Date = 4/24/2007 9:43:55 AM | Attr =	]
(NpaFlt) Panda NpaFlt Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\npaflt.sys -> Panda Software [Ver = 1, 4, 0, 47 | Size = 54712 bytes | Modified Date = 6/11/2007 11:39:54 AM | Attr =	]
(pavdrv) pavdrv [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\pavdrv51.sys -> Panda Software International [Ver = 7.1.1.0 (av07_rtm.070323-1018) | Size = 83640 bytes | Modified Date = 6/6/2007 5:43:31 AM | Attr =	]
(PavProc) Panda Process Protection Driver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\PavProc.sys -> Panda Security [Ver = 1.1.8.0 | Size = 179384 bytes | Modified Date = 10/15/2007 6:16:00 AM | Attr =	]
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> Parallel Technologies, Inc. [Ver = 1.10 (XPClient.010817-1148) | Size = 17792 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.03.086 | Size = 20480 bytes | Modified Date = 11/13/2007 5:25:53 AM | Attr =	]
(ShldDrv) Panda File Shield Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ShlDrv51.sys -> Panda Security [Ver = 1.3.15.0 | Size = 39096 bytes | Modified Date = 10/17/2007 7:03:53 AM | Attr =	]
(SMSFLT) SMS Filter Plugin [Kernel | System | Running] -> %SystemRoot%\system32\drivers\smsflt.sys -> Panda Software International [Ver = 1, 5, 0, 0 | Size = 37304 bytes | Modified Date = 5/11/2007 3:33:32 AM | Attr =	]
(SymEvent) SymEvent [Kernel | On_Demand | Stopped] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> Symantec Corporation [Ver = 11.4.0.6 | Size = 82832 bytes | Modified Date = 4/4/2006 11:28:25 AM | Attr =	]
(WNMFLT) Wifi Monitor Filter Plugin [Kernel | System | Stopped] -> %SystemRoot%\system32\Drivers\WNMFLT.SYS -> File not found
(X4HSX32) X4HSX32 [Kernel | Auto | Running] -> %ProgramFiles%\GameTap\bin\Release\X4HSX32.sys -> Exent Technologies Ltd. [Ver = 07.00.02.02 | Size = 31400 bytes | Modified Date = 1/24/2008 6:11:58 AM | Attr =	]

[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
Cmaudio ->  [RunDll32 cmicnfg.cpl,CMICtrlWnd] -> File not found
Dell AIO Printer A920 -> %ProgramFiles%\Dell AIO Printer A920\dlbkbmgr.exe ["C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"] -> Dell Computer Corporation [Ver = 0.1.1.1 | Size = 270336 bytes | Modified Date = 5/12/2003 3:02:26 PM | Attr =	]
HPDJ Taskbar Utility -> %SystemRoot%\system32\spool\drivers\w32x86\3\hpztsb09.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe] -> HP [Ver = 2.236.4.0 | Size = 176128 bytes | Modified Date = 7/22/2005 9:33:48 PM | Attr =	]
ISUSPM Startup -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> InstallShield Software Corporation [Ver = 3, 10, 100, 1143 | Size = 221184 bytes | Modified Date = 6/14/2004 5:18:48 PM | Attr =	]
ISUSScheduler -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> InstallShield Software Corporation [Ver = 4, 10, 100, 25539 | Size = 81920 bytes | Modified Date = 2/16/2005 5:15:20 PM | Attr =	]
NeroFilterCheck -> %SystemRoot%\system32\NeroCheck.exe [C:\WINDOWS\system32\NeroCheck.exe] -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 7/9/2001 10:50:42 AM | Attr =	]
Panda Controller Client -> %ProgramFiles%\Panda Software\AVTC\PSCtrlC.exe ["C:\Program Files\PANDA SOFTWARE\AVTC\PSCtrlC.exe"] -> Panda Software International [Ver = 1, 3, 6, 9 | Size = 226608 bytes | Modified Date = 7/4/2007 3:48:46 AM | Attr =	]
Share-to-Web Namespace Daemon -> %ProgramFiles%\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe] -> Hewlett-Packard [Ver = 2,4,0,26 | Size = 57344 bytes | Modified Date = 7/3/2001 9:11:52 AM | Attr =	]
SunJavaUpdateSched -> %ProgramFiles%\Business Objects\JRE\bin\jusched.exe [C:\Program Files\Business Objects\JRE\bin\jusched.exe] ->  [Ver =  | Size = 32881 bytes | Modified Date = 2/22/2004 11:44:44 PM | Attr =	]
TomcatStartup -> %ProgramFiles%\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe [C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe] -> Hewlett-Packard [Ver = 2, 0, 0, 3 | Size = 155648 bytes | Modified Date = 3/31/2003 7:28:28 PM | Attr =	]
< OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> 
IMAIL-> Installed = 1 -> 
MAPI-> Installed = 1 -> 
MSFS-> Installed = 1 -> 
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
cmddbui -> %SystemRoot%\system32\ynevgtqr.exe [C:\WINDOWS\system32\ynevgtqr.exe] ->  [Ver =  | Size = 86016 bytes | Modified Date = 8/18/2008 5:04:20 PM | Attr =	]
GenProc -> %SystemRoot%\system32\mrohijup.exe [C:\WINDOWS\system32\mrohijup.exe] ->  [Ver =  | Size = 81920 bytes | Modified Date = 8/18/2008 12:21:15 PM | Attr =	]
SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe] -> Safer Networking Limited [Ver = 1, 6, 2, 23 | Size = 1832272 bytes | Modified Date = 8/18/2008 6:41:00 PM | Attr = RHS]
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\Shortcut to printkey.exe.lnk -> %SystemDrive%\PrintKey\printkey.exe -> Fred's Software Company [Ver = 4.0.0.1 | Size = 589824 bytes | Modified Date = 2/17/2005 7:41:25 AM | Attr =	]
%AllUsersProfile%\Start Menu\Programs\Startup\TouchWare Monitor.lnk -> %ProgramFiles%\MicroTouch\TouchWare\MtsTsMon.exe -> 3M Touch Systems, Inc. [Ver = 5.64.1.1 | Size = 90112 bytes | Modified Date = 1/20/2003 3:36:38 PM | Attr =	]
< krs.KSCOMPUTINGINC Startup Folder > -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Start Menu\Programs\Startup -> 
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> 
{20F2B97D-8A58-13D7-40CD-228A5A0F5F90} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [GleWRJTXnIPHpSo] -> File not found
< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 
msapsspc.dll schannel.dll digest.dll msnsspc.dll msnsspc.dll ->  -> File not found
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234) | Size = 1033216 bytes | Modified Date = 6/13/2007 5:23:07 AM | Attr =	]
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 24576 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 
logonui.exe -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 514560 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245) | Size = 8460288 bytes | Modified Date = 10/25/2007 10:34:01 PM | Attr =	]
Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 2/21/2006 9:40:30 PM | Attr =	]
PCANotify -> %SystemRoot%\system32\PCANotify.dll -> Symantec Corporation [Ver = 11.5.1.152 | Size = 8704 bytes | Modified Date = 5/20/2005 11:51:00 AM | Attr =	]
< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoWelcomeScreen -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID\\{17492023-C23A-453E-A040-C7C580BBF700} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\DisableCAD -> 0 -> 
< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 91 00 00 00  [binary data] -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> 
< CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->
*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 
SCSI miniport ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 
*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 
NEC	 MBR-7	->  -> File not found
NEC	 MBR-7.4  ->  -> File not found
PIONEER CHANGR DRM-1804X ->  -> File not found
PIONEER CD-ROM DRM-6324X ->  -> File not found
PIONEER CD-ROM DRM-624X  ->  -> File not found
TORiSAN CD-ROM CDR_C36 ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> IDE\CdRomSONY_DVD_RW_DRU-720A____________________JY02____\5&17de5fa&0&0.0.0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> 1 -> 
< Drives - Autoruns > ->  -> 
AUTOEXEC.BAT [SET SQLANY=C:\dvwin | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 21 bytes | Modified Date = 10/16/2006 11:06:52 AM | Attr =	]
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 
HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 
HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Local Page -> C:\windows\system32\blank.htm -> 
HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 
HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> 
HKEY_CURRENT_USER\: SearchURL\\ -> http://home.microsoft.com/access/autosearch.asp?p=%s[Reg Error: Value provider does not exist or could not be read.] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! uC] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 12/18/2007 4:49:22 PM | Attr =	]
HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4efb-9B51-7695ECA05670} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [&Yahoo! Toolbar Helper] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 12/18/2007 4:49:22 PM | Attr =	]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.7.2006011200 | Size = 63128 bytes | Modified Date = 1/12/2006 8:38:22 PM | Attr =	]
{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =	]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 5:09:42 PM | Attr =	]
{7E853D72-626A-48EC-A868-BA8D5E23E045} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn\yt.dll [Yahoo! uC] -> Yahoo! Inc. [Ver = 2007, 12, 18, 1 | Size = 817936 bytes | Modified Date = 12/18/2007 4:49:22 PM | Attr =	]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}:{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! Services] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 5:09:42 PM | Attr =	]
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 6, 0, 12 | Size = 1562448 bytes | Modified Date = 7/7/2008 9:41:58 AM | Attr =	]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [Yahoo! IE Services Button] -> Yahoo! Inc. [Ver = 2007, 12, 12, 1 | Size = 222448 bytes | Modified Date = 12/12/2007 5:09:42 PM | Attr =	]
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{31377A45-20EE-459C-A0AD-95A783F02CE9} ->	(Intel(R) PRO/100 VE Network Connection) -> 
{78E0A76B-8DF9-49A7-A586-D673695E1B75} ->	() -> 
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 
ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 
{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 
{2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2}[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/web_games/playfirst/trijinx/TriJinx.1.0.0.55.cab[CPlayFirstTriJinxControl Object] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}[HKEY_LOCAL_MACHINE] -> C:\Program Files\Yahoo!\Common\Yinsthelper.dll[Installation Support] -> 
{49232000-16E4-426C-A231-62846947304B}[HKEY_LOCAL_MACHINE] -> http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab[SysData Class] -> 
{6414512B-B978-451D-A0D8-FCFDF33E833C}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144109909906[WUWebControl Class] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1144109992359[MUWebControl Class] -> 
{6F15128C-E66A-490C-B848-5000B5ABEEAC}[HKEY_LOCAL_MACHINE] -> https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab[HP Download Manager] -> 
{77E32299-629F-43C6-AB77-6A1E6D7663F6}[HKEY_LOCAL_MACHINE] -> http://www.nick.com/common/groove/gx/GrooveAX27.cab[Groove Control] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_04] -> 
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/as5free/asinst.cab[ActiveScan Installer Class] -> 
{ABB660B6-6694-407B-950A-EDBA5A159722}[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/web_games/sony/davinci/DVCDownloadControl.cab[DVCDownloadControl] -> 
{B8BE5E93-A60C-4D26-A2DC-220313175592}[HKEY_LOCAL_MACHINE] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab[MSN Games - Installer] -> 
{BE319D04-18BD-4B34-AECC-EE7CB610FCA9}[HKEY_LOCAL_MACHINE] -> http://aolsvc.aol.com/onlinegames/sonybewitched/main.cab[BewitchedGameClass Control] -> 
{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_04] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 
{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41}[HKEY_LOCAL_MACHINE] -> http://download.games.yahoo.com/games/web_games/tikgames/goldfever/goldfever.cab[TikGames Online Control] -> 
{E473A65C-8087-49A3-AFFD-C5BC4A10669B}[HKEY_LOCAL_MACHINE] -> http://mvnet.xlontech.net/qm/fox/06101102/qsp2ie06101001.cab[Reg Error: Key does not exist or could not be opened.] -> 
{E93E9DF0-3E59-4331-A269-F1E077C66F00}[HKEY_LOCAL_MACHINE] -> http://cnn-5.vo.llnwd.net/c1/static/client/browserplayer/gtplugin.cab[GameTap Web Plugin] -> 
Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 
< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\.Owner -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/asinst.dll\\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.dat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.dat\\.Owner -> {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.dat\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.xml\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.xml\\.Owner -> {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/bewitched.xml\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BewitchedGameClass.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BewitchedGameClass.ocx\\.Owner -> {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/BewitchedGameClass.ocx\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DVCDownloadControl.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DVCDownloadControl.ocx\\.Owner -> {ABB660B6-6694-407B-950A-EDBA5A159722} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/DVCDownloadControl.ocx\\{ABB660B6-6694-407B-950A-EDBA5A159722} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gpcontrol.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gpcontrol.dll\\.Owner -> {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gpcontrol.dll\\{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\\.Owner -> {77E32299-629F-43C6-AB77-6A1E6D7663F6} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/GrooveAX.dll\\{77E32299-629F-43C6-AB77-6A1E6D7663F6} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gtplugin.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gtplugin.ocx\\.Owner -> {E93E9DF0-3E59-4331-A269-F1E077C66F00} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/gtplugin.ocx\\{E93E9DF0-3E59-4331-A269-F1E077C66F00} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPBasicDetection3.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPBasicDetection3.dll\\.Owner -> {49232000-16E4-426C-A231-62846947304B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPBasicDetection3.dll\\{49232000-16E4-426C-A231-62846947304B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPDEXAXO.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPDEXAXO.dll\\.Owner -> {6F15128C-E66A-490C-B848-5000B5ABEEAC} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPDEXAXO.dll\\{6F15128C-E66A-490C-B848-5000B5ABEEAC} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPProductDetails.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPProductDetails.dll\\.Owner -> {49232000-16E4-426C-A231-62846947304B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HPProductDetails.dll\\{49232000-16E4-426C-A231-62846947304B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LogInfo.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LogInfo.dll\\.Owner -> {49232000-16E4-426C-A231-62846947304B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/LogInfo.dll\\{49232000-16E4-426C-A231-62846947304B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SysInfo.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SysInfo.dll\\.Owner -> {49232000-16E4-426C-A231-62846947304B} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SysInfo.dll\\{49232000-16E4-426C-A231-62846947304B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TriJinx.1.0.0.55.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TriJinx.1.0.0.55.dll\\.Owner -> {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/TriJinx.1.0.0.55.dll\\{2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\.Owner -> {B8BE5E93-A60C-4D26-A2DC-220313175592} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ZIntro.ocx\\{B8BE5E93-A60C-4D26-A2DC-220313175592} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/atl.dll\\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/fmod.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/fmod.dll\\.Owner -> {BE319D04-18BD-4B34-AECC-EE7CB610FCA9} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/fmod.dll\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MFC71.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MFC71.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/MFC71.dll\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\{49232000-16E4-426C-A231-62846947304B} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcr71.dll\\{BE319D04-18BD-4B34-AECC-EE7CB610FCA9} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\.Owner -> Unknown Owner -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll\\{6414512B-B978-451D-A0D8-FCFDF33E833C} ->  -> 


