WinPFind3 logfile created on: 2007-08-19 16:13:34 WinPFind3U by OldTimer - Version 1.0.39 Folder = C:\Documents and Settings\Paul\Desktop\WinPFind3u\ Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) Internet Explorer (Version = 7.0.5730.11) 2.00 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.31% Memory free 3.35 Gb Paging File | 2.98 Gb Available in Paging File | 88.96% Paging File free Paging file location(s): C:\pagefile.sys 1534 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 38.16 Gb Total Space | 8.25 Gb Free Space | 21.61% Space Free Drive D: | 320.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free Drive E: | 172.88 Gb Total Space | 133.32 Gb Free Space | 77.12% Space Free Drive F: | 189.92 Gb Total Space | 17.71 Gb Free Space | 9.33% Space Free Computer Name: BITOCLASS Current User Name: Paul Logged in as Administrator. Current Boot Mode: Normal [Processes - Non-Microsoft Only] acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 2006-10-23 00:24:02 | Attr = ] ashdisp.exe -> %ProgramFiles%\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 75128 bytes | Modified Date = 2007-07-27 23:03:34 | Attr = ] ashmaisv.exe -> %ProgramFiles%\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 243064 bytes | Modified Date = 2007-07-27 23:03:08 | Attr = ] ashserv.exe -> %ProgramFiles%\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 132472 bytes | Modified Date = 2007-07-27 23:03:28 | Attr = ] ashwebsv.exe -> %ProgramFiles%\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 345464 bytes | Modified Date = 2007-07-27 23:02:20 | Attr = ] aswupdsv.exe -> %ProgramFiles%\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 16248 bytes | Modified Date = 2007-07-27 22:52:46 | Attr = ] fnplicensingservice.exe -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2007-03-03 23:31:08 | Attr = ] lcdosd.exe -> %System32%\3007WFP\LcdOSD.exe -> [Ver = | Size = 364544 bytes | Modified Date = 2005-09-21 07:13:18 | Attr = ] lcdosd.exe -> %System32%\3007WFP\LcdOSD.exe -> [Ver = | Size = 364544 bytes | Modified Date = 2005-09-21 07:13:18 | Attr = ] mups.exe -> %ProgramFiles%\Belkin Bulldog Plus\MUPS.EXE -> [Ver = | Size = 49152 bytes | Modified Date = 2004-08-14 00:21:40 | Attr = ] ntuneservice.exe -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneService.exe -> NVIDIA [Ver = 5.05.25 | Size = 118784 bytes | Modified Date = 2007-01-22 18:22:38 | Attr = ] nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 155716 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] service.exe -> %System32%\Service.exe -> [Ver = | Size = 45056 bytes | Modified Date = 2005-11-02 09:31:52 | Attr = ] smax4pnp.exe -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 61 | Size = 843776 bytes | Modified Date = 2006-05-01 11:07:44 | Attr = R ] upsd.exe -> %ProgramFiles%\Belkin Bulldog Plus\upsd.exe -> Delta [Ver = 1.1 | Size = 241664 bytes | Modified Date = 2004-11-08 13:05:44 | Attr = ] winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.38.0 | Size = 322048 bytes | Modified Date = 2007-06-23 15:15:54 | Attr = ] winvnc.exe -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1.1.0.2 | Size = 712704 bytes | Modified Date = 2006-06-18 15:56:10 | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.67.010 | Size = 72704 bytes | Modified Date = 2007-03-05 20:35:56 | Attr = ] (aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Avast4\aswUpdSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 16248 bytes | Modified Date = 2007-07-27 22:52:46 | Attr = ] (avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Avast4\ashServ.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 132472 bytes | Modified Date = 2007-07-27 23:03:28 | Attr = ] (avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 243064 bytes | Modified Date = 2007-07-27 23:03:08 | Attr = ] (avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> %ProgramFiles%\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 345464 bytes | Modified Date = 2007-07-27 23:02:20 | Attr = ] (dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 2004-08-04 00:56:50 | Attr = ] (FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> Macrovision Europe Ltd. [Ver = 11.03.005 | Size = 654848 bytes | Modified Date = 2007-03-03 23:31:08 | Attr = ] (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> -> File not found (KService) KService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Kontiki\KService.exe -> [Ver = | Size = 3068352 bytes | Modified Date = 2006-11-08 17:32:42 | Attr = ] (Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> [Ver = 2.42.000 | Size = 68096 bytes | Modified Date = 2007-03-06 19:07:18 | Attr = ] (nTuneService) nTune Service [Win32_Own | Auto | Running] -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneService.exe -> NVIDIA [Ver = 5.05.25 | Size = 118784 bytes | Modified Date = 2007-01-22 18:22:38 | Attr = ] (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 155716 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] (Service) Dell 3007WFP [Win32_Own | Auto | Running] -> %System32%\Service.exe -> [Ver = | Size = 45056 bytes | Modified Date = 2005-11-02 09:31:52 | Attr = ] (SPF4) Sunbelt Personal Firewall 4 [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Sunbelt Software\Personal Firewall\kpf4ss.exe -> Sunbelt Software [Ver = 4.5.916.0 | Size = 1234480 bytes | Modified Date = 2007-04-26 10:21:28 | Attr = ] (UPSentry_Smart) UPS - UPSentry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Belkin Bulldog Plus\upsd.exe -> Delta [Ver = 1.1 | Size = 241664 bytes | Modified Date = 2004-11-08 13:05:44 | Attr = ] (winvnc) VNC Server [Win32_Own | Auto | Running] -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1.1.0.2 | Size = 712704 bytes | Modified Date = 2006-06-18 15:56:10 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 4oD -> %ProgramFiles%\Kontiki\KHost.exe -> Kontiki Inc. [Ver = 5.02.61030.0 | Size = 1040832 bytes | Modified Date = 2006-11-08 17:32:42 | Attr = ] Acrobat Assistant 8.0 -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\acrotray.exe -> Adobe Systems Inc. [Ver = 8.0.0.2006102200 | Size = 620152 bytes | Modified Date = 2006-10-23 00:24:02 | Attr = ] avast! -> %ProgramFiles%\Avast4\ashDisp.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 75128 bytes | Modified Date = 2007-07-27 23:03:34 | Attr = ] NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 8466432 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] NVIDIA nTune -> %ProgramFiles%\NVIDIA Corporation\nTune\nTuneCmd.exe -> NVIDIA [Ver = 5.05.25 | Size = 81920 bytes | Modified Date = 2007-01-22 18:22:32 | Attr = ] NvMediaCenter -> %System32%\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 81920 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nwiz -> %System32%\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] SoundMAX -> %ProgramFiles%\Analog Devices\SoundMAX\SMax4.exe -> Analog Devices, Inc. [Ver = 5, 2, 0, 28 | Size = 729088 bytes | Modified Date = 2006-04-10 10:19:46 | Attr = ] SoundMAXPnP -> %ProgramFiles%\Analog Devices\Core\smax4pnp.exe -> Analog Devices, Inc. [Ver = 6, 0, 0, 61 | Size = 843776 bytes | Modified Date = 2006-05-01 11:07:44 | Attr = R ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_02\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] WinVNC -> %ProgramFiles%\UltraVNC\winvnc.exe -> UltraVNC [Ver = 1.1.0.2 | Size = 712704 bytes | Modified Date = 2006-06-18 15:56:10 | Attr = ] < OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL -> Installed = 1 -> MAPI -> Installed = 1 -> MSFS -> Installed = 1 -> < Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> BBC Alerts -> %ProgramFiles%\BBC Alerts\BBC_Alerts.exe -> Skinkers Communications [Ver = 1.9.3.3551 | Size = 671744 bytes | Modified Date = 2006-06-01 14:36:12 | Attr = ] kdx -> %ProgramFiles%\Kontiki\KHost.exe -> Kontiki Inc. [Ver = 5.02.61030.0 | Size = 1040832 bytes | Modified Date = 2006-11-08 17:32:42 | Attr = ] SpybotSD TeaTimer -> %ProgramFiles%\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 2005-05-31 01:04:00 | Attr = ] < Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersStartup%\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe -> [Ver = | Size = 295606 bytes | Modified Date = 2007-03-03 23:30:50 | Attr = R ] %AllUsersStartup%\Adobe Acrobat Synchronizer.lnk -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe -> [Ver = 8.0.0.0 | Size = 734872 bytes | Modified Date = 2006-10-23 01:01:50 | Attr = ] %AllUsersStartup%\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> Adobe Systems, Inc. [Ver = 1, 0, 0, 1 | Size = 113664 bytes | Modified Date = 2005-03-16 21:16:50 | Attr = ] %AllUsersStartup%\MUPS.lnk -> %ProgramFiles%\Belkin Bulldog Plus\MUPS.EXE -> [Ver = | Size = 49152 bytes | Modified Date = 2004-08-14 00:21:40 | Attr = ] < SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> < Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> < CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> < HOSTS File > (932 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost -> -> 192.168.1.10 [b][entry manually removed by me for privacy reasons][/b] -> -> 192.168.1.10 [b][entry manually removed by me for privacy reasons][/b] -> -> 192.168.1.10 [b][entry manually removed by me for privacy reasons][/b] -> -> < Internet Explorer Settings > -> -> HKLM: Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKLM: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKLM: Local Page -> %SystemRoot%\system32\blank.htm -> HKLM: Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKLM: Start Page -> about:blank -> HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKCU: Local Page -> C:\WINDOWS\system32\blank.htm -> HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKCU: Start Page -> about:blank -> HKCU: ProxyEnable -> 0 -> < Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> msn.com [ - ] -> -> < BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {000123B4-9B42-4900-B3F7-F4B073EFC214} [HKLM] -> %ProgramFiles%\Orbitdownloader\orbitcth.dll [Octh Class] -> Orbitdownloader.com [Ver = 2, 0, 0, 1 | Size = 122880 bytes | Modified Date = 2007-06-18 13:33:26 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] {AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 2006-10-23 00:20:26 | Attr = ] {CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> %ProgramFiles%\Free Download Manager\iefdmcks.dll [FDMIECookiesBHO Class] -> [Ver = | Size = 81920 bytes | Modified Date = 2006-08-20 19:55:00 | Attr = ] < Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 2006-10-23 00:20:26 | Attr = ] < Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 2006-10-23 00:20:26 | Attr = ] < Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 321120 bytes | Modified Date = 2006-10-23 00:20:26 | Attr = ] < Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_02\bin\npjpi160_02.