Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan: Crypt.xpack.gen


  • This topic is locked This topic is locked
23 replies to this topic

#1 solitude87

solitude87

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 28 September 2008 - 04:13 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:44 PM, on 9/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec AntiVirus\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Documents and Settings\SaRaNgHaE1027\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Symantec AntiVirus\SmcGui.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Maxthon2\Maxthon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://resnet.stonybrook.edu/wpad.dat
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SaRaNgHaE1027\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.gmail.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175/7d/ru...cat-no-eula.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154115210218
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxoramun...mjolauncher.cab
O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://register.resnet.stonybrook.edu/CAT/CNICAT.cab
O16 - DPF: {C9386579-3C0F-4713-82C6-5BA8088C7C8D} (Windows Live SkyDrive Upload Tool) - https://secure.shared.live.com/Pa6vGqB728Ax....RichUpload.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe (file missing)
O23 - Service: Roxio Upnp Server 9 - Unknown owner - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe (file missing)
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\SNAC.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 14359 bytes

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:47 AM

Posted 08 October 2008 - 10:09 AM

Hello solitude87

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 solitude87

solitude87
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 08 October 2008 - 10:42 AM

Hi kahdah,

I couldn't run the program successfully, it stopped with a pop-up error: AutoIt Error, Line -1: Error: Subscript used with non-Array variable.

My Avira just quarantined a HTML/Crypted.Gen.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:47 AM

Posted 08 October 2008 - 10:53 AM

Before running a new scan let's clean out the temporary folders.

Download ATF Cleaner to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Close ALL Internet browsers (very important).
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
===========================================
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanIt folder and double-click on OTScanIt.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • In the Drivers section click on Non-Microsoft.
  • Under Additional Scans click the checkboxes in front of the following items to select them:
    • Reg - BotCheck
      File - Additional Folder Scans
      FIle - Lop check
      File - Purity Scan
      Under Basic scans:
      Rootkit Search -Yes
      Drivers -Non Microsoft
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it [].

If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 solitude87

solitude87
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 08 October 2008 - 11:58 AM

OTScanIt logfile created on: 10/8/2008 12:49:30 PM

OTScanIt by OldTimer - Version 1.0.19.0	 Folder = C:\Documents and Settings\SaRaNgHaE1027\Desktop\OTS\OTScanIt

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1022.42 Mb Total Physical Memory | 461.07 Mb Available Physical Memory | 45.10% Memory free

2.40 Gb Paging File | 1.87 Gb Available in Paging File | 77.92% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072;

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 93.15 Gb Total Space | 9.23 Gb Free Space | 9.90% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded



Computer Name: YEE

Current User Name: SaRaNgHaE1027

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Whitelist: On



[Processes - Non-Microsoft Only]

pctsauxs.exe -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 6, 0, 0, 3 | Size = 356920 bytes | Modified Date = 6/13/2008 3:29:14 PM | Attr =	]

sp_rsser.exe -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 2.3.0.328 | Size = 570880 bytes | Modified Date = 9/27/2008 10:16:41 PM | Attr =	]

lvcomsx.exe -> %SystemRoot%\system32\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 5:32:18 PM | Attr =	]

logitray.exe -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 3:14:44 PM | Attr =	]

stylexp.exe -> %ProgramFiles%\TGTSoft\StyleXP\StyleXP.exe ->  [Ver = 0, 30, 19, 0 | Size = 1372160 bytes | Modified Date = 5/24/2006 2:31:39 PM | Attr =	]

fxsvr2.exe -> %ProgramFiles%\Logitech\Video\FxSvr2.exe -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 192512 bytes | Modified Date = 6/8/2005 2:44:56 PM | Attr =	]

maxthon.exe -> %ProgramFiles%\Maxthon2\Maxthon.exe -> Maxthon International ltd. [Ver = 2, 1, 4, 443 | Size = 3454208 bytes | Modified Date = 9/2/2008 1:31:54 AM | Attr =	]



[Win32 Services - Non-Microsoft Only]

(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> File not found

(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\PACSPTISVR.exe ->  [Ver = 4.7.00.12140 | Size = 57344 bytes | Modified Date = 12/14/2006 2:46:16 AM | Attr =	]

(RichVideo) Cyberlink RichVideo Service(CRVS) [Win32_Own | Auto | Stopped] -> %ProgramFiles%\CyberLink\Shared files\RichVideo.exe -> File not found

(Roxio UPnP Renderer 9) Roxio UPnP Renderer 9 [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sonic Shared\RoxioUPnPRenderer9.exe -> File not found

(Roxio Upnp Server 9) Roxio Upnp Server 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Sonic Shared\RoxioUpnpService9.exe -> File not found

(RoxLiveShare9) LiveShare P2P Server 9 [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -> File not found

(sdAuxService) PC Tools Auxiliary Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Doctor\pctsAuxs.exe -> PC Tools [Ver = 6, 0, 0, 3 | Size = 356920 bytes | Modified Date = 6/13/2008 3:29:14 PM | Attr =	]

(sdCoreService) PC Tools Security Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Spyware Doctor\pctsSvc.exe -> PC Tools [Ver = 6.0.0.21 | Size = 1079176 bytes | Modified Date = 9/22/2008 2:42:06 PM | Attr =	]

(sp_rssrv) Spyware Terminator Realtime Shield Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Spyware Terminator\sp_rsser.exe -> Crawler.com [Ver = 2.3.0.328 | Size = 570880 bytes | Modified Date = 9/27/2008 10:16:41 PM | Attr =	]

(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\SureThing Shared\stllssvr.exe -> File not found

(StyleXPService) StyleXPService [Win32_Own | Auto | Stopped] -> %ProgramFiles%\TGTSoft\StyleXP\StyleXPService.exe ->  [Ver = 0, 20, 0, 3000 | Size = 372736 bytes | Modified Date = 5/24/2006 2:31:06 PM | Attr =	]



[Driver Services - Non-Microsoft Only]

(APLMp50) APLMp50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\APLMp50.sys -> Printing Communications Assoc., Inc. (PCAUSA) [Ver = 5.5.18.05 | Size = 28224 bytes | Modified Date = 11/29/2006 2:46:24 AM | Attr =	]

(ASPI32) ASPI32 [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\aspi32.sys -> Adaptec [Ver = 4.57 (1008) | Size = 23936 bytes | Modified Date = 12/22/1997 9:02:46 PM | Attr =	]

(avfwim) AvFw Packet Filter Miniport [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\avfwim.sys -> File not found

(avfwot) avfwot [Kernel | System | Stopped] -> %SystemRoot%\System32\DRIVERS\avfwot.sys -> File not found

(BootScreen) BootScreen [Kernel | Boot | Stopped] -> %SystemRoot%\system32\drivers\vidstub.sys ->  [Ver =  | Size = 163712 bytes | Modified Date = 8/1/2006 12:45:32 AM | Attr =	]

(IKFileSec) File Security Driver [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1045 built by: WinDDK | Size = 40840 bytes | Modified Date = 8/25/2008 11:36:28 AM | Attr =	]

(IKSysFlt) System Filter Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1030 | Size = 66952 bytes | Modified Date = 8/25/2008 11:36:28 AM | Attr =	]

(IKSysSec) System Security Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1034 | Size = 81288 bytes | Modified Date = 8/25/2008 11:36:30 AM | Attr =	]

(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LVUSBSta.sys -> Logitech Inc. [Ver = 8.4.7.1032 | Size = 22016 bytes | Modified Date = 5/27/2005 9:31:28 AM | Attr =	]

(MREMPR5) MREMPR5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -> File not found

(MRENDIS5) MRENDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemDrive%\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -> File not found

(pctfw2) pctfw2 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\pctfw2.sys -> PC Tools [Ver = 4, 0, 0, 43 | Size = 160792 bytes | Modified Date = 9/28/2008 5:56:46 PM | Attr =	]

(PCTINDIS5) PCTINDIS5 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\PCTINDIS5.SYS -> File not found

(QCMerced) Logitech QuickCam Communicate [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\lvcm.sys ->  [Ver =  | Size = 1317152 bytes | Modified Date = 5/27/2005 9:32:52 AM | Attr =	]

(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\RTL8139.sys -> Realtek Semiconductor Corporation [Ver = 5.398.613.2003 built by: WinDDK | Size = 20992 bytes | Modified Date = 8/3/2004 10:31:34 PM | Attr =	]

(SBRE) SBRE [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\SBREdrv.sys -> File not found

(sp_rsdrv2) Spyware Terminator Driver 2 [Kernel | System | Running] -> %SystemRoot%\system32\drivers\sp_rsdrv2.sys ->  [Ver =  | Size = 141312 bytes | Modified Date = 9/27/2008 10:16:40 PM | Attr =	]

(tifmsony) tifmsony [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\tifmsony.sys -> Texas Instruments [Ver = 1.0.2.5 | Size = 52736 bytes | Modified Date = 1/6/2005 4:01:00 PM | Attr = R  ]

(w550bus) Sony Ericsson W550 driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\w550bus.sys -> File not found

(w550mdfl) Sony Ericsson W550 USB WMC Modem Filter [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\w550mdfl.sys -> File not found

(w550mdm) Sony Ericsson W550 USB WMC Modem Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\w550mdm.sys -> File not found

(w550mgmt) Sony Ericsson W550 USB WMC Device Management Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\w550mgmt.sys -> File not found

(w550obex) Sony Ericsson W550 USB WMC OBEX Interface Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\DRIVERS\w550obex.sys -> File not found



[Registry - Non-Microsoft Only]

< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

Alcmtr -> %SystemRoot%\ALCMTR.EXE [ALCMTR.EXE] -> Realtek Semiconductor Corp. [Ver = 1.6.0.2 | Size = 69632 bytes | Modified Date = 5/3/2005 7:43:28 PM | Attr =	]

AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.172 | Size = 1234712 bytes | Modified Date = 10/7/2008 7:43:42 PM | Attr =	]

avgnt -> %ProgramFiles%\Avira\AntiVir PersonalEdition Classic\avgnt.exe ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min] -> Avira GmbH [Ver = 8.00.70.02 | Size = 266497 bytes | Modified Date = 6/12/2008 2:28:45 PM | Attr =	]