[Registry - Additional Scans - Non-Microsoft Only]
< BotCheck > -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MSI_Place_holder -> "9x Msi uninstaller fix" -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\\DisableMonitoring -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\\DisableMonitoring -> 0 -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 
Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->
*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 
*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 
kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522) | Size = 295936 bytes | Modified Date = 6/15/2005 12:49:30 PM | Attr =	]
msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226) | Size = 144896 bytes | Modified Date = 4/25/2007 9:21:15 AM | Attr =	]
wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516) | Size = 49152 bytes | Modified Date = 3/23/2006 11:37:50 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 1100 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 
*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 
scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 180224 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 
*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 
Windows NT Access Provider ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 118784 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> D9 FA B2 F0 19 04 7C 1B 1D DB 95 E0 97 A8 B4 6E 39 66 63 32 37 36 66 66 00 FD 07 00 E6 2E 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 39 6D E7 9D 09 8B C2 9E 46 60 1B 9F  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 22 14 86 03 7A 99 0F C8 02  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 77 A1 3F 6E 15 7A  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 49 00 58 50 E4 35 96 C5 62 C6 42 6C D1 23 52 08  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 7C 1D 63 DA 3E 06 C9 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 E0 60 91 1A 7A C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 E0 60 91 1A 7A C4 01  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 78 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 331264 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> %ProgramFiles%\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> Microsoft Corporation [Ver = 4.1.4841.0 | Size = 180224 bytes | Modified Date = 11/15/2005 7:42:22 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> %ProgramFiles%\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 4.1.4841.0 | Size = 1200128 bytes | Modified Date = 11/15/2005 7:44:14 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> %ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> Microsoft Corporation [Ver = 4.1.4841.0 | Size = 1970176 bytes | Modified Date = 11/15/2005 7:43:04 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe -> %ProgramFiles%\Sybase\SQL Anywhere 9\win32\dbisqlg.exe [C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe:*:Enabled:Adaptive Server Anywhere ISQL] -> iAnywhere Solutions, Inc. [Ver = 9.0.2.3267 | Size = 135168 bytes | Modified Date = 2/23/2006 12:59:58 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe -> %ProgramFiles%\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe [C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe:*:Enabled:Sybase Central] ->  [Ver =  | Size = 102400 bytes | Modified Date = 2/6/2006 4:14:52 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe -> %ProgramFiles%\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe [C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw] ->  [Ver =  | Size = 20549 bytes | Modified Date = 5/6/2001 11:14:22 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe -> %ProgramFiles%\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe [C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe] -> Panda Software [Ver = 4, 2, 0, 0 | Size = 431408 bytes | Modified Date = 10/19/2007 4:17:35 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\PANDA SOFTWARE\AVTC\PSHost.exe -> %ProgramFiles%\Panda Software\AVTC\PSHost.exe [C:\Program Files\PANDA SOFTWARE\AVTC\PSHost.exe] -> Panda Software International [Ver = 1, 0, 0, 20 | Size = 226864 bytes | Modified Date = 5/31/2007 12:43:13 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sysrest32.exe -> %SystemRoot%\system32\sysrest32.exe [C:\WINDOWS\system32\sysrest32.exe:*:Enabled:enable] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer| -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchIndexer-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer| -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-1 -> V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost| -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System\\SearchFilterHost-2 -> V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost| -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 140800 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> %ProgramFiles%\Microsoft ActiveSync\rapimgr.exe [C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager] -> Microsoft Corporation [Ver = 4.1.4841.0 | Size = 180224 bytes | Modified Date = 11/15/2005 7:42:22 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> %ProgramFiles%\Microsoft ActiveSync\wcescomm.exe [C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager] -> Microsoft Corporation [Ver = 4.1.4841.0 | Size = 1200128 bytes | Modified Date = 11/15/2005 7:44:14 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> %ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe [C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application] -> Microsoft Corporation [Ver = 4.1.4841.0 | Size = 1970176 bytes | Modified Date = 11/15/2005 7:43:04 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.3012 (xpsp.061010-0355) | Size = 557568 bytes | Modified Date = 10/10/2006 7:44:50 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe -> %ProgramFiles%\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe [C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe] -> Panda Software [Ver = 4, 2, 0, 0 | Size = 431408 bytes | Modified Date = 10/19/2007 4:17:35 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\PANDA SOFTWARE\AVTC\PSHost.exe -> %ProgramFiles%\Panda Software\AVTC\PSHost.exe [C:\Program Files\PANDA SOFTWARE\AVTC\PSHost.exe] -> Panda Software International [Ver = 1, 0, 0, 20 | Size = 226864 bytes | Modified Date = 5/31/2007 12:43:13 PM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP -> 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 6656 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 14336 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 59904 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 73216 bytes | Modified Date = 8/4/2004 7:00:00 AM | Attr =	]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 
*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 
RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528) | Size = 397824 bytes | Modified Date = 7/25/2005 11:39:49 PM | Attr =	]
TCPIP ->  -> File not found
NTLMSSP ->  -> File not found
*MultiFile Done* -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 