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 132496 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_02\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 501136 bytes | Modified Date = 2007-07-12 04:00:36 | Attr = ] {2670000A-7350-4f3c-8081-5663EE0C6C49} -> Reg Data - Value does not exist [ButtonText: Send to OneNote] -> File not found {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -> Reg Data - Value does not exist [ButtonText: Create Mobile Favorite] -> File not found {92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found < Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> &Download by Orbit -> -> File not found &Grab video by Orbit -> -> File not found &WordWeb... -> %SystemRoot%\wweb32.dll\lookup.htm -> File not found Append to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECaptureSelLinks.htm -> File not found Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppendSelLinks.htm -> File not found Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIEAppend.htm -> File not found Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll\AcroIECapture.htm -> File not found Do&wnload selected by Orbit -> -> File not found Down&load all by Orbit -> -> File not found Download all with Free Download Manager -> %ProgramFiles%\Free Download Manager\dlall.htm -> [Ver = | Size = 879 bytes | Modified Date = 2006-07-05 18:23:58 | Attr = ] Download selected with Free Download Manager -> %ProgramFiles%\Free Download Manager\dlselected.htm -> [Ver = | Size = 449 bytes | Modified Date = 2006-05-18 19:45:38 | Attr = ] Download with Free Download Manager -> %ProgramFiles%\Free Download Manager\dllink.htm -> [Ver = | Size = 1058 bytes | Modified Date = 2006-07-05 18:20:08 | Attr = ] E&xport to Microsoft Excel -> -> File not found < DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {02D82D31-E1F6-4306-BD73-A0BB64B659FE} -> (1394 Net Adapter) -> {45178EA4-2B94-451A-B06B-2EEBAA16AD70} -> (Windows Mobile-based Device) -> {59F74B11-9B1A-48E5-BBD0-235F985FC78C} -> (Windows Mobile-based Device) -> {CA16E0B5-16DD-4A97-8A54-64A8749A8085} -> (Windows Mobile-based Device) -> {F0D940FA-FF03-4B3B-950A-2B22E03A2A18} -> 192.168.1.1 (Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC) -> {FFAD82A4-3BB4-4D2E-8AD9-39EBDF1682CB} -> () -> < Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp -> Reg Data - Key not found -> File not found msdaipp -> Reg Data - Key not found -> File not found < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -> - CodeBase = http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab -> {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} -> SentinelVE3D Class - CodeBase = http://download.microsoft.com/download/0/f/b/0fb0fab9-7f09-4bb6-86d8-8e791ba99ac5/VirtualEarth3D.cab -> {166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab -> {215B8138-A3CF-44C5-803F-8226143CFC0A} -> Trend Micro ActiveX Scan Agent 6.6 - CodeBase = http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab -> {4E62C4DE-627D-4604-B157-4B7D6B09F02E} -> AccountTracking Profile Manager Class - CodeBase = https://moneymanager.egg.com/Pinsafe/accounttracking.cab -> {6414512B-B978-451D-A0D8-FCFDF33E833C} -> WUWebControl Class - CodeBase = http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172765515765 -> {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} -> System Requirements Lab Class - CodeBase = http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab -> {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172938035906 -> {8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab -> {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_11 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab -> [Registry - Additional Scans - Non-Microsoft Only] < BotCheck > -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\DefaultLaunchPermission ->  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineLaunchRestriction ->  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\MachineAccessRestriction ->  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\\EnableDCOM -> Y -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{A50398B8-9075-4FBF-A7A1-456BF21937AD} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{AD65A69D-3831-40D7-9629-9B0B50A93843} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{0040D221-54A1-11D1-9DE0-006097042D69} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat\ActivationSecurityCheckExemptionList\\{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3} -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\NONREDIST\\System.EnterpriseServices.Thunk.dll -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirstRunDisabled -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\UpdatesDisableNotify -> 0 