BootSkin Startup Jobs -> %ProgramFiles%\Stardock\WinCustomize\BootSkin\BootSkin.exe ["C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs] ->  [Ver = 1, 0, 6, 0 | Size = 270336 bytes | Modified Date = 4/26/2004 4:21:00 PM | Attr =	]

ISBMgr.exe -> %ProgramFiles%\Sony\ISB Utility\ISBMgr.exe [C:\Program Files\Sony\ISB Utility\ISBMgr.exe] -> Sony Corporation [Ver = 1, 0, 0, 2180 | Size = 32768 bytes | Modified Date = 2/20/2004 5:12:34 PM | Attr =	]

LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe ["C:\Program Files\Logitech\Video\ISStart.exe" ] -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 458752 bytes | Modified Date = 6/8/2005 3:24:32 PM | Attr =	]

LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe ["C:\Program Files\Logitech\Video\LogiTray.exe"] -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 217088 bytes | Modified Date = 6/8/2005 3:14:44 PM | Attr =	]

LVCOMSX -> %SystemRoot%\system32\LVCOMSX.EXE [C:\WINDOWS\system32\LVCOMSX.EXE] -> Logitech Inc. [Ver = 8.4.7.1036 | Size = 221184 bytes | Modified Date = 7/19/2005 5:32:18 PM | Attr =	]

NvCplDaemon -> %SystemRoot%\system32\nvcpl.dll ["RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.7083 | Size = 5406720 bytes | Modified Date = 2/17/2005 6:31:00 AM | Attr =	]

RTHDCPL -> %SystemRoot%\RTHDCPL.exe [RTHDCPL.EXE] -> Realtek Semiconductor Corp. [Ver = 2.0.2.6 | Size = 15473664 bytes | Modified Date = 11/10/2005 11:14:06 AM | Attr =	]

SpywareTerminator -> %ProgramFiles%\Spyware Terminator\SpywareTerminatorShield.Exe ["C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"] -> Crawler.com [Ver = 2.3.0.319 | Size = 1783808 bytes | Modified Date = 9/27/2008 10:16:39 PM | Attr =	]

SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_07\bin\jusched.exe ["C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 144784 bytes | Modified Date = 6/10/2008 4:27:04 AM | Attr =	]

VAIO Update 3 -> %ProgramFiles%\Sony\VAIO Update 3\VAIOUpdt.exe ["C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe"  /Stationary] -> Sony Corporation [Ver = 3.0.00.11250 | Size = 546936 bytes | Modified Date = 1/25/2007 9:41:00 PM | Attr =	]

< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 

LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe ["C:\Program Files\Logitech\Video\ManifestEngine.exe" boot] -> Logitech Inc. [Ver = 8.4.7.1034 | Size = 196608 bytes | Modified Date = 6/8/2005 2:44:14 PM | Attr =	]

STYLEXP -> %ProgramFiles%\TGTSoft\StyleXP\StyleXP.exe [C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide] ->  [Ver = 0, 30, 19, 0 | Size = 1372160 bytes | Modified Date = 5/24/2006 2:31:39 PM | Attr =	]

< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 

< SaRaNgHaE1027 Startup Folder > -> C:\Documents and Settings\SaRaNgHaE1027\Start Menu\Programs\Startup -> 

< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 

*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 

avgrsstx.dll -> %SystemRoot%\system32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.134 | Size = 10520 bytes | Modified Date = 10/7/2008 7:44:45 PM | Attr =	]

*MultiFile Done* -> -> 

< SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> 

< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 

Explorer.exe -> %SystemRoot%\explorer.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 1033728 bytes | Modified Date = 4/13/2008 8:12:19 PM | Attr =	]

*MultiFile Done* -> -> 

*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 

C:\WINDOWS\system32\userinit.exe -> %SystemRoot%\system32\userinit.exe -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 26112 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr =	]

*MultiFile Done* -> -> 

*UIHost* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost -> 

LogonUI.EXE -> %SystemRoot%\system32\logonui.exe -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 514560 bytes | Modified Date = 4/13/2008 8:12:24 PM | Attr =	]

*MultiFile Done* -> -> 

*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 

rundll32 shell32 -> %SystemRoot%\system32\shell32.dll -> Microsoft Corporation [Ver = 6.00.2900.5512 (xpsp.080413-2105) | Size = 8461312 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr =	]

Control_RunDLL "sysdm.cpl" -> %SystemRoot%\system32\sysdm.cpl -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2105) | Size = 300544 bytes | Modified Date = 4/13/2008 8:12:41 PM | Attr =	]

*MultiFile Done* -> -> 

< Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 

< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 

NavLogon ->  -> File not found

VESWinlogon -> %SystemRoot%\system32\VESWinlogon.dll -> Sony Corporation [Ver = 2.0.00.09300 | Size = 73728 bytes | Modified Date = 1/18/2005 1:48:06 PM | Attr =	]

WRNotifier ->  -> File not found

< CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\dontdisplaylastusername -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticecaption ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\legalnoticetext ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\shutdownwithoutlogon -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\undockwithoutlogon -> 1 -> 

< CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->

< CDROM Autorun Setting > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> ->

*DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> 

SCSI miniport ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> SCSI CDROM Class -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> CD-ROM Driver -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 62976 bytes | Modified Date = 4/13/2008 2:40:46 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> 1 -> 

*AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> 

NEC	 MBR-7	->  -> File not found

NEC	 MBR-7.4  ->  -> File not found

PIONEER CHANGR DRM-1804X ->  -> File not found

PIONEER CD-ROM DRM-6324X ->  -> File not found

PIONEER CD-ROM DRM-624X  ->  -> File not found

TORiSAN CD-ROM CDR_C36 ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> 

< Drives with AutoRun files > ->  -> 

AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] ->  [Ver =  | Size = 0 bytes | Modified Date = 7/12/2006 2:30:15 PM | Attr =	]

< HOSTS File > (265438 bytes and 9242 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 

First 25 entries...

127.0.0.1 localhost

127.0.0.1	www.007guard.com

127.0.0.1	007guard.com

127.0.0.1	008i.com

127.0.0.1	www.008k.com

127.0.0.1	008k.com

127.0.0.1	www.00hq.com

127.0.0.1	00hq.com

127.0.0.1	010402.com

127.0.0.1	www.032439.com

127.0.0.1	032439.com

127.0.0.1	www.0scan.com

127.0.0.1	0scan.com

127.0.0.1	www.100888290cs.com

127.0.0.1	100888290cs.com

127.0.0.1	www.100sexlinks.com

127.0.0.1	100sexlinks.com

127.0.0.1	www.10sek.com

127.0.0.1	10sek.com

127.0.0.1	www.123topsearch.com

127.0.0.1	123topsearch.com

127.0.0.1	www.132.com

127.0.0.1	132.com

127.0.0.1	www.136136.net

127.0.0.1	136136.net

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome -> 

HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> 

HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home -> 

HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 

HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> 

< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 

HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> 

HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> 

HKEY_CURRENT_USER\: Main\\Start Page -> http://www.yahoo.com/ -> 

HKEY_CURRENT_USER\: ProxyEnable -> 0 -> 

< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4838 domain(s) found. -> 

46 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 

< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4839 domain(s) found. -> 

www_gmail.com [http] -> Trusted sites -> 

www_gmail.com [https] -> Trusted sites -> 

www_google.com [http] -> Trusted sites -> 

www_google.com [https] -> Trusted sites -> 

47 domain(s) and sub-domain(s) not assigned to a zone.

< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 

< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.2006102200 | Size = 62080 bytes | Modified Date = 10/22/2006 11:08:42 PM | Attr =	]

{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\FlashGet\jccatch.dll [FGCatchUrl] -> www.flashget.com [Ver = 1, 8, 4, 1007 | Size = 94308 bytes | Modified Date = 8/6/2007 5:11:58 AM | Attr =	]

{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BitComet\tools\BitCometBHO_1.2.2.28.dll [BitComet Helper] -> BitComet [Ver = 20080228 | Size = 468280 bytes | Modified Date = 2/29/2008 4:49:22 AM | Attr =	]

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.152 | Size = 455960 bytes | Modified Date = 10/7/2008 7:43:59 PM | Attr =	]

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MEGAUPLOAD									[Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 7/31/2007 12:25:34 PM | Attr =	]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]

{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o				   [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 10/7/2008 7:44:08 PM | Attr =	]

{bf00e119-21a3-4fd1-b178-3b8537e75c92} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Megaupload\Mega Manager\MegaIEMn.dll [IeMonitorBho Class] -> Megaupload Limited [Ver = 3, 0, 0, 0 | Size = 110592 bytes | Modified Date = 8/16/2007 5:47:36 PM | Attr =	]

{F156768E-81EF-470C-9057-481BA8380DBA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\FlashGet\getflash.dll [FlashGet GetFlash Class] -> www.flashget.com [Ver = 1, 8, 4, 1003 | Size = 163840 bytes | Modified Date = 5/18/2007 12:13:10 PM | Attr =	]

< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 

{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MEGAUPLOAD									[Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 7/31/2007 12:25:34 PM | Attr =	]

{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o				   [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 10/7/2008 7:44:08 PM | Attr =	]

{E0E899AB-F487-11D5-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [FlashGet Bar] -> File not found

< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 

ShellBrowser\\{CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found

WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\MegauploadToolbar\megauploadtoolbar.dll [Megaupload Toolbar] -> MEGAUPLOAD									[Ver = 5.0.0.226 | Size = 1933256 bytes | Modified Date = 7/31/2007 12:25:34 PM | Attr =	]

WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgtoolbar.dll [AVG Security Toolbar] -> AVG, Technologies CZ, s.r.o				   [Ver = 5.0.2.400 | Size = 2055960 bytes | Modified Date = 10/7/2008 7:44:08 PM | Attr =	]

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 132496 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.70.6 | Size = 509328 bytes | Modified Date = 6/10/2008 4:27:02 AM | Attr =	]

{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 4:08:26 PM | Attr =	]