[Files/Folders - Created Within 30 days]
C#2005 -> %SystemDrive%\C#2005 ->  [Folder | Created Date = 8/7/2008 2:28:13 PM | Attr =	]
c#testapp -> %SystemDrive%\c#testapp ->  [Folder | Created Date = 8/7/2008 12:16:36 PM | Attr =	]
HijackThis2 -> %SystemDrive%\HijackThis2 ->  [Folder | Created Date = 8/24/2008 11:47:14 PM | Attr =	]
IPaq -> %SystemDrive%\IPaq ->  [Folder | Created Date = 8/10/2008 1:02:59 PM | Attr =	]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 8/24/2008 11:59:31 PM | Attr =	]
SmitfraudFix -> %SystemDrive%\SmitfraudFix ->  [Folder | Created Date = 8/24/2008 6:59:10 PM | Attr =	]
smitfraudfix2 -> %SystemDrive%\smitfraudfix2 ->  [Folder | Created Date = 8/24/2008 11:50:40 PM | Attr =	]
updatereg.bat -> %SystemDrive%\updatereg.bat ->  [Ver =  | Size = 169 bytes | Created Date = 8/24/2008 8:49:53 PM | Attr =	]
big5.nls -> %SystemRoot%\System32\dllcache\big5.nls ->  [Ver =  | Size = 66728 bytes | Created Date = 8/24/2008 12:58:22 PM | Attr =	]
bopomofo.nls -> %SystemRoot%\System32\dllcache\bopomofo.nls ->  [Ver =  | Size = 82172 bytes | Created Date = 8/24/2008 12:58:23 PM | Attr =	]
cap7146.sys -> %SystemRoot%\System32\dllcache\cap7146.sys -> Philips Semiconductors GmbH [Ver = 1.00 (XPClient.010817-1148) | Size = 54528 bytes | Created Date = 8/24/2008 12:58:33 PM | Attr =	]
chtskf.dll -> %SystemRoot%\System32\dllcache\chtskf.dll ->  [Ver =  | Size = 173568 bytes | Created Date = 8/24/2008 12:58:37 PM | Attr =	]
c_10001.nls -> %SystemRoot%\System32\dllcache\c_10001.nls ->  [Ver =  | Size = 162850 bytes | Created Date = 8/24/2008 12:58:24 PM | Attr =	]
c_10002.nls -> %SystemRoot%\System32\dllcache\c_10002.nls ->  [Ver =  | Size = 195618 bytes | Created Date = 8/24/2008 12:58:25 PM | Attr =	]
c_10003.nls -> %SystemRoot%\System32\dllcache\c_10003.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 8/24/2008 12:58:25 PM | Attr =	]
c_10004.nls -> %SystemRoot%\System32\dllcache\c_10004.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:25 PM | Attr =	]
c_10005.nls -> %SystemRoot%\System32\dllcache\c_10005.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:25 PM | Attr =	]
c_10008.nls -> %SystemRoot%\System32\dllcache\c_10008.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 8/24/2008 12:58:25 PM | Attr =	]
c_10021.nls -> %SystemRoot%\System32\dllcache\c_10021.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:25 PM | Attr =	]
c_1047.nls -> %SystemRoot%\System32\dllcache\c_1047.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:26 PM | Attr =	]
c_1140.nls -> %SystemRoot%\System32\dllcache\c_1140.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:26 PM | Attr =	]
c_1141.nls -> %SystemRoot%\System32\dllcache\c_1141.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:26 PM | Attr =	]
c_1142.nls -> %SystemRoot%\System32\dllcache\c_1142.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:26 PM | Attr =	]
c_1143.nls -> %SystemRoot%\System32\dllcache\c_1143.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:26 PM | Attr =	]
c_1144.nls -> %SystemRoot%\System32\dllcache\c_1144.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:26 PM | Attr =	]
c_1145.nls -> %SystemRoot%\System32\dllcache\c_1145.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:26 PM | Attr =	]
c_1146.nls -> %SystemRoot%\System32\dllcache\c_1146.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:26 PM | Attr =	]
c_1147.nls -> %SystemRoot%\System32\dllcache\c_1147.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:26 PM | Attr =	]
c_1148.nls -> %SystemRoot%\System32\dllcache\c_1148.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:26 PM | Attr =	]
c_1149.nls -> %SystemRoot%\System32\dllcache\c_1149.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:27 PM | Attr =	]
c_1361.nls -> %SystemRoot%\System32\dllcache\c_1361.nls ->  [Ver =  | Size = 189986 bytes | Created Date = 8/24/2008 12:58:27 PM | Attr =	]
c_20000.nls -> %SystemRoot%\System32\dllcache\c_20000.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 8/24/2008 12:58:27 PM | Attr =	]
c_20001.nls -> %SystemRoot%\System32\dllcache\c_20001.nls ->  [Ver =  | Size = 186402 bytes | Created Date = 8/24/2008 12:58:27 PM | Attr =	]
c_20002.nls -> %SystemRoot%\System32\dllcache\c_20002.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 8/24/2008 12:58:27 PM | Attr =	]
c_20003.nls -> %SystemRoot%\System32\dllcache\c_20003.nls ->  [Ver =  | Size = 185378 bytes | Created Date = 8/24/2008 12:58:28 PM | Attr =	]
c_20004.nls -> %SystemRoot%\System32\dllcache\c_20004.nls ->  [Ver =  | Size = 180258 bytes | Created Date = 8/24/2008 12:58:28 PM | Attr =	]
c_20005.nls -> %SystemRoot%\System32\dllcache\c_20005.nls ->  [Ver =  | Size = 187938 bytes | Created Date = 8/24/2008 12:58:28 PM | Attr =	]
c_20105.nls -> %SystemRoot%\System32\dllcache\c_20105.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:28 PM | Attr =	]
c_20106.nls -> %SystemRoot%\System32\dllcache\c_20106.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:28 PM | Attr =	]
c_20107.nls -> %SystemRoot%\System32\dllcache\c_20107.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:28 PM | Attr =	]
c_20108.nls -> %SystemRoot%\System32\dllcache\c_20108.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:28 PM | Attr =	]
c_20269.nls -> %SystemRoot%\System32\dllcache\c_20269.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:28 PM | Attr =	]
c_20273.nls -> %SystemRoot%\System32\dllcache\c_20273.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:28 PM | Attr =	]
c_20277.nls -> %SystemRoot%\System32\dllcache\c_20277.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:29 PM | Attr =	]
c_20278.nls -> %SystemRoot%\System32\dllcache\c_20278.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:29 PM | Attr =	]
c_20280.nls -> %SystemRoot%\System32\dllcache\c_20280.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:29 PM | Attr =	]
c_20284.nls -> %SystemRoot%\System32\dllcache\c_20284.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:29 PM | Attr =	]
c_20285.nls -> %SystemRoot%\System32\dllcache\c_20285.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:29 PM | Attr =	]
c_20290.nls -> %SystemRoot%\System32\dllcache\c_20290.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:29 PM | Attr =	]
c_20297.nls -> %SystemRoot%\System32\dllcache\c_20297.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:29 PM | Attr =	]
c_20420.nls -> %SystemRoot%\System32\dllcache\c_20420.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:29 PM | Attr =	]
c_20423.nls -> %SystemRoot%\System32\dllcache\c_20423.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:29 PM | Attr =	]
c_20424.nls -> %SystemRoot%\System32\dllcache\c_20424.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:29 PM | Attr =	]
c_20833.nls -> %SystemRoot%\System32\dllcache\c_20833.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:29 PM | Attr =	]
c_20838.nls -> %SystemRoot%\System32\dllcache\c_20838.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:29 PM | Attr =	]
c_20871.nls -> %SystemRoot%\System32\dllcache\c_20871.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:30 PM | Attr =	]
c_20880.nls -> %SystemRoot%\System32\dllcache\c_20880.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:30 PM | Attr =	]
c_20924.nls -> %SystemRoot%\System32\dllcache\c_20924.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:30 PM | Attr =	]
c_20932.nls -> %SystemRoot%\System32\dllcache\c_20932.nls ->  [Ver =  | Size = 180770 bytes | Created Date = 8/24/2008 12:58:30 PM | Attr =	]
c_20936.nls -> %SystemRoot%\System32\dllcache\c_20936.nls ->  [Ver =  | Size = 173602 bytes | Created Date = 8/24/2008 12:58:30 PM | Attr =	]
c_20949.nls -> %SystemRoot%\System32\dllcache\c_20949.nls ->  [Ver =  | Size = 177698 bytes | Created Date = 8/24/2008 12:58:30 PM | Attr =	]
c_21025.nls -> %SystemRoot%\System32\dllcache\c_21025.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:30 PM | Attr =	]
c_21027.nls -> %SystemRoot%\System32\dllcache\c_21027.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:30 PM | Attr =	]
c_28596.nls -> %SystemRoot%\System32\dllcache\c_28596.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:31 PM | Attr =	]
c_708.nls -> %SystemRoot%\System32\dllcache\c_708.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:31 PM | Attr =	]
c_720.nls -> %SystemRoot%\System32\dllcache\c_720.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/24/2008 12:58:31 PM | Attr =	]
c_858.nls -> %SystemRoot%\System32\dllcache\c_858.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/24/2008 12:58:32 PM | Attr =	]
c_862.nls -> %SystemRoot%\System32\dllcache\c_862.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/24/2008 12:58:32 PM | Attr =	]
c_864.nls -> %SystemRoot%\System32\dllcache\c_864.nls ->  [Ver =  | Size = 66594 bytes | Created Date = 8/24/2008 12:58:32 PM | Attr =	]