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\AntiVirusOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\FirewallOverride -> 1 -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate not found. -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile not found. -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages -> msv1_0; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Bounds -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages -> kerberos;msv1_0;schannel;wdigest; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\ImpersonatePrivilegeUpgradeToolHasRun -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\LsaPid -> 820 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\SecureBoot -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\auditbaseobjects -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\crashonauditfail -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\disabledomaincreds -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\everyoneincludesanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fipsalgorithmpolicy -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\forceguest -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\fullprivilegeauditing -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\limitblankpassworduse -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\lmcompatibilitylevel -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nodefaultadminowner -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\nolmhash -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymous -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\restrictanonymoussam -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Notification Packages -> scecli; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\enabledcom -> y -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\\ProviderOrder -> Windows NT Access Provider; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\AccessProviders\Windows NT Access Provider\\ProviderPath -> %SystemRoot%\system32\ntmarta.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Audit\PerUserAuditing\System\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Data\\Pattern -> /؁RP W89460ea45 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\GBG\\GrafBlumGroup -> ]#ɥ]Q -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\JD\\Lookup -> y( / -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Domains\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\SidCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\Auth132 -> IISSUBA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminclientsec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0\\ntlmminserversec -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Skew1\\SkewMatrix -> f#zH@F~ -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SSO\Passport1.4\\SSOURL -> http://www.passport.com -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\\Time -> H'\ -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Name -> Digest -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Comment -> Digest SSPI Authentication Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Capabilities -> 16464 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\RpcId -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\TokenSize -> 65535 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Time -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\digest.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Name -> DPA -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Comment -> DPA Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\RpcId -> 17 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Time -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Name -> MSN -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Comment -> MSN Security Package -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Capabilities -> 55 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\RpcId -> 18 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Version -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\TokenSize -> 768 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Time -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll\\Type -> 49 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DependOnService -> Netman;WinMgmt; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Description -> Provides network address translation, addressing, and name resolution services for all computers on your home network through a dial-up connection. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\DisplayName -> Internet Connection Sharing -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ImagePath -> %SystemRoot%\System32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\\Epoch -> 5268 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\\ServiceDll -> %SystemRoot%\System32\ipnathlp.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\BBC Alerts\BBC_Alerts.exe -> C:\Program Files\BBC Alerts\BBC_Alerts.