{B863453A-26C3-4e1f-A54D-A2CD196348E9}:Exec -> %ProgramFiles%\ICQLite\ICQLite.exe [ICQ Lite] -> File not found

{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [BitComet] -> File not found

{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}:Exec -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> FlashGet.com [Ver = 1, 9, 6, 1073 | Size = 2007088 bytes | Modified Date = 9/25/2007 4:10:50 AM | Attr =	]

{E59EB121-F339-4851-A3BA-FE49C35617C2}:Exec -> %ProgramFiles%\ICQ6\ICQ.exe [ICQ6] -> ICQ, Inc. [Ver = 6.0.0.7013 | Size = 173304 bytes | Modified Date = 8/24/2008 11:14:42 AM | Attr =	]

< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 

CmdMapping\\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AIM\aim.exe [AIM] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 4:08:26 PM | Attr =	]

CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ICQLite\ICQLite.exe [ICQ Lite] -> File not found

CmdMapping\\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} [HKEY_LOCAL_MACHINE] ->  [BitComet] -> File not found

CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\FlashGet\flashget.exe [FlashGet] -> FlashGet.com [Ver = 1, 9, 6, 1073 | Size = 2007088 bytes | Modified Date = 9/25/2007 4:10:50 AM | Attr =	]

CmdMapping\\{E59EB121-F339-4851-A3BA-FE49C35617C2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\ICQ6\ICQ.exe [ICQ6] -> ICQ, Inc. [Ver = 6.0.0.7013 | Size = 173304 bytes | Modified Date = 8/24/2008 11:14:42 AM | Attr =	]

CmdMapping\\{F4FBA929-A891-492C-A0F6-5C79CC4F1742} [HKEY_LOCAL_MACHINE] ->  [Reg Error: Key does not exist or could not be opened.] -> File not found

< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 

&D&ownload &with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/2/2008 11:42:44 PM | Attr =	]

&D&ownload all video with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/2/2008 11:42:44 PM | Attr =	]

&D&ownload all with BitComet -> %ProgramFiles%\BitComet\BitComet.exe -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/2/2008 11:42:44 PM | Attr =	]

&Download All with FlashGet -> %ProgramFiles%\FlashGet\JC_ALL.HTM ->  [Ver =  | Size = 1049 bytes | Modified Date = 5/18/2007 12:13:10 PM | Attr =	]

&Download with FlashGet -> %ProgramFiles%\FlashGet\JC_LINK.HTM ->  [Ver =  | Size = 1898 bytes | Modified Date = 5/18/2007 12:13:10 PM | Attr =	]

Download all with Free Download Manager ->  -> File not found

Download Link Using Mega Manager... -> %ProgramFiles%\Megaupload\Mega Manager\mm_file.htm ->  [Ver =  | Size = 1453 bytes | Modified Date = 4/5/2006 6:06:12 PM | Attr =	]

Download with Free Download Manager ->  -> File not found

< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 

PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 

PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 

< User Agent Post Platform [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform -> 

SV1 ->  -> 

< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 

{06D825F4-70DB-41DF-9C23-D52D97F6C8BF} ->	(1394 Net Adapter) -> 

{555FBCA9-959C-4F6E-82E0-320556C1CC36} ->	(Intel(R) PRO/100 VE Network Connection) -> 

{7486F304-F75E-403D-BB5C-510FB6F1CF2F} ->	() -> 

{785C0EAD-ABE1-437B-9966-93F8DE358C52} ->	(Intel(R) PRO/Wireless 2200BG Network Connection) -> 

{FDCBB1D4-AE4A-4D71-8C57-F8B22B3F6E70} ->	(Realtek RTL8139 Family PCI Fast Ethernet NIC) -> 

< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> 

ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver =  | Size = 79128 bytes | Modified Date = 10/7/2008 7:44:07 PM | Attr =	]

msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value

< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}[HKEY_LOCAL_MACHINE] -> http://www.apple.com/qtactivex/qtplugin.cab[Reg Error: Key does not exist or could not be opened.] -> 

{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=67633[Office Genuine Advantage Validation Tool] -> 

{17492023-C23A-453E-A040-C7C580BBF700}[HKEY_LOCAL_MACHINE] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> 

{233C1507-6A77-46A4-9443-F871F945D258}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> 

{238F6F83-B8B4-11CF-8771-00A024541EE3}[HKEY_LOCAL_MACHINE] -> http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab[Reg Error: Key does not exist or could not be opened.] -> 

{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab[Symantec AntiVirus scanner] -> 

{406B5949-7190-4245-91A9-30A17DE16AD0}[HKEY_LOCAL_MACHINE] -> http://www1.snapfish.com/SnapfishActivia.cab[Snapfish Activia] -> 

{5F8469B4-B055-49DD-83F7-62B522420ECC}[HKEY_LOCAL_MACHINE] -> http://upload.facebook.com/controls/FacebookPhotoUploader.cab[Facebook Photo Uploader Control] -> 

{644E432F-49D3-41A1-8DD5-E099162EEEC5}[HKEY_LOCAL_MACHINE] -> http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab[Symantec RuFSI Utility Class] -> 

{67DABFBF-D0AB-41FA-9C46-CC0F21721616}[HKEY_LOCAL_MACHINE] -> http://download.divx.com/player/DivXBrowserPlugin.cab[Reg Error: Key does not exist or could not be opened.] -> 

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}[HKEY_LOCAL_MACHINE] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1154115210218[MUWebControl Class] -> 

{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A}[HKEY_LOCAL_MACHINE] -> http://www.shockwave.com/content/luxoramunrising/sis/mjolauncher.cab[MJLauncherCtrl Class] -> 

{8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}[HKEY_LOCAL_MACHINE] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> 

{C190FF32-96D0-445F-9F60-5CF288FD3D0F}[HKEY_LOCAL_MACHINE] -> https://register.resnet.stonybrook.edu/CAT/CNICAT.cab[ActiveFormX Control] -> 

{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}[HKEY_LOCAL_MACHINE] -> http://office.microsoft.com/officeupdate/content/opuc4.cab[Office Update Installation Engine] -> 

{C9386579-3C0F-4713-82C6-5BA8088C7C8D}[HKEY_LOCAL_MACHINE] -> https://secure.shared.live.com/Pa6vGqB728AxD-ckvrPc0A/etc/Microsoft.Live.Folders.RichUpload.cab[Windows Live SkyDrive Upload Tool] -> 

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> 

{CD995117-98E5-4169-9920-6C12D4C0B548}[HKEY_LOCAL_MACHINE] -> http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab[HGPlugin9USA Class] -> 

{D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> 

{D4323BF2-006A-4440-A2F5-27E3E7AB25F8}[HKEY_LOCAL_MACHINE] -> http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe[Reg Error: Key does not exist or could not be opened.] -> 

{E8F628B5-259A-4734-97EE-BA914D7BE941}[HKEY_LOCAL_MACHINE] -> http://driveragent.com/files/driveragent.cab[Driver Agent ActiveX Control] -> 

Microsoft XML Parser for Java[HKEY_LOCAL_MACHINE] -> file://C:\WINDOWS\Java\classes\xmldso.cab[Reg Error: Key does not exist or could not be opened.] -> 

< Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniff.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniffdlgs.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniffdlgs.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/avsniffdlgs.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AXXPEE.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AXXPEE.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AXXPEE.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CNICAT.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CNICAT.ocx\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CNICAT.ocx\\{C190FF32-96D0-445F-9F60-5CF288FD3D0F} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/driveragent.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/driveragent.ocx\\.Owner -> {E8F628B5-259A-4734-97EE-BA914D7BE941} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/driveragent.ocx\\{E8F628B5-259A-4734-97EE-BA914D7BE941} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ecmldr32.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ecmldr32.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ecmldr32.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HGPlugin9USA.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HGPlugin9USA.dll\\.Owner -> {CD995117-98E5-4169-9920-6C12D4C0B548} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HGPlugin9USA.dll\\{CD995117-98E5-4169-9920-6C12D4C0B548} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Microsoft.Live.Folders.RichUpload.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Microsoft.Live.Folders.RichUpload.dll\\.Owner -> {C9386579-3C0F-4713-82C6-5BA8088C7C8D} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/Microsoft.Live.Folders.RichUpload.dll\\{C9386579-3C0F-4713-82C6-5BA8088C7C8D} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mjolauncher.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mjolauncher.dll\\.Owner -> {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mjolauncher.dll\\{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi.vxd\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\\.Owner -> {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/navapi32.dll\\{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\.Owner -> {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll\\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\.Owner -> {644E432F-49D3-41A1-8DD5-E099162EEEC5} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/rufsi.dll\\{644E432F-49D3-41A1-8DD5-E099162EEEC5} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\.Owner -> {406B5949-7190-4245-91A9-30A17DE16AD0} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/SnapfishActivia1000.ocx\\{406B5949-7190-4245-91A9-30A17DE16AD0} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\.Owner -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/wlscBase.dll\\{5ED80217-570B-4DA9-BF44-BE107C0EC166} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\.Owner -> {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/opuc.dll\\{C7DB51B4-BCF7-4923-8874-7F1A0DC92277} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> finalfantasy7 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\finalfantasy7 -> finalfantasy7 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\PowerDVD -> PowerDVD -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> finalfantasy7 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\finalfantasy7 -> finalfantasy7 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\PowerDVD -> PowerDVD -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\.Owner -> Unknown Owner -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/LegitCheckControl.DLL\\{17492023-C23A-453E-A040-C7C580BBF700} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\.Owner -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/muweb.dll\\{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\.Owner -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/OGACheckControl.DLL\\{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> finalfantasy7 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\finalfantasy7 -> finalfantasy7 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\PowerDVD -> PowerDVD -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/unicows.dll\\.Owner -> Unknown Owner -> 





[Registry - Additional Scans - Non-Microsoft Only]

< BotCheck > -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll ->  -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> ->

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 0 -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\ not found. -> -> 

Reg Error: Key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\ not found. -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> ->

*Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> 

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 8:12:00 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> 0  [binary data] -> 

*Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> 

kerberos -> %SystemRoot%\system32\kerberos.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 299520 bytes | Modified Date = 4/13/2008 8:11:56 PM | Attr =	]

msv1_0 -> %SystemRoot%\system32\msv1_0.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 132608 bytes | Modified Date = 4/13/2008 8:12:00 PM | Attr =	]

schannel -> %SystemRoot%\system32\schannel.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 144384 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr =	]

wdigest -> %SystemRoot%\system32\wdigest.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 49152 bytes | Modified Date = 4/13/2008 8:12:08 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 476 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing ->  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> 

*Notification Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> 

scecli -> %SystemRoot%\system32\scecli.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 181248 bytes | Modified Date = 4/13/2008 8:12:05 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> 

*ProviderOrder* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> 

Windows NT Access Provider ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll [%SystemRoot%\system32\ntmarta.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2113) | Size = 118784 bytes | Modified Date = 4/13/2008 8:12:02 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> D5 75 1E 43 53 8D 34 A5 6D FB 7C C0 71 46 EA B5 37 34 39 66 62 37 30 63 00 FD 07 00 15 54 00 00 34 FA 07 00 56 82 7C 75 20 FA 07 00 40 FD 07 00 4C FD 07 00 C8 D7 70 00 4A A6 9F B3 37 C7 C2 74  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> 78 4E FF FD 72 7B 86 02 35  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> 42 46 DA 3B D9 1E  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> %SystemRoot%\system32\iissuba.dll [IISSUBA] -> Microsoft Corporation [Ver = 6.0.2600.0 (xpclient.010817-1148) | Size = 9216 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> 24 A6 AB 21 FF 67 9A 7B CC C3 0B BB 94 17 46 BC  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> 68 4C C4 29 04 02 C9 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> 00 54 CF 23 C4 9D C8 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> 00 DB 62 27 C4 9D C8 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> 00 08 94 28 C4 9D C8 01  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Windows Firewall/Internet Connection Sharing (ICS) -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 51377 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\system32\ipnathlp.dll [%SystemRoot%\System32\ipnathlp.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 331264 bytes | Modified Date = 4/13/2008 8:11:55 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\DoNotAllowExceptions -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> %ProgramFiles%\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 4:08:26 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> %ProgramFiles%\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Windows Live\Messenger\livecall.exe -> %ProgramFiles%\Windows Live\Messenger\livecall.exe [C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)] -> File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DoNotAllowExceptions -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AIM\aim.exe -> %ProgramFiles%\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> America Online, Inc. [Ver = 5.9.3861 | Size = 67160 bytes | Modified Date = 8/5/2005 4:08:26 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %SystemRoot%\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 558080 bytes | Modified Date = 4/13/2008 2:53:32 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\doraemonmsgr.exe -> %ProgramFiles%\MSN Messenger\doraemonmsgr.exe [C:\Program Files\MSN Messenger\doraemonmsgr.exe:*:Enabled:Messenger] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 6475632 bytes | Modified Date = 1/19/2007 1:54:56 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe -> %ProgramFiles%\Foxit Software\PDF Editor\PDFEdit.exe [C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files!] -> Foxit Software Company [Ver = 1, 4, 0, 1531 | Size = 908800 bytes | Modified Date = 4/13/2006 2:38:52 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe -> %AllUsersProfile%\Application Data\NexonUS\NGM\NGM.exe [C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager] -> Nexon [Ver = 1, 0, 0, 4 | Size = 110592 bytes | Modified Date = 12/22/2007 1:10:10 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\Loader\aolload.exe -> %CommonProgramFiles%\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> AOL LLC [Ver = 9.3.2.2 | Size = 10800 bytes | Modified Date = 11/3/2006 3:17:27 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\AOL\1153457860\ee\aolsoftware.exe -> %CommonProgramFiles%\AOL\1153457860\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1153457860\ee\aolsoftware.exe:*:Enabled:AOL Services] -> America Online, Inc. [Ver = 1.4.16.2 | Size = 50792 bytes | Modified Date = 4/13/2006 4:36:53 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ICQ6\ICQ.exe -> %ProgramFiles%\ICQ6\ICQ.exe [C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6] -> ICQ, Inc. [Ver = 6.0.0.7013 | Size = 173304 bytes | Modified Date = 8/24/2008 11:14:42 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eMule\emule.exe -> %ProgramFiles%\eMule\emule.exe [C:\Program Files\eMule\emule.exe:*:Enabled:eMule] -> http://www.emule-project.net [Ver = 0.48.0 Unicode | Size = 5308416 bytes | Modified Date = 5/13/2007 10:57:46 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe -> %ProgramFiles%\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe [C:\Program Files\Maxthon2\Modules\MxDownloader\MxDownloadServer.exe:*:Enabled:MxDownloadServer] -> Maxthon International ltd. [Ver = 1,0,0,8132 | Size = 664832 bytes | Modified Date = 9/2/2008 1:32:16 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\plugin_emule\plugin_eMule.exe -> %ProgramFiles%\BitComet\plugin_emule\plugin_eMule.exe [C:\Program Files\BitComet\plugin_emule\plugin_eMule.exe:*:Enabled:eMule plugin host for BitComet] -> http://www.bitcomet.com [Ver = 1.02.5.22 | Size = 536376 bytes | Modified Date = 5/22/2008 5:44:44 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitComet\BitComet.exe -> %ProgramFiles%\BitComet\BitComet.exe [C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client] -> www.BitComet.com [Ver = 1.02 | Size = 2596152 bytes | Modified Date = 6/2/2008 11:42:44 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FlashGet\flashget.exe -> %ProgramFiles%\FlashGet\flashget.exe [C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget] -> FlashGet.com [Ver = 1, 9, 6, 1073 | Size = 2007088 bytes | Modified Date = 9/25/2007 4:10:50 AM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msnmsgr.exe -> %ProgramFiles%\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> Microsoft Corporation [Ver = 8.1.0178.00 | Size = 5674352 bytes | Modified Date = 1/19/2007 12:54:56 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe -> %ProgramFiles%\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> Microsoft Corporation [Ver = 1.1.161.0 | Size = 297752 bytes | Modified Date = 1/4/2007 4:10:02 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\sessmgr.exe -> %SystemRoot%\system32\sessmgr.exe [C:\WINDOWS\system32\sessmgr.exe:LocalSubNet:Disabled:Remote Assistance] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 141312 bytes | Modified Date = 4/13/2008 8:12:34 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AVG\AVG8\avgupd.exe -> %ProgramFiles%\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.159 | Size = 641304 bytes | Modified Date = 10/7/2008 7:43:40 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Disabled:@xpsp2res.dll,-22004 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Disabled:@xpsp2res.dll,-22005 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Disabled:@xpsp2res.dll,-22001 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Disabled:@xpsp2res.dll,-22002 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2967:TCP -> 2967:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Disabled:Symantec RTVScan - TCP -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2967:UDP -> 2967:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Disabled:Symantec RTVScan - UDP -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\38293:UDP -> 38293:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:IntelPDS - UDP -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\38293:TCP -> 38293:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:IntelPDS - TCP -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\49999:TCP -> 49999:TCP:*:Enabled:BitComet 24121 TCP -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\49999:UDP -> 49999:UDP:*:Enabled:BitComet 24121 UDP -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16061:TCP -> 16061:TCP:*:Enabled:BitComet 16061 TCP -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16061:UDP -> 16061:UDP:*:Enabled:BitComet 16061 UDP -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\IcmpSettings\\AllowInboundEchoRequest -> 0 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %SystemRoot%\system32\svchost.exe [%systemroot%\system32\svchost.exe -k netsvcs] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> %SystemRoot%\system32\wuauserv.dll [C:\WINDOWS\system32\wuauserv.dll] -> Microsoft Corporation [Ver = 5.4.3790.5512 (xpsp.080413-0852) | Size = 6656 bytes | Modified Date = 4/13/2008 8:12:11 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr =	]

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe [%SystemRoot%\system32\svchost.exe -k LocalService] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 14336 bytes | Modified Date = 4/13/2008 8:12:36 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 E0 AD 08 00 01 00 00 00 E8 03 00 00  [binary data] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll [%SystemRoot%\system32\regsvc.dll] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2111) | Size = 59904 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> %SystemRoot%\system32\tlntsvr.exe [C:\WINDOWS\system32\tlntsvr.exe] -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-0852) | Size = 73216 bytes | Modified Date = 4/13/2008 8:12:38 PM | Attr =	]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> 

*DependOnService* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> 

RPCSS -> %SystemRoot%\system32\rpcss.dll -> Microsoft Corporation [Ver = 5.1.2600.5512 (xpsp.080413-2108) | Size = 399360 bytes | Modified Date = 4/13/2008 8:12:04 PM | Attr =	]

TCPIP ->  -> File not found

NTLMSSP ->  -> File not found

*MultiFile Done* -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup ->  -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security -> [Binary data over 100 bytes] -> 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> ->

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> 





[Files/Folders - Created Within 30 days]

$AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ ->  [Folder | Created Date = 10/8/2008 2:10:13 AM | Attr =  H ]

DelUS.bat -> %SystemDrive%\DelUS.bat ->  [Ver =  | Size = 125 bytes | Created Date = 9/27/2008 12:37:48 AM | Attr =	]

rsit -> %SystemDrive%\rsit ->  [Folder | Created Date = 10/8/2008 11:34:34 AM | Attr =	]