c_870.nls -> %SystemRoot%\System32\dllcache\c_870.nls ->  [Ver =  | Size = 66082 bytes | Created Date = 8/24/2008 12:58:32 PM | Attr =	]
esucmd.dll -> %SystemRoot%\System32\dllcache\esucmd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 31744 bytes | Created Date = 8/24/2008 12:58:57 PM | Attr =	]
esuimgd.dll -> %SystemRoot%\System32\dllcache\esuimgd.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 57856 bytes | Created Date = 8/24/2008 12:58:58 PM | Attr =	]
esunid.dll -> %SystemRoot%\System32\dllcache\esunid.dll -> SEIKO EPSON CORP. [Ver = 1.00 | Size = 45056 bytes | Created Date = 8/24/2008 12:58:58 PM | Attr =	]
FP4.CAT -> %SystemRoot%\System32\dllcache\FP4.CAT ->  [Ver =  | Size = 31281 bytes | Created Date = 8/24/2008 12:42:50 PM | Attr =	]
fpencode.dll -> %SystemRoot%\System32\dllcache\fpencode.dll ->  [Ver =  | Size = 94208 bytes | Created Date = 8/24/2008 12:59:02 PM | Attr =	]
hanja.lex -> %SystemRoot%\System32\dllcache\hanja.lex ->  [Ver =  | Size = 108827 bytes | Created Date = 8/24/2008 12:59:09 PM | Attr =	]
HPCRDP.CAT -> %SystemRoot%\System32\dllcache\HPCRDP.CAT ->  [Ver =  | Size = 13472 bytes | Created Date = 8/24/2008 12:42:51 PM | Attr =	]
hwxjpn.dll -> %SystemRoot%\System32\dllcache\hwxjpn.dll ->  [Ver =  | Size = 13463552 bytes | Created Date = 8/24/2008 12:59:15 PM | Attr =	]
IASNT4.CAT -> %SystemRoot%\System32\dllcache\IASNT4.CAT ->  [Ver =  | Size = 8574 bytes | Created Date = 8/24/2008 12:42:51 PM | Attr =	]
imekr.lex -> %SystemRoot%\System32\dllcache\imekr.lex ->  [Ver =  | Size = 134339 bytes | Created Date = 8/24/2008 12:59:27 PM | Attr =	]
imjpinst.exe -> %SystemRoot%\System32\dllcache\imjpinst.exe ->  [Ver =  | Size = 196665 bytes | Created Date = 8/24/2008 12:59:29 PM | Attr =	]
IMS.CAT -> %SystemRoot%\System32\dllcache\IMS.CAT ->  [Ver =  | Size = 13753 bytes | Created Date = 8/24/2008 12:42:51 PM | Attr =	]
imscinst.exe -> %SystemRoot%\System32\dllcache\imscinst.exe ->  [Ver =  | Size = 59392 bytes | Created Date = 8/24/2008 12:59:30 PM | Attr =	]
korwbrkr.lex -> %SystemRoot%\System32\dllcache\korwbrkr.lex ->  [Ver =  | Size = 1158818 bytes | Created Date = 8/24/2008 12:59:42 PM | Attr =	]
ksc.nls -> %SystemRoot%\System32\dllcache\ksc.nls ->  [Ver =  | Size = 47066 bytes | Created Date = 8/24/2008 12:59:43 PM | Attr =	]
MAPIMIG.CAT -> %SystemRoot%\System32\dllcache\MAPIMIG.CAT ->  [Ver =  | Size = 399645 bytes | Created Date = 8/24/2008 12:42:50 PM | Attr =	]
mediactr.cat -> %SystemRoot%\System32\dllcache\mediactr.cat ->  [Ver =  | Size = 31965 bytes | Created Date = 8/24/2008 12:42:51 PM | Attr =	]
MSMSGS.CAT -> %SystemRoot%\System32\dllcache\MSMSGS.CAT ->  [Ver =  | Size = 9581 bytes | Created Date = 8/24/2008 12:42:51 PM | Attr =	]
msn7.cat -> %SystemRoot%\System32\dllcache\msn7.cat ->  [Ver =  | Size = 24209 bytes | Created Date = 8/24/2008 12:42:51 PM | Attr =	]
msn9.cat -> %SystemRoot%\System32\dllcache\msn9.cat ->  [Ver =  | Size = 11651 bytes | Created Date = 8/24/2008 12:42:51 PM | Attr =	]
MSTSWEB.CAT -> %SystemRoot%\System32\dllcache\MSTSWEB.CAT ->  [Ver =  | Size = 7245 bytes | Created Date = 8/24/2008 12:42:51 PM | Attr =	]
MW770.CAT -> %SystemRoot%\System32\dllcache\MW770.CAT ->  [Ver =  | Size = 37484 bytes | Created Date = 8/24/2008 12:42:51 PM | Attr =	]
netfx.cat -> %SystemRoot%\System32\dllcache\netfx.cat ->  [Ver =  | Size = 141702 bytes | Created Date = 8/24/2008 12:42:51 PM | Attr =	]
NT5.CAT -> %SystemRoot%\System32\dllcache\NT5.CAT ->  [Ver =  | Size = 2012670 bytes | Created Date = 8/24/2008 12:42:49 PM | Attr =	]
NT5IIS.CAT -> %SystemRoot%\System32\dllcache\NT5IIS.CAT ->  [Ver =  | Size = 797189 bytes | Created Date = 8/24/2008 12:42:50 PM | Attr =	]
NT5INF.CAT -> %SystemRoot%\System32\dllcache\NT5INF.CAT ->  [Ver =  | Size = 502724 bytes | Created Date = 8/24/2008 12:42:49 PM | Attr =	]
NTPRINT.CAT -> %SystemRoot%\System32\dllcache\NTPRINT.CAT ->  [Ver =  | Size = 1086058 bytes | Created Date = 8/24/2008 12:42:50 PM | Attr =	]
OEMBIOS.CAT -> %SystemRoot%\System32\dllcache\OEMBIOS.CAT ->  [Ver =  | Size = 7382 bytes | Created Date = 8/24/2008 12:42:51 PM | Attr =	]
pintlcsa.dll -> %SystemRoot%\System32\dllcache\pintlcsa.dll ->  [Ver =  | Size = 175104 bytes | Created Date = 8/24/2008 1:00:22 PM | Attr =	]
prc.nls -> %SystemRoot%\System32\dllcache\prc.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 8/24/2008 1:00:23 PM | Attr =	]
prcp.nls -> %SystemRoot%\System32\dllcache\prcp.nls ->  [Ver =  | Size = 83748 bytes | Created Date = 8/24/2008 1:00:23 PM | Attr =	]
rw330ext.dll -> %SystemRoot%\System32\dllcache\rw330ext.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 26624 bytes | Created Date = 8/24/2008 1:00:34 PM | Attr =	]
rwia001.dll -> %SystemRoot%\System32\dllcache\rwia001.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 8/24/2008 1:00:34 PM | Attr =	]
rwia330.dll -> %SystemRoot%\System32\dllcache\rwia330.dll -> Ricoh Co., Ltd. [Ver = 5, 0, 2419, 1 | Size = 79872 bytes | Created Date = 8/24/2008 1:00:34 PM | Attr =	]
SP2.CAT -> %SystemRoot%\System32\dllcache\SP2.CAT ->  [Ver =  | Size = 1042903 bytes | Created Date = 8/24/2008 12:42:50 PM | Attr =	]
spxcoins.dll -> %SystemRoot%\System32\dllcache\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 8/24/2008 12:43:02 PM | Attr =	]
tabletpc.cat -> %SystemRoot%\System32\dllcache\tabletpc.cat ->  [Ver =  | Size = 110116 bytes | Created Date = 8/24/2008 12:42:51 PM | Attr =	]
xjis.nls -> %SystemRoot%\System32\dllcache\xjis.nls ->  [Ver =  | Size = 28288 bytes | Created Date = 8/24/2008 1:01:23 PM | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Created Date = 8/18/2008 12:26:25 PM | Attr =	]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Created Date = 8/18/2008 12:26:24 PM | Attr =	]
CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak ->  [Folder | Created Date = 8/24/2008 8:51:45 PM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Created Date = 8/25/2008 9:35:09 AM | Attr =	]
logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Created Date = 8/24/2008 12:55:24 PM | Attr = RH ]
mrohijup.exe -> %SystemRoot%\System32\mrohijup.exe ->  [Ver =  | Size = 81920 bytes | Created Date = 8/18/2008 12:21:14 PM | Attr =	]
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 8/24/2008 12:55:14 PM | Attr = RH ]
nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 8/24/2008 12:55:14 PM | Attr = RH ]
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 8/24/2008 12:55:14 PM | Attr = RH ]
spxcoins.dll -> %SystemRoot%\System32\spxcoins.dll -> Perle Systems Ltd. [Ver = 1.0.0.0007 | Size = 24661 bytes | Created Date = 8/24/2008 12:43:02 PM | Attr =	]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 3016 bytes | Created Date = 8/25/2008 12:07:17 AM | Attr =	]
wtgdmdur.exe -> %SystemRoot%\System32\wtgdmdur.exe ->  [Ver =  | Size = 194560 bytes | Created Date = 8/19/2008 5:04:22 AM | Attr =	]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Created Date = 8/24/2008 12:55:14 PM | Attr = RH ]
ynevgtqr.exe -> %SystemRoot%\System32\ynevgtqr.exe ->  [Ver =  | Size = 86016 bytes | Created Date = 8/18/2008 5:04:20 PM | Attr =	]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 8/25/2008 12:20:39 AM | Attr =	]
9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Created Date = 8/24/2008 1:09:48 PM | Attr =	]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Created Date = 8/24/2008 12:55:14 PM | Attr = RH ]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job ->  [Ver =  | Size = 444 bytes | Created Date = 8/24/2008 6:48:14 PM | Attr =	]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job ->  [Ver =  | Size = 358 bytes | Created Date = 8/24/2008 6:48:13 PM | Attr =	]
[Files Created - Additional Folder Scans - Non-Microsoft Only]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 8/18/2008 12:26:22 PM | Attr =	]
NCH Swift Sound -> %AllUsersProfile%\Application Data\NCH Swift Sound ->  [Folder | Created Date = 8/8/2008 11:34:28 AM | Attr =	]
Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage ->  [Folder | Created Date = 8/24/2008 8:31:47 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 8/24/2008 11:00:24 PM | Attr =	]
ydmvmbcd -> %AllUsersProfile%\Application Data\ydmvmbcd ->  [Folder | Created Date = 8/18/2008 12:21:16 PM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 8/18/2008 12:27:12 PM | Attr =	]
NCH Swift Sound -> %AppData%\NCH Swift Sound ->  [Folder | Created Date = 8/8/2008 11:34:06 AM | Attr =	]
Windows Desktop Search -> %AppData%\Windows Desktop Search ->  [Folder | Created Date = 8/25/2008 9:36:37 AM | Attr =	]
Oberon Games -> %UserProfile%\Local Settings\Application Data\Oberon Games ->  [Folder | Created Date = 8/2/2008 2:10:13 PM | Attr =	]
Ciber -> %UserProfile%\My Documents\Ciber ->  [Folder | Created Date = 8/9/2008 10:18:32 AM | Attr =	]
3 C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\*.tmp files -> C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\*.tmp -> 