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:*:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:*:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:*:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:*:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\DisableNotifications -> 0 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\system32\sessmgr.exe -> %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DigiGuide\DigiGuide.exe -> C:\Program Files\DigiGuide\DigiGuide.exe:*:Enabled:DigiGuide -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\%windir%\Network Diagnostic\xpnetdiag.exe -> %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BBC Alerts\BBC_Alerts.exe -> C:\Program Files\BBC Alerts\BBC_Alerts.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\AboutTime\AboutTime.exe -> C:\Program Files\AboutTime\AboutTime.exe:*:Enabled:AboutTime cient/server -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\eMule\emule.exe -> C:\Program Files\eMule\emule.exe:*:Enabled:eMule -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\uTorrent\utorrent.exe -> C:\Program Files\uTorrent\utorrent.exe:*:Enabled:Torrent -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe -> C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Kontiki\KService.exe -> C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orbitdownloader\orbitdm.exe -> C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Orbitdownloader\orbitnet.exe -> C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\rapimgr.exe -> C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\wcescomm.exe -> C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Microsoft ActiveSync\WCESMgr.exe -> C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe -> C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Firewall GUI -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP -> 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2869:TCP -> 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10243:TCP -> 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10280:UDP -> 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10281:UDP -> 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10282:UDP -> 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10283:UDP -> 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\10284:UDP -> 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP -> 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP -> 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP -> 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP -> 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26675:TCP -> 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\\ServiceUpgrade -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Setup\InterfacesUnfirewalledAtUpdate\\All -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\0 -> Root\LEGACY_SHAREDACCESS\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ImagePath -> %systemroot%\system32\svchost.exe -k netsvcs -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\DisplayName -> Automatic Updates -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\\Description -> Enables the download and installation of Windows updates. If this service is disabled, this computer will not be able to use the Automatic Updates feature or the Windows Update Web site. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters\\ServiceDll -> C:\WINDOWS\system32\wuauserv.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Security\\Security ->  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\0 -> Root\LEGACY_WUAUSERV\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Description -> Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DependOnService -> RPCSS; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\DisplayName -> Remote Registry -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ImagePath -> %SystemRoot%\system32\svchost.exe -k LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\ObjectName -> NT AUTHORITY\LocalService -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Group -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Start -> 2 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\Type -> 32 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\\FailureActions -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Parameters\\ServiceDll -> %SystemRoot%\system32\regsvc.dll -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Security\\Security ->  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\0 -> Root\LEGACY_REMOTEREGISTRY\0000 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\Count -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry\Enum\\NextInstance -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Type -> 16 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Start -> 4 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ErrorControl -> 1 -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ImagePath -> C:\WINDOWS\system32\tlntsvr.exe -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DisplayName -> Telnet -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnService -> RPCSS;TCPIP;NTLMSSP; -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\DependOnGroup -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\ObjectName -> LocalSystem -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\\Description -> Enables a remote user to log on to this