SDFix -> %SystemDrive%\SDFix ->  [Folder | Created Date = 9/27/2008 11:05:08 AM | Attr =	]

sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 9/16/2008 7:05:14 PM | Attr =  H ]

sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 9/17/2008 1:03:56 AM | Attr =  H ]

sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm ->  [Ver =  | Size = 268 bytes | Created Date = 9/17/2008 12:06:55 PM | Attr =  H ]

sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 9/17/2008 1:10:21 PM | Attr =  H ]

sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 10/2/2008 10:56:08 AM | Attr =  H ]

sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 10/2/2008 8:11:08 PM | Attr =  H ]

sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 10/3/2008 9:40:41 AM | Attr =  H ]

sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 10/3/2008 11:08:31 AM | Attr =  H ]

sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 10/4/2008 7:27:11 PM | Attr =  H ]

sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 10/5/2008 12:38:43 AM | Attr =  H ]

sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 10/5/2008 1:11:33 AM | Attr =  H ]

sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 10/5/2008 5:12:26 PM | Attr =  H ]

sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 10/5/2008 11:19:54 PM | Attr =  H ]

sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm ->  [Ver =  | Size = 232 bytes | Created Date = 10/6/2008 9:55:36 AM | Attr =  H ]

sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 9/16/2008 7:05:14 PM | Attr =  H ]

sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 9/17/2008 1:03:56 AM | Attr =  H ]

sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 9/17/2008 12:06:55 PM | Attr =  H ]

sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 9/17/2008 1:10:21 PM | Attr =  H ]

sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 10/2/2008 10:56:08 AM | Attr =  H ]

sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 10/2/2008 8:11:08 PM | Attr =  H ]

sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 10/3/2008 9:40:41 AM | Attr =  H ]

sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 10/3/2008 11:08:31 AM | Attr =  H ]

sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 10/4/2008 7:27:11 PM | Attr =  H ]

sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 10/5/2008 12:38:43 AM | Attr =  H ]

sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 10/5/2008 1:11:33 AM | Attr =  H ]

sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 10/5/2008 5:12:26 PM | Attr =  H ]

sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 10/5/2008 11:19:54 PM | Attr =  H ]

sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm ->  [Ver =  | Size = 244 bytes | Created Date = 10/6/2008 9:55:36 AM | Attr =  H ]

Thumbs.db -> %SystemDrive%\Thumbs.db ->  [Ver =  | Size = 13824 bytes | Created Date = 9/27/2008 11:06:16 AM | Attr =  HS]

@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable

Avg -> %SystemRoot%\System32\drivers\Avg ->  [Folder | Created Date = 10/7/2008 7:44:15 PM | Attr =	]

avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg ->  [Ver =  | Size = 6061540 bytes | Created Date = 10/7/2008 7:44:15 PM | Attr =	]

incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 28361041 bytes | Created Date = 10/7/2008 7:44:17 PM | Attr =	]

microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 68419 bytes | Created Date = 10/7/2008 7:44:17 PM | Attr =	]

miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 249919 bytes | Created Date = 10/7/2008 7:44:17 PM | Attr =	]

ikfilesec.sys -> %SystemRoot%\System32\drivers\ikfilesec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1045 built by: WinDDK | Size = 40840 bytes | Created Date = 9/28/2008 5:32:12 PM | Attr =	]

iksysflt.sys -> %SystemRoot%\System32\drivers\iksysflt.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1030 | Size = 66952 bytes | Created Date = 9/28/2008 5:32:12 PM | Attr =	]

iksyssec.sys -> %SystemRoot%\System32\drivers\iksyssec.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1034 | Size = 81288 bytes | Created Date = 9/28/2008 5:32:12 PM | Attr =	]

kcom.sys -> %SystemRoot%\System32\drivers\kcom.sys -> PCTools Research Pty Ltd. [Ver = 5.0.2.1008 | Size = 29576 bytes | Created Date = 9/28/2008 5:32:12 PM | Attr =	]

pctfw2.sys -> %SystemRoot%\System32\drivers\pctfw2.sys -> PC Tools [Ver = 4, 0, 0, 43 | Size = 160792 bytes | Created Date = 9/28/2008 6:07:17 PM | Attr =	]

sp_rsdrv2.sys -> %SystemRoot%\System32\drivers\sp_rsdrv2.sys ->  [Ver =  | Size = 141312 bytes | Created Date = 9/27/2008 10:16:40 PM | Attr =	]

canto.TBL -> %SystemRoot%\System32\canto.TBL ->  [Ver =  | Size = 45528 bytes | Created Date = 9/28/2008 10:15:22 PM | Attr =	]

cantoPHR.TBL -> %SystemRoot%\System32\cantoPHR.TBL ->  [Ver =  | Size = 10 bytes | Created Date = 9/28/2008 10:15:22 PM | Attr =	]

cantoPTR.TBL -> %SystemRoot%\System32\cantoPTR.TBL ->  [Ver =  | Size = 32 bytes | Created Date = 9/28/2008 10:15:22 PM | Attr =	]

cpime.chm -> %SystemRoot%\System32\cpime.chm ->  [Ver =  | Size = 13488 bytes | Created Date = 9/28/2008 10:51:46 PM | Attr =	]

cpime.ime -> %SystemRoot%\System32\cpime.ime ->  [Ver =  | Size = 13214720 bytes | Created Date = 9/28/2008 10:51:47 PM | Attr =	]

GroupPolicy -> %SystemRoot%\System32\GroupPolicy ->  [Folder | Created Date = 9/26/2008 1:45:19 PM | Attr =	]

8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

ERUNT -> %SystemRoot%\ERUNT ->  [Folder | Created Date = 9/27/2008 3:28:17 PM | Attr =	]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 7680 bytes | Created Date = 9/27/2008 4:04:15 PM | Attr =  HS]

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable

uninst.exe -> %SystemRoot%\uninst.exe -> InstallShield Corporation, Inc. [Ver = 2.20.924.0 | Size = 299520 bytes | Created Date = 9/28/2008 10:07:21 PM | Attr =	]

[Files Created - Additional Folder Scans - Non-Microsoft Only]

avg8 -> %AllUsersProfile%\Application Data\avg8 ->  [Folder | Created Date = 10/7/2008 7:43:27 PM | Attr =	]

Avira -> %AllUsersProfile%\Application Data\Avira ->  [Folder | Created Date = 10/7/2008 10:32:13 AM | Attr =	]

Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes ->  [Folder | Created Date = 9/27/2008 2:07:40 AM | Attr =	]

PC Tools -> %AllUsersProfile%\Application Data\PC Tools ->  [Folder | Created Date = 9/28/2008 6:07:21 PM | Attr =	]

Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy ->  [Folder | Created Date = 9/27/2008 4:23:08 PM | Attr =	]

Spyware Terminator -> %AllUsersProfile%\Application Data\Spyware Terminator ->  [Folder | Created Date = 9/27/2008 10:16:33 PM | Attr =	]

Sunbelt -> %AllUsersProfile%\Application Data\Sunbelt ->  [Folder | Created Date = 10/4/2008 9:09:42 PM | Attr =	]

TEMP -> %AllUsersProfile%\Application Data\TEMP ->  [Folder | Created Date = 9/28/2008 5:32:19 PM | Attr =	]

@Alternate Data Stream - 152 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2

AVGTOOLBAR -> %AppData%\AVGTOOLBAR ->  [Folder | Created Date = 10/7/2008 7:44:12 PM | Attr =	]

Malwarebytes -> %AppData%\Malwarebytes ->  [Folder | Created Date = 9/27/2008 2:08:23 AM | Attr =	]

netstat.bat -> %AppData%\netstat.bat ->  [Ver =  | Size = 115 bytes | Created Date = 10/6/2008 1:16:19 AM | Attr =	]

Spyware Terminator -> %AppData%\Spyware Terminator ->  [Folder | Created Date = 9/27/2008 10:16:33 PM | Attr =	]

Windows Search -> %AppData%\Windows Search ->  [Folder | Created Date = 9/27/2008 12:20:57 AM | Attr =	]

dr.levy.pdf -> %UserProfile%\My Documents\dr.levy.pdf ->  [Ver =  | Size = 60255 bytes | Created Date = 9/15/2008 8:01:38 PM | Attr =	]

1-32.torrent -> %UserProfile%\Desktop\1-32.torrent ->  [Ver =  | Size = 134667 bytes | Created Date = 9/29/2008 1:50:02 AM | Attr =	]

13.torrent -> %UserProfile%\Desktop\13.torrent ->  [Ver =  | Size = 17573 bytes | Created Date = 10/8/2008 11:24:30 AM | Attr =	]

OTS -> %UserProfile%\Desktop\OTS ->  [Folder | Created Date = 10/8/2008 12:47:38 PM | Attr =	]

OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Created Date = 10/8/2008 12:03:29 PM | Attr =	]

RSIT.exe -> %UserProfile%\Desktop\RSIT.exe ->  [Ver = 3, 2, 12, 1 | Size = 305705 bytes | Created Date = 10/8/2008 11:33:59 AM | Attr =	]

Smart Kid -> %UserProfile%\Desktop\Smart Kid ->  [Folder | Created Date = 9/30/2008 7:59:36 PM | Attr =	]

The+Four+CH+13.torrent -> %UserProfile%\Desktop\The+Four+CH+13.torrent ->  [Ver =  | Size = 17807 bytes | Created Date = 10/8/2008 12:25:54 PM | Attr =	]

[HDzone] Last One Standing -> %UserProfile%\Desktop\[HDzone] Last One Standing ->  [Folder | Created Date = 10/8/2008 11:25:03 AM | Attr =	]

?GDBT.Net???.A??.01-32end.?? -> %UserProfile%\Desktop\【GDBT.Net】合拍.A计划.01-32end.粤语 ->  [Folder | Created Date = 9/29/2008 2:25:54 AM | Attr =	]

PC Tools -> %CommonProgramFiles%\PC Tools ->  [Folder | Created Date = 9/28/2008 5:36:00 PM | Attr =	]

AVG -> %ProgramFiles%\AVG ->  [Folder | Created Date = 10/7/2008 7:43:28 PM | Attr =	]

Avira -> %ProgramFiles%\Avira ->  [Folder | Created Date = 10/7/2008 9:02:59 PM | Attr =	]

Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware ->  [Folder | Created Date = 10/7/2008 10:00:24 AM | Attr =	]

Panda Security -> %ProgramFiles%\Panda Security ->  [Folder | Created Date = 9/27/2008 6:24:16 PM | Attr =	]

Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy ->  [Folder | Created Date = 9/27/2008 4:23:08 PM | Attr =	]

Spyware Doctor -> %ProgramFiles%\Spyware Doctor ->  [Folder | Created Date = 9/28/2008 5:32:02 PM | Attr =	]