ColaLabels2.zdl -> %UserProfile%\My Documents\ColaLabels2.zdl ->  [Ver =  | Size = 62976 bytes | Created Date = 7/27/2008 1:37:20 PM | Attr =	]
Jim Piontek Trucking -> %UserProfile%\My Documents\Jim Piontek Trucking ->  [Folder | Created Date = 8/4/2008 9:42:47 AM | Attr =	]
Dream Day Wedding - Married in Manhattan.lnk -> %AllUsersProfile%\Desktop\Dream Day Wedding - Married in Manhattan.lnk ->  [Ver =  | Size = 2270 bytes | Created Date = 8/2/2008 1:04:34 PM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 743 bytes | Created Date = 8/18/2008 12:26:26 PM | Attr =	]
More Yahoo! Games.lnk -> %AllUsersProfile%\Desktop\More Yahoo! Games.lnk ->  [Ver =  | Size = 1798 bytes | Created Date = 8/2/2008 1:04:06 PM | Attr =	]
Switch Sound File Converter.lnk -> %AllUsersProfile%\Desktop\Switch Sound File Converter.lnk ->  [Ver =  | Size = 849 bytes | Created Date = 8/8/2008 11:34:08 AM | Attr =	]
CD Wave Editor.lnk -> %UserProfile%\Desktop\CD Wave Editor.lnk ->  [Ver =  | Size = 653 bytes | Created Date = 8/8/2008 11:03:33 AM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1448 bytes | Created Date = 8/24/2008 11:47:15 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Created Date = 8/25/2008 7:03:12 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Created Date = 8/25/2008 7:02:40 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe ->  [Ver =  | Size = 1417602 bytes | Created Date = 8/24/2008 11:54:46 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SDFix.exe:Zone.Identifier
SmitfraudFix.zip -> %UserProfile%\Desktop\SmitfraudFix.zip ->  [Ver =  | Size = 1396441 bytes | Created Date = 8/24/2008 11:49:30 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SmitfraudFix.zip:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 980 bytes | Created Date = 8/24/2008 11:00:31 PM | Attr =	]
XoftSpySE.lnk -> %UserProfile%\Desktop\XoftSpySE.lnk ->  [Ver =  | Size = 729 bytes | Created Date = 8/24/2008 6:48:12 PM | Attr =	]
Windows Search.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk ->  [Ver =  | Size = 1834 bytes | Created Date = 8/25/2008 9:35:39 AM | Attr =	]
CD Wave -> %ProgramFiles%\CD Wave ->  [Folder | Created Date = 8/8/2008 11:03:25 AM | Attr =	]
CD-DA X-Tractor -> %ProgramFiles%\CD-DA X-Tractor ->  [Folder | Created Date = 8/8/2008 11:32:11 AM | Attr =	]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 8/18/2008 12:26:22 PM | Attr =	]
NCH Software -> %ProgramFiles%\NCH Software ->  [Folder | Created Date = 8/8/2008 11:35:15 AM | Attr =	]
NCH Swift Sound -> %ProgramFiles%\NCH Swift Sound ->  [Folder | Created Date = 8/8/2008 11:34:06 AM | Attr =	]
Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy ->  [Folder | Created Date = 8/24/2008 11:00:24 PM | Attr =	]
Windows Desktop Search -> %ProgramFiles%\Windows Desktop Search ->  [Folder | Created Date = 8/25/2008 9:35:09 AM | Attr =	]
XoftSpySE -> %ProgramFiles%\XoftSpySE ->  [Folder | Created Date = 8/24/2008 6:48:11 PM | Attr =	]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini ->  [Ver =  | Size = 211 bytes | Modified Date = 8/24/2008 12:52:09 PM | Attr =  HS]
C#2005 -> %SystemDrive%\C#2005 ->  [Folder | Modified Date = 8/7/2008 2:34:16 PM | Attr =	]
c#testapp -> %SystemDrive%\c#testapp ->  [Folder | Modified Date = 8/7/2008 1:35:59 PM | Attr =	]
Downloads -> %SystemDrive%\Downloads ->  [Folder | Modified Date = 8/24/2008 10:59:35 PM | Attr =	]
hijackthis -> %SystemDrive%\hijackthis ->  [Folder | Modified Date = 8/24/2008 11:46:00 PM | Attr =	]
HijackThis2 -> %SystemDrive%\HijackThis2 ->  [Folder | Modified Date = 8/25/2008 6:49:54 AM | Attr =	]
IPaq -> %SystemDrive%\IPaq ->  [Folder | Modified Date = 8/10/2008 1:04:52 PM | Attr =	]
MoviesWebSite -> %SystemDrive%\MoviesWebSite ->  [Folder | Modified Date = 8/7/2008 9:17:06 AM | Attr =   S]
Program Files -> %ProgramFiles% ->  [Folder | Modified Date = 8/25/2008 9:35:09 AM | Attr = R  ]
SDFix -> %SystemDrive%\SDFix ->  [Folder | Modified Date = 8/25/2008 12:42:42 AM | Attr =	]
SmitfraudFix -> %SystemDrive%\SmitfraudFix ->  [Folder | Modified Date = 8/24/2008 6:59:20 PM | Attr =	]
smitfraudfix2 -> %SystemDrive%\smitfraudfix2 ->  [Folder | Modified Date = 8/25/2008 12:42:28 AM | Attr =	]
System Volume Information -> %SystemDrive%\System Volume Information ->  [Folder | Modified Date = 8/24/2008 1:12:54 PM | Attr =  HS]
updatereg.bat -> %SystemDrive%\updatereg.bat ->  [Ver =  | Size = 169 bytes | Modified Date = 8/24/2008 8:49:53 PM | Attr =	]
WINDOWS -> %SystemRoot% ->  [Folder | Modified Date = 8/25/2008 10:27:37 AM | Attr =	]
etc -> %SystemRoot%\System32\drivers\etc ->  [Folder | Modified Date = 8/25/2008 12:24:19 AM | Attr =	]
HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS ->  [Ver =  | Size = 686 bytes | Modified Date = 8/25/2008 12:24:19 AM | Attr =	]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> Malwarebytes Corporation [Ver = 1, 0, 0, 1 | Size = 17144 bytes | Modified Date = 8/17/2008 3:01:14 PM | Attr =	]
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> Malwarebytes Corporation [Ver = 1.00 | Size = 38472 bytes | Modified Date = 8/17/2008 3:01:18 PM | Attr =	]
$winnt$.inf -> %SystemRoot%\System32\$winnt$.inf ->  [Ver =  | Size = 342 bytes | Modified Date = 8/24/2008 1:05:48 PM | Attr =	]
1033 -> %SystemRoot%\System32\1033 ->  [Folder | Modified Date = 8/24/2008 7:28:19 AM | Attr =	]
1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
amcompat.tlb -> %SystemRoot%\System32\amcompat.tlb ->  [Ver =  | Size = 16832 bytes | Modified Date = 8/25/2008 9:32:41 AM | Attr =	]
CatRoot -> %SystemRoot%\System32\CatRoot ->  [Folder | Modified Date = 8/25/2008 10:42:33 AM | Attr =	]
CatRoot2 -> %SystemRoot%\System32\CatRoot2 ->  [Folder | Modified Date = 8/25/2008 11:20:32 AM | Attr =	]
CatRoot_bak -> %SystemRoot%\System32\CatRoot_bak ->  [Folder | Modified Date = 8/25/2008 10:51:16 AM | Attr =	]
cdplayer.exe.manifest -> %SystemRoot%\System32\cdplayer.exe.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 8/24/2008 12:55:14 PM | Attr = RH ]
Com -> %SystemRoot%\System32\Com ->  [Folder | Modified Date = 8/25/2008 9:04:39 AM | Attr =	]
config -> %SystemRoot%\System32\config ->  [Folder | Modified Date = 8/24/2008 1:09:08 PM | Attr =	]
dllcache -> %SystemRoot%\System32\dllcache ->  [Folder | Modified Date = 8/25/2008 10:26:16 AM | Attr = RHS]
drivers -> %SystemRoot%\System32\drivers ->  [Folder | Modified Date = 8/25/2008 9:30:13 AM | Attr =	]
emptyregdb.dat -> %SystemRoot%\System32\emptyregdb.dat ->  [Ver =  | Size = 24944 bytes | Modified Date = 8/24/2008 12:53:43 PM | Attr =	]
en-US -> %SystemRoot%\System32\en-US ->  [Folder | Modified Date = 8/25/2008 9:35:18 AM | Attr =	]
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 622816 bytes | Modified Date = 8/25/2008 10:26:19 AM | Attr =	]
GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Modified Date = 8/25/2008 9:35:09 AM | Attr =	]
ias -> %SystemRoot%\System32\ias ->  [Folder | Modified Date = 8/24/2008 12:56:08 PM | Attr =	]
icsxml -> %SystemRoot%\System32\icsxml ->  [Folder | Modified Date = 8/24/2008 7:29:13 AM | Attr =	]
logonui.exe.manifest -> %SystemRoot%\System32\logonui.exe.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 8/24/2008 12:55:24 PM | Attr = RH ]
mrohijup.exe -> %SystemRoot%\System32\mrohijup.exe ->  [Ver =  | Size = 81920 bytes | Modified Date = 8/18/2008 12:21:15 PM | Attr =	]
ncpa.cpl.manifest -> %SystemRoot%\System32\ncpa.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 8/24/2008 12:55:14 PM | Attr = RH ]
npp -> %SystemRoot%\System32\npp ->  [Folder | Modified Date = 8/24/2008 7:33:57 AM | Attr =	]
nscompat.tlb -> %SystemRoot%\System32\nscompat.tlb ->  [Ver =  | Size = 23392 bytes | Modified Date = 8/25/2008 9:32:41 AM | Attr =	]
nwc.cpl.manifest -> %SystemRoot%\System32\nwc.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 8/24/2008 12:55:14 PM | Attr = RH ]
oobe -> %SystemRoot%\System32\oobe ->  [Folder | Modified Date = 8/24/2008 12:54:53 PM | Attr =	]
perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 108606 bytes | Modified Date = 8/25/2008 11:19:20 AM | Attr =	]
perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 548904 bytes | Modified Date = 8/25/2008 11:19:20 AM | Attr =	]
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 671336 bytes | Modified Date = 8/25/2008 11:19:19 AM | Attr =	]
Restore -> %SystemRoot%\System32\Restore ->  [Folder | Modified Date = 8/24/2008 1:12:54 PM | Attr =	]
sapi.cpl.manifest -> %SystemRoot%\System32\sapi.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 8/24/2008 12:55:14 PM | Attr = RH ]
Setup -> %SystemRoot%\System32\Setup ->  [Folder | Modified Date = 8/24/2008 7:34:57 AM | Attr =	]
tmp.reg -> %SystemRoot%\System32\tmp.reg ->  [Ver =  | Size = 3016 bytes | Modified Date = 8/25/2008 12:09:20 AM | Attr =	]
usmt -> %SystemRoot%\System32\usmt ->  [Folder | Modified Date = 8/25/2008 10:26:12 AM | Attr =	]
wbem -> %SystemRoot%\System32\wbem ->  [Folder | Modified Date = 8/25/2008 9:37:02 AM | Attr =	]