computer and run programs, and supports various TCP/IP Telnet clients, including UNIX-based and Windows-based computers. If this service is stopped, remote user access to programs might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start. -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TlntSvr\Security\\Security ->  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings\\ProxyEnable -> 0 -> < Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping -> {FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Windows Messenger -> NextId -> 8193 -> [Files/Folders - Created Within 60 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Created Date = 2007-08-19 12:49:38 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Created Date = 2007-08-18 22:30:58 | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 2007-07-07 08:54:16 | Attr = ] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Created Date = 2007-08-14 21:20:51 | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Created Date = 2007-08-14 21:22:03 | Attr = H ] $NtUninstallKB936357$ -> %SystemRoot%\$NtUninstallKB936357$ -> [Folder | Created Date = 2007-07-10 22:44:52 | Attr = H ] $NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Created Date = 2007-08-14 21:21:43 | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Created Date = 2007-08-14 21:19:37 | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Created Date = 2007-08-14 21:20:55 | Attr = H ] catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Created Date = 2007-08-19 12:49:46 | Attr = ] COMPANIONAPP.INI -> %SystemRoot%\COMPANIONAPP.INI -> [Ver = | Size = 0 bytes | Created Date = 2007-07-18 20:54:37 | Attr = ] CSC -> %SystemRoot%\CSC -> [Folder | Created Date = 2007-08-19 11:09:29 | Attr = HS] erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 2007-08-19 12:51:20 | Attr = ] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12011 | Size = 565311 bytes | Created Date = 2007-08-19 13:31:50 | Attr = ] gmer.exe -> %SystemRoot%\gmer.exe -> [Ver = 1, 0, 12, 12011 | Size = 573440 bytes | Created Date = 2007-08-19 13:31:50 | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Created Date = 2007-08-19 13:31:51 | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Created Date = 2007-08-19 13:31:50 | Attr = ] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Created Date = 2007-08-18 00:23:20 | Attr = ] LTDLGFILE14N.INI -> %SystemRoot%\LTDLGFILE14N.INI -> [Ver = | Size = 59 bytes | Created Date = 2007-07-22 20:39:55 | Attr = ] meta4.exe -> %SystemRoot%\meta4.exe -> [Ver = | Size = 217073 bytes | Created Date = 2007-07-07 09:13:44 | Attr = ] MOTA113.exe -> %SystemRoot%\MOTA113.exe -> [Ver = | Size = 66560 bytes | Created Date = 2007-07-07 09:13:44 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1156 bytes | Created Date = 2007-07-30 21:11:07 | Attr = ] nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 2007-08-19 12:49:46 | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 335 bytes | Created Date = 2007-07-23 17:58:39 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 2007-08-19 09:47:19 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 2007-08-19 09:47:19 | Attr = H ] RSetupCE.exe -> %SystemRoot%\RSetupCE.exe -> [Ver = | Size = 90112 bytes | Created Date = 2007-07-22 16:11:33 | Attr = ] super.chm -> %SystemRoot%\super.chm -> [Ver = | Size = 9292 bytes | Created Date = 2007-07-07 09:11:48 | Attr = H ] vpd.properties -> %SystemRoot%\vpd.properties -> [Ver = | Size = 564 bytes | Created Date = 2007-07-22 16:02:35 | Attr = ] x2.64.exe -> %SystemRoot%\x2.64.exe -> [Ver = | Size = 502784 bytes | Created Date = 2007-07-07 09:13:44 | Attr = ] aac_parser.ax -> %System32%\aac_parser.ax -> [Ver = 1.1 | Size = 81920 bytes | Created Date = 2007-07-07 09:11:48 | Attr = RHS] ac3DX.ax -> %System32%\ac3DX.ax -> [Ver = 1.01a | Size = 227328 bytes | Created Date = 2007-07-07 09:11:48 | Attr = RHS] ActiveScan -> %System32%\ActiveScan -> [Folder | Created Date = 2007-08-19 10:02:25 | Attr = ] agcehdlr.dll -> %System32%\agcehdlr.dll -> iAnywhere Solutions, Inc. [Ver = 6.2 Build 3044 | Size = 34464 bytes | Created Date = 2007-08-08 13:19:44 | Attr = ] agclcmn.dll -> %System32%\agclcmn.dll -> iAnywhere Solutions, Inc. [Ver = 6.2 Build 3044 | Size = 146736 bytes | Created Date = 2007-08-08 13:19:44 | Attr = ] agcmn.dll -> %System32%\agcmn.dll -> iAnywhere Solutions, Inc. [Ver = 6.2 Build 3044 | Size = 66048 bytes | Created Date = 2007-08-08 13:19:44 | Attr = ] agcncmn.dll -> %System32%\agcncmn.dll -> iAnywhere Solutions, Inc. [Ver = 6.2 Build 3044 | Size = 25152 bytes | Created Date = 2007-08-08 13:19:44 | Attr = ] agconnct.dll -> %System32%\agconnct.dll -> iAnywhere Solutions, Inc. [Ver = 6.2 Build 3044 | Size = 42368 bytes | Created Date = 2007-08-08 13:19:45 | Attr = ] agcpl.cpl -> %System32%\agcpl.cpl -> iAnywhere Solutions, Inc. [Ver = 6.2 Build 3044 | Size = 456168 bytes | Created Date = 2007-08-08 13:19:44 | Attr = ] agcrypto.dll -> %System32%\agcrypto.dll -> [Ver = | Size = 40792 bytes | Created Date = 2007-08-08 13:19:45 | Attr = ] agnet.dll -> %System32%\agnet.dll -> iAnywhere Solutions, Inc. [Ver = 6.2 Build 3044 | Size = 34592 bytes | Created Date = 2007-08-08 13:19:45 | Attr = ] agproxy.dll -> %System32%\agproxy.dll -> iAnywhere Solutions, Inc. [Ver = 6.2 Build 3044 | Size = 50880 bytes | Created Date = 2007-08-08 13:19:44 | Attr = ] agprtcl.dll -> %System32%\agprtcl.dll -> iAnywhere Solutions, Inc. [Ver = 6.2 Build 3044 | Size = 43824 bytes | Created Date = 2007-08-08 13:19:45 | Attr = ] agsnet.dll -> %System32%\agsnet.dll -> iAnywhere Solutions, Inc. [Ver = 6.2 Build 3044 | Size = 416000 bytes | Created Date = 2007-08-08 13:19:44 | Attr = ] asuninst.exe -> %System32%\asuninst.exe -> Panda Software [Ver = 1, 0, 0, 2 | Size = 73728 bytes | Created Date = 2007-08-19 10:03:41 | Attr = ] AVCDX.ax -> %System32%\AVCDX.