Spyware Terminator -> %ProgramFiles%\Spyware Terminator ->  [Folder | Created Date = 9/27/2008 10:16:27 PM | Attr =	]

Trend Micro -> %ProgramFiles%\Trend Micro ->  [Folder | Created Date = 9/27/2008 4:11:18 PM | Attr =	]

WinClamAVShield -> %ProgramFiles%\WinClamAVShield ->  [Folder | Created Date = 9/27/2008 10:54:15 PM | Attr =	]

Windows Desktop Search -> %ProgramFiles%\Windows Desktop Search ->  [Folder | Created Date = 9/26/2008 1:45:20 PM | Attr =	]



[Files/Folders - Modified Within 30 days]

DelUS.bat -> %SystemDrive%\DelUS.bat ->  [Ver =  | Size = 125 bytes | Modified Date = 9/28/2008 8:24:30 PM | Attr =	]

sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 10/6/2008 6:44:44 PM | Attr =  H ]

sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 10/7/2008 9:50:18 AM | Attr =  H ]

sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 10/7/2008 6:39:22 PM | Attr =  H ]

sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 9/16/2008 7:05:14 PM | Attr =  H ]

sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 9/17/2008 1:03:56 AM | Attr =  H ]

sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm ->  [Ver =  | Size = 268 bytes | Modified Date = 9/17/2008 12:06:55 PM | Attr =  H ]

sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 9/17/2008 1:10:21 PM | Attr =  H ]

sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 10/2/2008 10:56:08 AM | Attr =  H ]

sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 10/2/2008 8:11:08 PM | Attr =  H ]

sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 10/3/2008 9:40:41 AM | Attr =  H ]

sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 10/3/2008 11:08:31 AM | Attr =  H ]

sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 10/4/2008 7:27:11 PM | Attr =  H ]

sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 10/5/2008 12:38:43 AM | Attr =  H ]

sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 10/5/2008 1:11:33 AM | Attr =  H ]

sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 10/5/2008 5:12:26 PM | Attr =  H ]

sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 10/5/2008 11:19:54 PM | Attr =  H ]

sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm ->  [Ver =  | Size = 232 bytes | Modified Date = 10/6/2008 9:55:36 AM | Attr =  H ]

sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/6/2008 6:44:43 PM | Attr =  H ]

sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/7/2008 9:50:17 AM | Attr =  H ]

sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/7/2008 6:39:22 PM | Attr =  H ]

sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 9/16/2008 7:05:14 PM | Attr =  H ]

sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 9/17/2008 1:03:56 AM | Attr =  H ]

sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 9/17/2008 12:06:55 PM | Attr =  H ]

sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 9/17/2008 1:10:21 PM | Attr =  H ]

sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/2/2008 10:56:08 AM | Attr =  H ]

sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/2/2008 8:11:08 PM | Attr =  H ]

sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/3/2008 9:40:41 AM | Attr =  H ]

sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/3/2008 11:08:31 AM | Attr =  H ]

sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/4/2008 7:27:11 PM | Attr =  H ]

sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/5/2008 12:38:43 AM | Attr =  H ]

sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/5/2008 1:11:33 AM | Attr =  H ]

sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/5/2008 5:12:26 PM | Attr =  H ]

sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/5/2008 11:19:54 PM | Attr =  H ]

sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm ->  [Ver =  | Size = 244 bytes | Modified Date = 10/6/2008 9:55:36 AM | Attr =  H ]

TEST.XML -> %SystemDrive%\TEST.XML ->  [Ver =  | Size = 45 bytes | Modified Date = 9/29/2008 2:22:12 AM | Attr =	]

Thumbs.db -> %SystemDrive%\Thumbs.db ->  [Ver =  | Size = 13824 bytes | Modified Date = 9/27/2008 11:06:18 AM | Attr =  HS]

@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable

avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg ->  [Ver =  | Size = 6061540 bytes | Modified Date = 10/7/2008 7:44:17 PM | Attr =	]

incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm ->  [Ver =  | Size = 28361041 bytes | Modified Date = 10/8/2008 11:18:29 AM | Attr =	]

microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg ->  [Ver =  | Size = 68419 bytes | Modified Date = 10/7/2008 7:46:36 PM | Attr =	]

miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg ->  [Ver =  | Size = 249919 bytes | Modified Date = 10/7/2008 7:46:36 PM | Attr =	]

HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS ->  [Ver =  | Size = 265438 bytes | Modified Date = 9/27/2008 9:27:43 PM | Attr = R  ]

hosts.20080927-212735.backup -> %SystemRoot%\System32\drivers\etc\hosts.20080927-212735.backup ->  [Ver =  | Size = 686 bytes | Modified Date = 9/27/2008 3:35:12 PM | Attr =	]

pctfw2.sys -> %SystemRoot%\System32\drivers\pctfw2.sys -> PC Tools [Ver = 4, 0, 0, 43 | Size = 160792 bytes | Modified Date = 9/28/2008 5:56:46 PM | Attr =	]

sp_rsdrv2.sys -> %SystemRoot%\System32\drivers\sp_rsdrv2.sys ->  [Ver =  | Size = 141312 bytes | Modified Date = 9/27/2008 10:16:40 PM | Attr =	]

canto.TBL -> %SystemRoot%\System32\canto.TBL ->  [Ver =  | Size = 45528 bytes | Modified Date = 9/28/2008 10:15:22 PM | Attr =	]

cantoPHR.TBL -> %SystemRoot%\System32\cantoPHR.TBL ->  [Ver =  | Size = 10 bytes | Modified Date = 9/28/2008 10:15:22 PM | Attr =	]

cantoPTR.TBL -> %SystemRoot%\System32\cantoPTR.TBL ->  [Ver =  | Size = 32 bytes | Modified Date = 9/28/2008 10:15:22 PM | Attr =	]

8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 

cpime.ime -> %SystemRoot%\System32\cpime.ime ->  [Ver =  | Size = 13214720 bytes | Modified Date = 9/27/2008 10:48:22 AM | Attr =	]

FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT ->  [Ver =  | Size = 140440 bytes | Modified Date = 9/28/2008 11:55:22 PM | Attr =	]

nvapps.xml -> %SystemRoot%\System32\nvapps.xml ->  [Ver =  | Size = 17548 bytes | Modified Date = 10/8/2008 11:13:18 AM | Attr =	]

perfc009.dat -> %SystemRoot%\System32\perfc009.dat ->  [Ver =  | Size = 64774 bytes | Modified Date = 9/28/2008 9:18:01 PM | Attr =	]

perfh009.dat -> %SystemRoot%\System32\perfh009.dat ->  [Ver =  | Size = 409800 bytes | Modified Date = 9/28/2008 9:18:01 PM | Attr =	]

PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI ->  [Ver =  | Size = 481890 bytes | Modified Date = 9/28/2008 9:18:01 PM | Attr =	]

wpa.dbl -> %SystemRoot%\System32\wpa.dbl ->  [Ver =  | Size = 2206 bytes | Modified Date = 10/8/2008 11:13:11 AM | Attr =	]

1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 

bootstat.dat -> %SystemRoot%\bootstat.dat ->  [Ver =  | Size = 2048 bytes | Modified Date = 10/8/2008 11:12:24 AM | Attr =   S]

imsins.BAK -> %SystemRoot%\imsins.BAK ->  [Ver =  | Size = 1374 bytes | Modified Date = 9/28/2008 8:25:45 PM | Attr =	]

NJCOM.INI -> %SystemRoot%\NJCOM.INI ->  [Ver =  | Size = 385 bytes | Modified Date = 10/8/2008 2:26:23 AM | Attr =	]

Thumbs.db -> %SystemRoot%\Thumbs.db ->  [Ver =  | Size = 7680 bytes | Modified Date = 9/27/2008 4:04:15 PM | Attr =  HS]

@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable

1-Click Maintenance.job -> %SystemRoot%\tasks\1-Click Maintenance.job ->  [Ver =  | Size = 406 bytes | Modified Date = 10/3/2008 6:49:58 PM | Attr =	]

SA.DAT -> %SystemRoot%\tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 10/8/2008 11:12:36 AM | Attr =  H ]

C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help ->  [Folder | Modified Date = 8/8/2006 10:20:12 PM | Attr =	]

hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat ->  [Ver =  | Size = 8134 bytes | Modified Date = 8/8/2006 10:20:12 PM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader ->  [Folder | Modified Date = 7/13/2006 12:24:59 AM | Attr =	]

qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat ->  [Ver =  | Size = 6050 bytes | Modified Date = 9/28/2008 3:45:13 AM | Attr =	]

qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat ->  [Ver =  | Size = 4232 bytes | Modified Date = 9/28/2008 3:45:13 AM | Attr =	]

C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA ->  [Folder | Modified Date = 7/14/2006 12:18:30 AM | Attr =	]

opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat ->  [Ver =  | Size = 11086 bytes | Modified Date = 7/14/2006 12:18:57 AM | Attr =	]

[Files Modified - Additional Folder Scans - Non-Microsoft Only]

netstat.bat -> %AppData%\netstat.bat ->  [Ver =  | Size = 115 bytes | Modified Date = 10/6/2008 1:16:19 AM | Attr =	]

DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ->  [Ver =  | Size = 107008 bytes | Modified Date = 9/30/2008 8:04:56 PM | Attr =	]

GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ->  [Ver =  | Size = 25040 bytes | Modified Date = 9/29/2008 11:23:16 AM | Attr =	]

IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db ->  [Ver =  | Size = 4766798 bytes | Modified Date = 10/7/2008 10:33:29 AM | Attr =  H ]

dr.levy.pdf -> %UserProfile%\My Documents\dr.levy.pdf ->  [Ver =  | Size = 60255 bytes | Modified Date = 9/15/2008 8:01:38 PM | Attr =	]

My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk ->  [Ver =  | Size = 579 bytes | Modified Date = 10/7/2008 10:07:45 PM | Attr =	]

1-32.torrent -> %UserProfile%\Desktop\1-32.torrent ->  [Ver =  | Size = 134667 bytes | Modified Date = 9/29/2008 1:50:35 AM | Attr =	]