WindowsLogon.manifest -> %SystemRoot%\System32\WindowsLogon.manifest ->  [Ver =  | Size = 488 bytes | Modified Date = 8/24/2008 12:55:24 PM | Attr = RH ]
wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 13646 bytes | Modified Date = 8/25/2008 11:15:44 AM | Attr =	]
wtgdmdur.exe -> %SystemRoot%\System32\wtgdmdur.exe ->  [Ver =  | Size = 194560 bytes | Modified Date = 8/19/2008 5:04:22 AM | Attr =	]
wuaucpl.cpl.manifest -> %SystemRoot%\System32\wuaucpl.cpl.manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 8/24/2008 12:55:14 PM | Attr = RH ]
ynevgtqr.exe -> %SystemRoot%\System32\ynevgtqr.exe ->  [Ver =  | Size = 86016 bytes | Modified Date = 8/18/2008 5:04:20 PM | Attr =	]
$hf_mig$ -> %SystemRoot%\$hf_mig$ ->  [Folder | Modified Date = 8/25/2008 9:39:37 AM | Attr =  H ]
9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
$MSI31Uninstall_KB893803v2$ -> %SystemRoot%\$MSI31Uninstall_KB893803v2$ ->  [Folder | Modified Date = 8/25/2008 8:19:31 AM | Attr =  H ]
AppPatch -> %SystemRoot%\AppPatch ->  [Folder | Modified Date = 8/25/2008 10:26:15 AM | Attr =	]
bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 8/25/2008 11:15:02 AM | Attr =   S]
Debug -> %SystemRoot%\Debug ->  [Folder | Modified Date = 8/24/2008 8:51:44 PM | Attr =	]
dellstat.ini -> %SystemRoot%\dellstat.ini ->  [Ver =  | Size = 257 bytes | Modified Date = 8/25/2008 6:37:57 AM | Attr =	]
Driver Cache -> %SystemRoot%\Driver Cache ->  [Folder | Modified Date = 8/24/2008 7:27:08 AM | Attr =	]
ehome -> %SystemRoot%\ehome ->  [Folder | Modified Date = 8/24/2008 7:34:30 AM | Attr =	]
ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Modified Date = 8/25/2008 12:20:42 AM | Attr =	]
Fonts -> %SystemRoot%\Fonts ->  [Folder | Modified Date = 8/24/2008 7:34:28 AM | Attr = R S]
Help -> %SystemRoot%\Help ->  [Folder | Modified Date = 8/25/2008 9:40:54 AM | Attr =	]
ie7 -> %SystemRoot%\ie7 ->  [Folder | Modified Date = 8/24/2008 7:49:29 PM | Attr =  H ]
ie7updates -> %SystemRoot%\ie7updates ->  [Folder | Modified Date = 8/14/2008 3:09:21 AM | Attr =	]
iis6.BAK -> %SystemRoot%\iis6.BAK ->  [Ver =  | Size = 2000884 bytes | Modified Date = 8/25/2008 9:03:12 AM | Attr =	]
ime -> %SystemRoot%\ime ->  [Folder | Modified Date = 8/24/2008 7:34:30 AM | Attr =	]
imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 8/25/2008 9:38:12 AM | Attr =	]
inf -> %SystemRoot%\inf ->  [Folder | Modified Date = 8/25/2008 10:40:49 AM | Attr =  H ]
Installer -> %SystemRoot%\Installer ->  [Folder | Modified Date = 8/19/2008 3:01:39 AM | Attr =  HS]
Media -> %SystemRoot%\Media ->  [Folder | Modified Date = 8/24/2008 7:34:28 AM | Attr =	]
msagent -> %SystemRoot%\msagent ->  [Folder | Modified Date = 8/25/2008 10:26:15 AM | Attr =	]
mui -> %SystemRoot%\mui ->  [Folder | Modified Date = 8/24/2008 7:34:31 AM | Attr =	]
ODBCINST.INI -> %SystemRoot%\ODBCINST.INI ->  [Ver =  | Size = 4648 bytes | Modified Date = 8/24/2008 12:56:40 PM | Attr =	]
pcw110.ini -> %SystemRoot%\pcw110.ini ->  [Ver =  | Size = 2961 bytes | Modified Date = 8/14/2008 6:55:26 AM | Attr =	]
PeerNet -> %SystemRoot%\PeerNet ->  [Folder | Modified Date = 8/24/2008 7:34:14 AM | Attr =	]
Prefetch -> %SystemRoot%\Prefetch ->  [Folder | Modified Date = 8/25/2008 8:49:45 AM | Attr =	]
Registration -> %SystemRoot%\Registration ->  [Folder | Modified Date = 8/24/2008 1:11:35 PM | Attr =	]
security -> %SystemRoot%\security ->  [Folder | Modified Date = 8/25/2008 10:25:25 AM | Attr =	]
setupapi.old -> %SystemRoot%\setupapi.old ->  [Ver =  | Size = 783635 bytes | Modified Date = 8/21/2008 12:40:10 AM | Attr =	]
SoftwareDistribution -> %SystemRoot%\SoftwareDistribution ->  [Folder | Modified Date = 8/24/2008 8:50:44 PM | Attr =	]
system -> %SystemRoot%\system ->  [Folder | Modified Date = 8/24/2008 7:34:58 AM | Attr =	]
system.ini -> %SystemRoot%\system.ini ->  [Ver =  | Size = 227 bytes | Modified Date = 8/24/2008 12:43:09 PM | Attr =	]
system32 -> %SystemRoot%\system32 ->  [Folder | Modified Date = 8/25/2008 11:19:20 AM | Attr =	]
Tasks -> %SystemRoot%\Tasks ->  [Folder | Modified Date = 8/24/2008 6:48:14 PM | Attr =   S]
Temp -> %SystemRoot%\Temp ->  [Folder | Modified Date = 8/25/2008 11:20:37 AM | Attr =	]
twain_32 -> %SystemRoot%\twain_32 ->  [Folder | Modified Date = 8/24/2008 7:30:22 AM | Attr =	]
vbaddin.ini -> %SystemRoot%\vbaddin.ini ->  [Ver =  | Size = 121 bytes | Modified Date = 8/4/2008 10:44:23 AM | Attr =	]
Web -> %SystemRoot%\Web ->  [Folder | Modified Date = 8/24/2008 12:55:27 PM | Attr = R  ]
win.ini -> %SystemRoot%\win.ini ->  [Ver =  | Size = 1023 bytes | Modified Date = 8/24/2008 12:54:59 PM | Attr =	]
WindowsShell.Manifest -> %SystemRoot%\WindowsShell.Manifest ->  [Ver =  | Size = 749 bytes | Modified Date = 8/24/2008 12:55:14 PM | Attr = RH ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx ->  [Ver =  | Size = 316640 bytes | Modified Date = 8/24/2008 12:56:56 PM | Attr =	]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job ->  [Ver =  | Size = 434 bytes | Modified Date = 8/25/2008 11:15:40 AM | Attr =	]
RegCure.job -> %SystemRoot%\tasks\RegCure.job ->  [Ver =  | Size = 368 bytes | Modified Date = 8/14/2008 3:00:00 AM | Attr =	]
SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 8/25/2008 11:15:05 AM | Attr =  H ]
XoftSpySE 2.job -> %SystemRoot%\tasks\XoftSpySE 2.job ->  [Ver =  | Size = 444 bytes | Modified Date = 8/25/2008 11:15:40 AM | Attr =	]
XoftSpySE.job -> %SystemRoot%\tasks\XoftSpySE.job ->  [Ver =  | Size = 358 bytes | Modified Date = 8/24/2008 6:48:14 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ->  [Folder | Modified Date = 4/3/2006 10:03:52 PM | Attr =	]
hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 304718 bytes | Modified Date = 4/3/2006 10:03:52 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\MSDAIPP\OFFLINE\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\MSDAIPP\OFFLINE ->  [Folder | Modified Date = 5/16/2007 9:15:24 AM | Attr =	]
HashFile.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\MSDAIPP\OFFLINE\HashFile.dat ->  [Ver =  | Size = 102412 bytes | Modified Date = 5/16/2007 9:15:24 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 4/21/2006 12:28:55 PM | Attr =	]
qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 12866 bytes | Modified Date = 8/25/2008 11:16:43 AM | Attr =	]
qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 12866 bytes | Modified Date = 8/25/2008 11:16:44 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 1/15/2008 9:29:28 AM | Attr =	]
data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\data.dat ->  [Ver =  | Size = 3804 bytes | Modified Date = 1/15/2008 9:29:56 AM | Attr =	]
opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11744 bytes | Modified Date = 1/18/2007 6:31:39 PM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc ->  [Folder | Modified Date = 8/25/2008 11:15:15 AM | Attr =	]
Perflib_Perfdata_700.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_700.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 8/25/2008 11:15:15 AM | Attr =	]
C:\Documents and Settings\All Users\Application Data\Microsoft\VisualStudio\8.0\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\VisualStudio\8.0 ->  [Folder | Modified Date = 4/3/2006 10:31:51 PM | Attr =	]
vs000223.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\VisualStudio\8.0\vs000223.dat ->  [Ver =  | Size = 677178 bytes | Modified Date = 1/15/2008 12:48:09 PM | Attr =  H ]
C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\ -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp ->  [Folder | Modified Date = 8/25/2008 11:16:52 AM | Attr =	]
rtdrvmon.exe -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 8/25/2008 6:45:17 AM | Attr =	]
9 C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\ -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp ->  [Folder | Modified Date = 8/25/2008 11:16:52 AM | Attr =	]
ExchangePerflog_8484fa311d0ec60abf214ef8.dat -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\ExchangePerflog_8484fa311d0ec60abf214ef8.dat ->  [Ver =  | Size = 43162 bytes | Modified Date = 8/25/2008 10:49:12 AM | Attr =	]
9 C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Cookies\ -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Cookies ->  [Folder | Modified Date = 4/8/2008 2:00:52 PM | Attr =  HS]
index.dat -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Cookies\index.dat ->  [Ver =  | Size = 16384 bytes | Modified Date = 4/8/2008 2:00:47 PM | Attr =  HS]
C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\History\History.IE5\ -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\History\History.IE5\ ->  [Folder | Modified Date = 8/25/2008 12:28:23 AM | Attr =  HS]
index.dat -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\History\History.IE5\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 4/8/2008 2:00:53 PM | Attr =  HS]