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Created Date = 2007-07-07 09:11:48 | Attr = RHS] avisynth.dll -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 8, 0 | Size = 318976 bytes | Created Date = 2007-07-07 09:13:45 | Attr = ] AVSredirect.dll -> %System32%\AVSredirect.dll -> [Ver = | Size = 27648 bytes | Created Date = 2007-07-07 09:13:44 | Attr = ] CoreAAC.ax -> %System32%\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Created Date = 2007-07-07 09:11:48 | Attr = RHS] devil.dll -> %System32%\devil.dll -> Abysmal Software [Ver = 1.6.6 | Size = 719872 bytes | Created Date = 2007-07-07 09:13:45 | Attr = ] DiracSplitter.ax -> %System32%\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Created Date = 2007-07-07 09:11:49 | Attr = RHS] e07c3cc7.dat -> %System32%\e07c3cc7.dat -> [Ver = | Size = 8 bytes | Created Date = 2007-08-14 21:05:37 | Attr = ] expat.dll -> %System32%\expat.dll -> [Ver = | Size = 111376 bytes | Created Date = 2007-08-08 13:19:46 | Attr = ] flvDX.dll -> %System32%\flvDX.dll -> Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Created Date = 2007-07-07 09:11:49 | Attr = RHS] Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Created Date = 2007-08-19 10:02:30 | Attr = ] i420vfw.dll -> %System32%\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 2007-07-07 09:13:44 | Attr = ] java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 2007-07-17 07:49:51 | Attr = ] javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Created Date = 2007-07-17 07:49:52 | Attr = ] javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Created Date = 2007-07-17 07:49:52 | Attr = ] Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Created Date = 2007-08-18 22:53:16 | Attr = ] MatroskaDX.ax -> %System32%\MatroskaDX.ax -> Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Created Date = 2007-07-07 09:11:49 | Attr = RHS] msfDX.dll -> %System32%\msfDX.dll -> Hans Mayerl [Ver = 2.02.2113 | Size = 31232 bytes | Created Date = 2007-07-07 09:11:49 | Attr = RHS] nvapps.nvb -> %System32%\nvapps.nvb -> [Ver = | Size = 123602 bytes | Created Date = 2007-08-14 21:33:25 | Attr = ] nvrshu.dll -> %System32%\nvrshu.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 258048 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrsit.dll -> %System32%\nvrsit.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 278528 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrsja.dll -> %System32%\nvrsja.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 266240 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrsko.dll -> %System32%\nvrsko.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 262144 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrsnl.dll -> %System32%\nvrsnl.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 274432 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrsno.dll -> %System32%\nvrsno.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 253952 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrspl.dll -> %System32%\nvrspl.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 253952 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrspt.dll -> %System32%\nvrspt.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 274432 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrsptb.dll -> %System32%\nvrsptb.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 266240 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrsru.dll -> %System32%\nvrsru.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 270336 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrssk.dll -> %System32%\nvrssk.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 258048 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrssl.dll -> %System32%\nvrssl.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 258048 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrssv.dll -> %System32%\nvrssv.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 253952 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrstr.dll -> %System32%\nvrstr.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 258048 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrszhc.dll -> %System32%\nvrszhc.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 225280 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvrszht.dll -> %System32%\nvrszht.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 126976 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrshu.dll -> %System32%\nvwrshu.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 315392 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrsit.dll -> %System32%\nvwrsit.