13.torrent -> %UserProfile%\Desktop\13.torrent ->  [Ver =  | Size = 17573 bytes | Modified Date = 10/8/2008 11:24:33 AM | Attr =	]

OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe ->  [Ver =  | Size = 576581 bytes | Modified Date = 10/8/2008 12:47:06 PM | Attr =	]

RSIT.exe -> %UserProfile%\Desktop\RSIT.exe ->  [Ver = 3, 2, 12, 1 | Size = 305705 bytes | Modified Date = 10/8/2008 11:34:12 AM | Attr =	]

The+Four+CH+13.torrent -> %UserProfile%\Desktop\The+Four+CH+13.torrent ->  [Ver =  | Size = 17807 bytes | Modified Date = 10/8/2008 12:25:55 PM | Attr =	]



[File - Lop Check: Additional Folder Scans - Non-Microsoft Only]

Application Data -> C:\Documents and Settings\All Users\Application Data ->  [Folder | Modified Date = 10/8/2008 1:30:18 AM | Attr = RH ]

55-56-9n-p0-67-s9 -> C:\Documents and Settings\All Users\Application Data\55-56-9n-p0-67-s9 ->  [Folder | Modified Date = 1/10/2008 12:17:11 AM | Attr =	]

Adobe -> C:\Documents and Settings\All Users\Application Data\Adobe ->  [Folder | Modified Date = 5/16/2008 7:17:21 PM | Attr =	]

AOL -> C:\Documents and Settings\All Users\Application Data\AOL ->  [Folder | Modified Date = 1/1/2008 12:10:45 AM | Attr =	]

AOL Downloads -> C:\Documents and Settings\All Users\Application Data\AOL Downloads ->  [Folder | Modified Date = 1/29/2007 9:45:44 PM | Attr =	]

AOL OCP -> C:\Documents and Settings\All Users\Application Data\AOL OCP ->  [Folder | Modified Date = 1/1/2008 12:11:00 AM | Attr =	]

Apple Computer -> C:\Documents and Settings\All Users\Application Data\Apple Computer ->  [Folder | Modified Date = 1/14/2008 10:58:35 PM | Attr =	]

ashampoo -> C:\Documents and Settings\All Users\Application Data\ashampoo ->  [Folder | Modified Date = 8/3/2006 11:34:10 PM | Attr =	]

avg8 -> C:\Documents and Settings\All Users\Application Data\avg8 ->  [Folder | Modified Date = 10/7/2008 7:43:27 PM | Attr =	]

Avira -> C:\Documents and Settings\All Users\Application Data\Avira ->  [Folder | Modified Date = 10/7/2008 9:02:59 PM | Attr =	]

CyberLink -> C:\Documents and Settings\All Users\Application Data\CyberLink ->  [Folder | Modified Date = 8/19/2007 11:51:14 PM | Attr =	]

InstallShield -> C:\Documents and Settings\All Users\Application Data\InstallShield ->  [Folder | Modified Date = 1/3/2007 3:35:52 PM | Attr =	]

Intel -> C:\Documents and Settings\All Users\Application Data\Intel ->  [Folder | Modified Date = 2/26/2007 3:01:40 AM | Attr =	]

Lavasoft -> C:\Documents and Settings\All Users\Application Data\Lavasoft ->  [Folder | Modified Date = 9/27/2008 10:25:44 PM | Attr =	]

Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes ->  [Folder | Modified Date = 9/27/2008 2:07:40 AM | Attr =	]

Messenger Plus! -> C:\Documents and Settings\All Users\Application Data\Messenger Plus! ->  [Folder | Modified Date = 3/8/2007 12:14:35 AM | Attr =	]

Microsoft -> C:\Documents and Settings\All Users\Application Data\Microsoft ->  [Folder | Modified Date = 9/28/2008 8:25:44 PM | Attr =   S]

Motive -> C:\Documents and Settings\All Users\Application Data\Motive ->  [Folder | Modified Date = 12/24/2006 1:34:05 AM | Attr =	]

MumboJumbo -> C:\Documents and Settings\All Users\Application Data\MumboJumbo ->  [Folder | Modified Date = 4/27/2007 10:47:42 PM | Attr =	]

NexonUS -> C:\Documents and Settings\All Users\Application Data\NexonUS ->  [Folder | Modified Date = 12/22/2007 1:20:06 AM | Attr =	]

Office Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage ->  [Folder | Modified Date = 4/17/2008 3:42:29 PM | Attr =	]

PC Tools -> C:\Documents and Settings\All Users\Application Data\PC Tools ->  [Folder | Modified Date = 9/28/2008 6:07:21 PM | Attr =	]

PopCap -> C:\Documents and Settings\All Users\Application Data\PopCap ->  [Folder | Modified Date = 4/29/2007 12:11:31 PM | Attr =	]

Roxio -> C:\Documents and Settings\All Users\Application Data\Roxio ->  [Folder | Modified Date = 11/3/2007 10:08:10 PM | Attr =	]

Sonic -> C:\Documents and Settings\All Users\Application Data\Sonic ->  [Folder | Modified Date = 1/3/2007 3:33:44 PM | Attr =	]

Sony Corporation -> C:\Documents and Settings\All Users\Application Data\Sony Corporation ->  [Folder | Modified Date = 1/18/2008 7:12:46 PM | Attr =	]

Sony Ericsson -> C:\Documents and Settings\All Users\Application Data\Sony Ericsson ->  [Folder | Modified Date = 6/4/2007 12:24:42 AM | Attr =	]

Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy ->  [Folder | Modified Date = 9/27/2008 5:07:02 PM | Attr =	]

Spyware Terminator -> C:\Documents and Settings\All Users\Application Data\Spyware Terminator ->  [Folder | Modified Date = 10/4/2008 8:48:43 PM | Attr =	]

Sunbelt -> C:\Documents and Settings\All Users\Application Data\Sunbelt ->  [Folder | Modified Date = 10/4/2008 9:09:42 PM | Attr =	]

Symantec -> C:\Documents and Settings\All Users\Application Data\Symantec ->  [Folder | Modified Date = 10/7/2008 10:27:02 AM | Attr =	]

TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP ->  [Folder | Modified Date = 10/7/2008 8:24:13 PM | Attr =	]

@Alternate Data Stream - 152 bytes -> %AllUsersProfile%\Application Data\TEMP:DFC5A2B2

TuneUp Software -> C:\Documents and Settings\All Users\Application Data\TuneUp Software ->  [Folder | Modified Date = 3/10/2008 9:49:56 PM | Attr =	]

Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint ->  [Folder | Modified Date = 1/2/2008 9:58:55 PM | Attr =	]

Windows Genuine Advantage -> C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage ->  [Folder | Modified Date = 7/13/2006 1:59:46 AM | Attr =	]

WLInstaller -> C:\Documents and Settings\All Users\Application Data\WLInstaller ->  [Folder | Modified Date = 3/21/2008 5:14:05 PM | Attr =	]

Application Data -> C:\Documents and Settings\SaRaNgHaE1027\Application Data ->  [Folder | Modified Date = 10/7/2008 8:13:24 PM | Attr = RH ]

.BitTornado -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\.BitTornado ->  [Folder | Modified Date = 7/16/2006 5:46:06 PM | Attr =	]

acccore -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\acccore ->  [Folder | Modified Date = 1/1/2008 12:12:31 AM | Attr =	]

Adobe -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Adobe ->  [Folder | Modified Date = 1/2/2008 1:08:57 AM | Attr =	]

AdobeUM -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\AdobeUM ->  [Folder | Modified Date = 7/22/2006 10:48:32 PM | Attr =	]

Ahead -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Ahead ->  [Folder | Modified Date = 11/5/2006 9:26:54 PM | Attr =	]

Aim -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Aim ->  [Folder | Modified Date = 7/13/2006 12:41:42 AM | Attr =	]

Apple Computer -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Apple Computer ->  [Folder | Modified Date = 2/1/2007 7:58:58 AM | Attr =	]

Ashampoo -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Ashampoo ->  [Folder | Modified Date = 8/3/2006 11:34:38 PM | Attr =	]

AVGTOOLBAR -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\AVGTOOLBAR ->  [Folder | Modified Date = 10/8/2008 1:27:32 AM | Attr =	]

CmapTools -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\CmapTools ->  [Folder | Modified Date = 3/3/2007 4:45:19 PM | Attr =	]

COWON -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\COWON ->  [Folder | Modified Date = 1/3/2007 3:11:17 PM | Attr =	]

Creative -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Creative ->  [Folder | Modified Date = 8/4/2006 8:04:11 AM | Attr =	]

CyberLink -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\CyberLink ->  [Folder | Modified Date = 8/19/2007 11:52:55 PM | Attr =	]

Free Download Manager -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Free Download Manager ->  [Folder | Modified Date = 10/6/2008 2:27:52 AM | Attr =	]

GetRightToGo -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\GetRightToGo ->  [Folder | Modified Date = 11/19/2007 1:10:43 AM | Attr =	]

Help -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Help ->  [Folder | Modified Date = 7/21/2006 4:47:16 PM | Attr =	]

ICAClient -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\ICAClient ->  [Folder | Modified Date = 9/13/2006 2:40:32 PM | Attr =	]

ICQ -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\ICQ ->  [Folder | Modified Date = 3/20/2008 12:19:19 AM | Attr =	]

ICQLite -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\ICQLite ->  [Folder | Modified Date = 8/1/2006 12:51:39 AM | Attr =	]

Identities -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Identities ->  [Folder | Modified Date = 7/12/2006 2:35:32 PM | Attr =	]

InstallShield -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\InstallShield ->  [Folder | Modified Date = 8/28/2007 9:48:37 PM | Attr =	]

iSilo -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\iSilo ->  [Folder | Modified Date = 8/25/2006 11:22:48 AM | Attr =	]

Lavasoft -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Lavasoft ->  [Folder | Modified Date = 2/22/2007 9:56:29 PM | Attr =	]

Macromedia -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Macromedia ->  [Folder | Modified Date = 7/21/2006 6:16:20 PM | Attr =	]