C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 4/8/2008 2:00:52 PM | Attr =  HS]
index.dat -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat ->  [Ver =  | Size = 32768 bytes | Modified Date = 4/8/2008 2:00:47 PM | Attr =  HS]
C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\ -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp ->  [Folder | Modified Date = 8/25/2008 11:16:52 AM | Attr =	]
ErrorDB.ini -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\ErrorDB.ini ->  [Ver =  | Size = 0 bytes | Modified Date = 8/25/2008 6:20:26 AM | Attr =	]
9 C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\*.tmp -> 
C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\ ->  [Folder | Modified Date = 4/8/2008 2:00:52 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 4/8/2008 2:00:51 PM | Attr =  HS]
C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\AQFRO1HB\ -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\AQFRO1HB ->  [Folder | Modified Date = 4/8/2008 2:00:52 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\AQFRO1HB\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 4/8/2008 2:00:52 PM | Attr =  HS]
C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\ECE6DJ78\ -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\ECE6DJ78 ->  [Folder | Modified Date = 4/8/2008 2:00:52 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\ECE6DJ78\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 4/8/2008 2:00:52 PM | Attr =  HS]
C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\LADTN9OQ\ -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\LADTN9OQ ->  [Folder | Modified Date = 4/8/2008 2:00:52 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\LADTN9OQ\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 4/8/2008 2:00:52 PM | Attr =  HS]
C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\RCK01BSP\ -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\RCK01BSP ->  [Folder | Modified Date = 4/8/2008 2:00:52 PM | Attr =  HS]
desktop.ini -> C:\Documents and Settings\krs.KSCOMPUTINGINC\Local Settings\Temp\Temporary Internet Files\Content.IE5\RCK01BSP\desktop.ini ->  [Ver =  | Size = 67 bytes | Modified Date = 4/8/2008 2:00:52 PM | Attr =  HS]
C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp ->  [Folder | Modified Date = 8/25/2008 11:20:37 AM | Attr =	]
rtdrvmon.exe -> C:\WINDOWS\Temp\rtdrvmon.exe -> Realtek [Ver = 1, 0, 0, 3 | Size = 40960 bytes | Modified Date = 8/25/2008 11:15:10 AM | Attr =	]
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
desktop.ini -> %AllUsersProfile%\Application Data\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 8/24/2008 12:42:53 PM | Attr =  HS]
Flood Light Games -> %AllUsersProfile%\Application Data\Flood Light Games ->  [Folder | Modified Date = 7/30/2008 6:53:18 PM | Attr =	]
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Modified Date = 8/18/2008 12:26:22 PM | Attr =	]
Microsoft -> %AllUsersProfile%\Application Data\Microsoft ->  [Folder | Modified Date = 8/25/2008 9:35:48 AM | Attr =   S]
NCH Swift Sound -> %AllUsersProfile%\Application Data\NCH Swift Sound ->  [Folder | Modified Date = 8/8/2008 11:34:28 AM | Attr =	]
Office Genuine Advantage -> %AllUsersProfile%\Application Data\Office Genuine Advantage ->  [Folder | Modified Date = 8/24/2008 8:31:47 PM | Attr =	]
Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 8/25/2008 12:44:21 AM | Attr =	]
ydmvmbcd -> %AllUsersProfile%\Application Data\ydmvmbcd ->  [Folder | Modified Date = 8/24/2008 1:44:21 PM | Attr =	]
Flood Light Games -> %AppData%\Flood Light Games ->  [Folder | Modified Date = 7/30/2008 6:53:17 PM | Attr =	]
Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Modified Date = 8/18/2008 12:27:12 PM | Attr =	]
NCH Swift Sound -> %AppData%\NCH Swift Sound ->  [Folder | Modified Date = 8/8/2008 11:34:06 AM | Attr =	]
Windows Desktop Search -> %AppData%\Windows Desktop Search ->  [Folder | Modified Date = 8/25/2008 9:36:37 AM | Attr =	]
IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 1040656 bytes | Modified Date = 8/24/2008 6:11:25 PM | Attr =  H ]
Oberon Games -> %UserProfile%\Local Settings\Application Data\Oberon Games ->  [Folder | Modified Date = 8/2/2008 2:10:13 PM | Attr =	]
desktop.ini -> %AllUsersProfile%\Documents\desktop.ini ->  [Ver =  | Size = 62 bytes | Modified Date = 8/24/2008 12:42:53 PM | Attr =  HS]
bcecu -> %UserProfile%\My Documents\bcecu ->  [Folder | Modified Date = 8/7/2008 4:38:30 PM | Attr =	]
3 C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\*.tmp files -> C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\*.tmp -> 
Ciber -> %UserProfile%\My Documents\Ciber ->  [Folder | Modified Date = 8/9/2008 10:22:15 AM | Attr =	]
Cloudmark Logs -> %UserProfile%\My Documents\Cloudmark Logs ->  [Folder | Modified Date = 8/24/2008 1:20:03 PM | Attr =	]
ColaLabels2.zdl -> %UserProfile%\My Documents\ColaLabels2.zdl ->  [Ver =  | Size = 62976 bytes | Modified Date = 7/27/2008 1:40:16 PM | Attr =	]
Default.rdp -> %UserProfile%\My Documents\Default.rdp ->  [Ver =  | Size = 1754 bytes | Modified Date = 8/14/2008 11:56:52 AM | Attr =  H ]
DePereLaw -> %UserProfile%\My Documents\DePereLaw ->  [Folder | Modified Date = 8/14/2008 6:16:14 AM | Attr =	]
DesignPro -> %UserProfile%\My Documents\DesignPro ->  [Folder | Modified Date = 7/27/2008 1:46:09 PM | Attr =	]
desktop.ini -> %UserProfile%\My Documents\desktop.ini ->  [Ver =  | Size = 74 bytes | Modified Date = 8/24/2008 8:08:17 PM | Attr =  HS]
Jim Piontek Trucking -> %UserProfile%\My Documents\Jim Piontek Trucking ->  [Folder | Modified Date = 8/4/2008 9:42:52 AM | Attr =	]
korina -> %UserProfile%\My Documents\korina ->  [Folder | Modified Date = 8/19/2008 2:42:57 PM | Attr =	]
My Music -> %UserProfile%\My Documents\My Music ->  [Folder | Modified Date = 8/24/2008 8:08:18 PM | Attr = R  ]
My Pictures -> %UserProfile%\My Documents\My Pictures ->  [Folder | Modified Date = 8/25/2008 6:49:09 AM | Attr = R  ]
Omni Resources -> %UserProfile%\My Documents\Omni Resources ->  [Folder | Modified Date = 8/25/2008 9:34:44 AM | Attr =	]
Panda -> %UserProfile%\My Documents\Panda ->  [Folder | Modified Date = 7/30/2008 1:49:35 PM | Attr =	]
Pocket_PC My Documents -> %UserProfile%\My Documents\Pocket_PC My Documents ->  [Folder | Modified Date = 8/8/2008 11:36:21 AM | Attr =	]
valley endo -> %UserProfile%\My Documents\valley endo ->  [Folder | Modified Date = 8/4/2008 9:42:52 AM | Attr =	]
Visual Studio 2005 -> %UserProfile%\My Documents\Visual Studio 2005 ->  [Folder | Modified Date = 8/7/2008 11:31:00 AM | Attr =	]
Dream Day Wedding - Married in Manhattan.lnk -> %AllUsersProfile%\Desktop\Dream Day Wedding - Married in Manhattan.lnk ->  [Ver =  | Size = 2270 bytes | Modified Date = 8/2/2008 1:04:34 PM | Attr =	]
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk ->  [Ver =  | Size = 743 bytes | Modified Date = 8/18/2008 12:26:26 PM | Attr =	]
More Yahoo! Games.lnk -> %AllUsersProfile%\Desktop\More Yahoo! Games.lnk ->  [Ver =  | Size = 1798 bytes | Modified Date = 8/2/2008 1:04:06 PM | Attr =	]
Switch Sound File Converter.lnk -> %AllUsersProfile%\Desktop\Switch Sound File Converter.lnk ->  [Ver =  | Size = 849 bytes | Modified Date = 8/8/2008 11:34:09 AM | Attr =	]
CD Wave Editor.lnk -> %UserProfile%\Desktop\CD Wave Editor.lnk ->  [Ver =  | Size = 653 bytes | Modified Date = 8/8/2008 11:03:33 AM | Attr =	]
HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk ->  [Ver =  | Size = 1448 bytes | Modified Date = 8/24/2008 11:47:15 PM | Attr =	]
OTScanIt -> %UserProfile%\Desktop\OTScanIt ->  [Folder | Modified Date = 8/25/2008 7:12:00 AM | Attr =	]
OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 568477 bytes | Modified Date = 8/25/2008 7:02:58 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier
SDFix.exe -> %UserProfile%\Desktop\SDFix.exe ->  [Ver =  | Size = 1417602 bytes | Modified Date = 8/24/2008 11:54:49 PM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SDFix.exe:Zone.Identifier
SmitfraudFix.zip -> %UserProfile%\Desktop\SmitfraudFix.zip ->  [Ver =  | Size = 1396441 bytes | Modified Date = 8/25/2008 1:18:54 AM | Attr =	]
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\SmitfraudFix.zip:Zone.Identifier
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk ->  [Ver =  | Size = 980 bytes | Modified Date = 8/24/2008 11:00:31 PM | Attr =	]
XoftSpySE.lnk -> %UserProfile%\Desktop\XoftSpySE.lnk ->  [Ver =  | Size = 729 bytes | Modified Date = 8/24/2008 6:48:12 PM | Attr =	]
desktop.ini -> %AllUsersProfile%\Start Menu\Programs\Startup\desktop.ini ->  [Ver =  | Size = 84 bytes | Modified Date = 8/24/2008 12:57:02 PM | Attr =  HS]
Windows Search.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Windows Search.lnk ->  [Ver =  | Size = 1834 bytes | Modified Date = 8/25/2008 9:35:39 AM | Attr =	]
System -> %CommonProgramFiles%\System ->  [Folder | Modified Date = 8/25/2008 9:22:07 AM | Attr =	]

[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000001d
"TracesSuccessful"=dword:00000018
scanning hidden files ...
C:\WINDOWS\SoftwareDistribution\Download\0d3b5d19cc06db007bbe6584808bfa9e\isatq.dll 68608 bytes executable
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\A Comprehensive List of Dentistry and Dental Health Chat Rooms on IRC and The Internet.url:favicon 894 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\AltaVista - Babel Fish Translation.url:favicon 318 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\Anti-Spam\about.com http--www.cloudmark.com-desktop-.url:favicon 318 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\Daylight Saving Time Help and Support Center.url:favicon 3638 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\FireFold - Cat5e .url:favicon 790 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\Gift Deed (USA) Form - LawDepot.url:favicon 766 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\HIPPA E-Mail\Hippa compliant Email Encryption for Microsoft Outlook.url:favicon 3638 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\Honeywell Appliances - Genuine -Enviracaire HEPA Filter - 21500.url:favicon 318 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\ipaq keyboard.url:favicon 3638 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\John Deere - Parts Catalog.url:favicon 318 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\Mail Merge\Outlook Mail Merge using Word Merge and Outlook Contacts.url:favicon 3638 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\Microsoft Dynamics CRM Library.url:favicon 2550 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\Microsoft Exchange Server 2003.url:favicon 2550 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\Network Monitoring Software, Network Management, Server Monitoring, Router Monitoring Tool - ManageEngine OpManager.url:favicon 4662 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\Service Manual free download,schematics,datasheets,eeprom bins,pcb,repair info for test equipment and electronics.url:favicon 318 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\Speakeasy - Speed Test.url:favicon 318 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\SWI Forums  VBS.Malware-gen.url:favicon 2238 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\Favorites\uline Search Results.url:favicon 1150 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\209862 - ACC2000 How to Relink Back-End Tables with the Common Dialog Control_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\IPRF\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\Keith Brunette\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\Layout_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\Transfer data into Pocket Access on your Pocket PC_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\scottmug\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\bcecu\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\cde web site\Brochure\Presentation2_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\cde web site\Brochure\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\cde web site\Letterhead2_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\cde web site\Letterhead_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\cde web site\Mailer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\cde web site\PowerPoint\Presentation1_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\cde web site\PowerPoint\Presentation2_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\cde web site\PowerPoint\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\cde web site\presentation2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\cde web site\temp\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\cde web site\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\DesignPro\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\How To Compact Microsoft Access Database Through ADO_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\How To Determine When Your Application Gains or Loses Focus_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\How To Hook Into a Window's Messages Using AddressOf_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\How To Set Which Printer Is the System Default Printer_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Music\Triumph\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Birnamwood 2005\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Karmen's Butterfly\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\KoleCommunion\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Radioactive\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\roadkill\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Scott\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\slide1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Sturgis 2007\Edited\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Sturgis 2007\Karl\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Sturgis 2007\Robin\2007_08_10\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Sturgis 2007\Robin\2007_08_11\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Sturgis 2007\Robin\2007_08_12\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Thanksgiving 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Halloween 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Halloween 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Harmony House Halloween\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\clipart\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Fishing 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\Halloween 2005\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\My Pictures\PickledEggs\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\valley endo\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\TaskScans\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\TK Mailer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs.KSCOMPUTINGINC\My Documents\Welcome to Schick Technologies Inc_ Creating The Image_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\Favorites\A Comprehensive List of Dentistry and Dental Health Chat Rooms on IRC and The Internet.url:favicon 894 bytes
C:\Documents and Settings\krs2\Favorites\AltaVista - Babel Fish Translation.url:favicon 318 bytes
C:\Documents and Settings\krs2\Favorites\Anti-Spam\about.com http--www.cloudmark.com-desktop-.url:favicon 318 bytes
C:\Documents and Settings\krs2\Favorites\Daylight Saving Time Help and Support Center.url:favicon 3638 bytes
C:\Documents and Settings\krs2\Favorites\Gift Deed (USA) Form - LawDepot.url:favicon 766 bytes
C:\Documents and Settings\krs2\Favorites\Network Monitoring Software, Network Management, Server Monitoring, Router Monitoring Tool - ManageEngine OpManager.url:favicon 4662 bytes
C:\Documents and Settings\krs2\Favorites\HIPPA E-Mail\Hippa compliant Email Encryption for Microsoft Outlook.url:favicon 3638 bytes
C:\Documents and Settings\krs2\Favorites\Honeywell Appliances - Genuine -Enviracaire HEPA Filter - 21500.url:favicon 318 bytes
C:\Documents and Settings\krs2\Favorites\ipaq keyboard.url:favicon 3638 bytes
C:\Documents and Settings\krs2\Favorites\Mail Merge\Outlook Mail Merge using Word Merge and Outlook Contacts.url:favicon 3638 bytes
C:\Documents and Settings\krs2\Favorites\Microsoft Dynamics CRM Library.url:favicon 2550 bytes
C:\Documents and Settings\krs2\Favorites\Speakeasy - Speed Test.url:favicon 318 bytes
C:\Documents and Settings\krs2\Favorites\uline Search Results.url:favicon 1150 bytes
C:\Documents and Settings\krs2\My Documents\209862 - ACC2000 How to Relink Back-End Tables with the Common Dialog Control_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\bcecu\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\cde web site\Brochure\Presentation2_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\cde web site\Brochure\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\cde web site\PowerPoint\Presentation1_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\cde web site\PowerPoint\Presentation2_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\cde web site\PowerPoint\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\cde web site\presentation2\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\cde web site\temp\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\cde web site\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\cde web site\Letterhead2_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\cde web site\Letterhead_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\cde web site\Mailer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\DesignPro\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\How To Compact Microsoft Access Database Through ADO_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\How To Determine When Your Application Gains or Loses Focus_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\How To Hook Into a Window's Messages Using AddressOf_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\How To Set Which Printer Is the System Default Printer_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Music\Triumph\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Birnamwood 2005\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Radioactive\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Scott\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\slide1\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Sturgis 2007\Edited\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Sturgis 2007\Karl\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Sturgis 2007\Robin\2007_08_10\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Sturgis 2007\Robin\2007_08_11\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Sturgis 2007\Robin\2007_08_12\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Thanksgiving 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Harmony House Halloween\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Karmen's Butterfly\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\KoleCommunion\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Fishing 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Halloween 2005\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Halloween 2006\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\My Pictures\Halloween 2007\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\scottmug\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\TaskScans\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\TK Mailer\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\Welcome to Schick Technologies Inc_ Creating The Image_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\IPRF\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\Keith Brunette\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\Layout_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\Transfer data into Pocket Access on your Pocket PC_files\Thumbs.db:encryptable 0 bytes
C:\Documents and Settings\krs2\My Documents\valley endo\Thumbs.db:encryptable 0 bytes
scan completed successfully
hidden files: 189

< End of report >


#3 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:41 PM

Posted 10 September 2008 - 08:40 AM

Hello and welcome to BC

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. We aim to provide the valuable service known to come from BC to every member we can, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

Please see here for instructions
how to install HijackThis and make a logfile. Save it into convenient location and include it to your next reply, please.

Next
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Please post back with HijackThis log and Kaspersky report.

Regards
Microsoft MVP Consumer Security
Posted Image

Posted Image

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:41 PM

Posted 16 September 2008 - 12:29 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users