Malwarebytes -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Malwarebytes ->  [Folder | Modified Date = 9/27/2008 2:08:23 AM | Attr =	]

Media Player Classic -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Media Player Classic ->  [Folder | Modified Date = 1/26/2008 2:05:03 PM | Attr =	]

Megaupload -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Megaupload ->  [Folder | Modified Date = 8/28/2007 9:58:30 PM | Attr =	]

MegauploadToolbar -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\MegauploadToolbar ->  [Folder | Modified Date = 10/8/2008 1:20:34 AM | Attr =	]

Microsoft -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Microsoft ->  [Folder | Modified Date = 9/28/2008 11:52:36 PM | Attr =   S]

MoyeaFLV2Video -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\MoyeaFLV2Video ->  [Folder | Modified Date = 1/26/2008 1:21:38 AM | Attr =	]

MxBoost -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\MxBoost ->  [Folder | Modified Date = 10/8/2008 11:18:09 AM | Attr =	]

OfficeUpdate12 -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\OfficeUpdate12 ->  [Folder | Modified Date = 2/22/2007 9:21:25 PM | Attr =	]

PC Tools -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\PC Tools ->  [Folder | Modified Date = 3/7/2007 11:07:00 PM | Attr =	]

Real -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Real ->  [Folder | Modified Date = 7/13/2006 2:44:37 PM | Attr =	]

Roxio -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Roxio ->  [Folder | Modified Date = 1/7/2007 2:34:03 PM | Attr =	]

Screenshot Sender -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Screenshot Sender ->  [Folder | Modified Date = 3/7/2007 11:59:37 PM | Attr =	]

Snapfish -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Snapfish ->  [Folder | Modified Date = 7/13/2006 11:27:52 PM | Attr =	]

Sony Corporation -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Sony Corporation ->  [Folder | Modified Date = 1/21/2008 7:15:46 PM | Attr =	]

Sony Ericsson -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Sony Ericsson ->  [Folder | Modified Date = 8/3/2006 8:50:18 PM | Attr =	]

Spyware Terminator -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Spyware Terminator ->  [Folder | Modified Date = 10/8/2008 11:14:40 AM | Attr =	]

SSH -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\SSH ->  [Folder | Modified Date = 9/8/2007 11:06:28 AM | Attr =	]

Sun -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Sun ->  [Folder | Modified Date = 9/28/2006 11:14:57 PM | Attr =	]

Taito Legends -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Taito Legends ->  [Folder | Modified Date = 7/26/2006 7:39:08 PM | Attr =	]

Teleca -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Teleca ->  [Folder | Modified Date = 8/3/2006 8:34:21 PM | Attr =	]

TuneUp Software -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\TuneUp Software ->  [Folder | Modified Date = 7/21/2006 4:08:30 PM | Attr =	]

U3 -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\U3 ->  [Folder | Modified Date = 5/21/2008 9:36:05 PM | Attr =	]

vlc -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\vlc ->  [Folder | Modified Date = 4/17/2008 4:55:13 PM | Attr =	]

WholeSecurity -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\WholeSecurity ->  [Folder | Modified Date = 8/1/2007 1:17:12 PM | Attr =	]

Windows Search -> C:\Documents and Settings\SaRaNgHaE1027\Application Data\Windows Search ->  [Folder | Modified Date = 9/27/2008 12:20:57 AM | Attr =	]

C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks ->  [Folder | Modified Date = 9/29/2008 12:58:41 AM | Attr =   S]

1-Click Maintenance.job -> C:\WINDOWS\Tasks\1-Click Maintenance.job ->  [Ver =  | Size = 406 bytes | Modified Date = 10/3/2008 6:49:58 PM | Attr =	]

desktop.ini -> C:\WINDOWS\Tasks\desktop.ini ->  [Ver =  | Size = 65 bytes | Modified Date = 8/23/2001 8:00:00 AM | Attr = RH ]

SA.DAT -> C:\WINDOWS\Tasks\SA.DAT ->  [Ver =  | Size = 6 bytes | Modified Date = 10/8/2008 11:12:36 AM | Attr =  H ]

[File - Purity Scan: Additional Folder Scans - Non-Microsoft Only]



[CatchMe Rootkit Scan by GMER]

< Windows folder & sub-folders >

scanning hidden processes ...

IPC error: 2 The system cannot find the file specified.

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6C07A447-11FC-B7B1-7497-AC2E0996B192}]

"iadlnaajbbfcandpnj"=hex:69,61,70,6e,67,68,6e,6b,64,70,61,6d,70,6e,65,65,66,65,00,00

"hanjcciodigjkdbk"=hex:69,61,70,6e,67,68,6e,6b,64,70,61,6d,70,6e,65,65,66,65,00,00

scanning hidden files ...

C:\WINDOWS\Thumbs.db:encryptable 0 bytes

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 1

< Document and Settings folder & sub folders >

scanning hidden files ...

IPC error: 2 The system cannot find the file specified.

C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 152 bytes

C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\05proof_dora.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Get Out.wma:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\HKstop.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\In The Name Of.gif:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\K- Taisetsu Na Nin.mp3:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Tony\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Too Close To Be Friends 01.wma:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Too Close To Be Friends.wma:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Unknown.mp3:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Let It Flow.Mp3:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Criminal Intent (Opening).mp3:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Forensic Heroes.mp3:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Kong.wma:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\坻祥袧扂豭.mp3:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Big Big World.mp3:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Doraemon.mp3:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\dorawash.jpg:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Eason\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Eason Chan\Shall We Talk.mp3:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Eason Chan\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Eason Chan\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Eason Chan\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\12. 

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\MTV\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\MTV\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\MTV\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\MTV\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\MTV\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\MTV\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\MTV\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\MTV\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\MTV\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\MTV\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\MTV\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\MTV\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\MTV\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\MTV\

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Remioromen- Konayuki.mp3:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\Self-Deception.mp3:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\New Songs\FFVII\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\TVB\Police Cadet 85'\01.rmvb:SummaryInformation 88 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\TVB\Police Cadet 85'\01.rmvb:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\TVB\The Duke of Mount Deer (1984)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\TVB\Movies & Misc\Eason Chan - Solidays\AsianEU.net\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\TVB\Movies & Misc\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\TVB\Movies & Misc\TVBNOW 

C:\Documents and Settings\SaRaNgHaE1027\Desktop\TVB\ARod\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\TVB\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\Desktop\TVB\Yang Wei\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Music\Dicky Cheung\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Music\BackStreet Boys\Backstreet Boys - Millennium (1999)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Music\BackStreet Boys\Backstreet Boys - Never Gone (2005)\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Music\BackStreet Boys\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Music\Chi Lam Cheung\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Music\Themesongs\

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Music\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\100CASIO\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\Beijing 2008\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\Bobby\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\Boston2008\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\Box\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\casio\122306\122306a.JPG:Roxio EMC Stream 76 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\casio\122306\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\casio\Kodak Pictures\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\casio\lo\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\casio\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\D\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\Doraemon\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\Doraemon\WallPaper\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\Doraemon\Ding's Action\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\Garfield\Busy\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\Garfield\Perfect\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\Garfield\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\HK Summer 2oo6\100CASIO\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\HK Summer 2oo6\Disneyland with Crystal\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\HK Summer 2oo6\FHHS\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\HK Summer 2oo6\Macau\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\HK Summer 2oo6\Snoopy\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\HK Summer 2oo6\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\Kwik-E-Mart\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\My Stuffz\CuznConnie\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\My Stuffz\GoogleLogo\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\My Stuffz\July4th05\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\My Stuffz\Light and Love 062805\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\My Stuffz\My Room\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\My Stuffz\pix\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\My Stuffz\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\My Stuffz\自己的作品\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\MyCar\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\Stony Brook\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Pictures\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\My Received Files\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\Quotes\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\Ryan & Connor\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\Simpsons\Thumbs.db:encryptable 0 bytes

C:\Documents and Settings\SaRaNgHaE1027\My Documents\Thumbs.db:encryptable 0 bytes

scan completed successfully

hidden files: 386



< End of report >


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:47 AM

Posted 08 October 2008 - 10:42 PM

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 solitude87

solitude87
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 09 October 2008 - 11:44 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, October 09, 2008 10:15:43
Records in database: 1300117
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 77210
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 02:26:16

No malware has been detected. The scan area is clean.

The selected area was scanned.

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:47 AM

Posted 09 October 2008 - 12:08 PM

Hi it appears to be a windows specific issue as no malware is present on your computer.

When you hit control-alt-delete buttons all at the same time what happens?

For the updates let's try this:
Click Here to download the WUFix.zip.
Save it to your desktop and right click and choose extract all.
Open the folder and double click on the wufix.bat file that you see.
Let it run then reboot and see if you can then update Windows Properly.

Let me know how that goes and let me know about the Task Manager question as well.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 solitude87

solitude87
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 09 October 2008 - 04:40 PM

when I press Ctrl+Alt+Del the Task Manager popped up.

I don't have any problems updating windows.....

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:47 AM

Posted 10 October 2008 - 04:39 AM

Great well if everything is back to normal we will close this topic. :thumbsup:
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 solitude87

solitude87
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 10 October 2008 - 09:11 AM

I don't know, because I scanned with Spyware Doctor and it detected a Trojan in the registry.....

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:47 AM

Posted 10 October 2008 - 09:28 AM

Can you give me the full path to the registry item thaqt was detected by Spyware Doctor.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 solitude87

solitude87
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 10 October 2008 - 09:39 AM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS, ServiceDLL

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:02:47 AM

Posted 10 October 2008 - 12:01 PM

Please go to Start>Run type in Notepad.
Copy what is in the code box below into the open Notepad window.
Change the "Save As Type" to "All Files". Save it as fixthis.bat on your Desktop.
@Echo off

regedit /e look.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS"
start notepad look.txt

Then please double click on fixthis.bat a window will open and close quickly.This is normal.
Please post the contents of the Notepad document that opens.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 solitude87

solitude87
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:47 AM

Posted 10 October 2008 - 12:13 PM

a pop-up says it "cannot locate look.txt, do you want to create a new file?"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users