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 323584 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrsja.dll -> %System32%\nvwrsja.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 212992 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrsko.dll -> %System32%\nvwrsko.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 196608 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrsnl.dll -> %System32%\nvwrsnl.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 319488 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrsno.dll -> %System32%\nvwrsno.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 299008 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrspl.dll -> %System32%\nvwrspl.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 294912 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrspt.dll -> %System32%\nvwrspt.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 323584 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrsptb.dll -> %System32%\nvwrsptb.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 319488 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrsru.dll -> %System32%\nvwrsru.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 315392 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrssk.dll -> %System32%\nvwrssk.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 299008 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrssl.dll -> %System32%\nvwrssl.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 303104 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrssv.dll -> %System32%\nvwrssv.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 294912 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrstr.dll -> %System32%\nvwrstr.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 303104 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrszhc.dll -> %System32%\nvwrszhc.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 163840 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] nvwrszht.dll -> %System32%\nvwrszht.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 167936 bytes | Created Date = 2007-06-28 23:43:00 | Attr = ] pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Created Date = 2007-08-19 10:02:29 | Attr = ] QuickTime.qts -> %System32%\QuickTime.qts -> Apple Inc. [Ver = 7.1.6 | Size = 49152 bytes | Created Date = 2007-07-16 09:50:35 | Attr = ] QuickTimeVR.qtx -> %System32%\QuickTimeVR.qtx -> Apple Inc. [Ver = 7.1.6 | Size = 65536 bytes | Created Date = 2007-07-16 09:50:35 | Attr = ] RealMediaDX.ax -> %System32%\RealMediaDX.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Created Date = 2007-07-07 09:11:49 | Attr = RHS] RLAPEDec.ax -> %System32%\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Created Date = 2007-07-07 09:11:49 | Attr = RHS] RLMPCDec.ax -> %System32%\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Created Date = 2007-07-07 09:11:49 | Attr = RHS] RLOgg.ax -> %System32%\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Created Date = 2007-07-07 09:11:49 | Attr = RHS] RLSpeexDec.ax -> %System32%\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Created Date = 2007-07-07 09:11:49 | Attr = RHS] RLTheoraDec.ax -> %System32%\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Created Date = 2007-07-07 09:11:49 | Attr = RHS] RLVorbisDec.ax -> %System32%\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Created Date = 2007-07-07 09:11:49 | Attr = RHS] ROBOEX32.DLL -> %System32%\ROBOEX32.DLL -> Blue Sky Software Corporation. [Ver = 8.00.131 | Size = 1056768 bytes | Created Date = 2007-08-08 13:19:46 | Attr = ] Smab.dll -> %System32%\Smab.dll -> [Ver = | Size = 394240 bytes | Created Date = 2007-07-07 09:13:45 | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 2007-08-19 12:49:46 | Attr = ] swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 2007-08-19 12:49:46 | Attr = ] swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 2007-08-19 12:49:46 | Attr = ] Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Created Date = 2007-08-19 10:02:30 | Attr = ] vfind.exe -> %System32%\vfind.exe -> [Ver = | Size = 49152 bytes | Created Date = 2007-08-19 12:49:46 | Attr = ] vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 272 bytes | Created Date = 2007-08-18 00:24:25 | Attr = H ] wgrs.dll -> %System32%\wgrs.dll -> iAnywhere Solutions, Inc. [Ver = 6.2 Build 3044 | Size = 47936 bytes | Created Date = 2007-08-08 13:19:46 | Attr = ] x.264.exe -> %System32%\x.264.exe -> [Ver = | Size = 240128 bytes | Created Date = 2007-07-07 09:13:44 | Attr = ] yv12vfw.dll -> %System32%\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Created Date = 2007-07-07 09:13:44 | Attr = ] zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Created Date = 2007-08-18 00:25:24 | Attr = H ] ZPORT4AS.dll -> %System32%\ZPORT4AS.dll -> [Ver = | Size = 11776 bytes | Created Date = 2007-08-19 10:03:41 | Attr = ] fwdrv.err -> %System32%\drivers\fwdrv.err -> [Ver = | Size = 324320 bytes | Created Date = 2007-08-18 02:00:41 | Attr = ] gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Created Date = 2007-08-19 13:31:50 | Attr = ] [Files/Folders - Modified Within 60 days] ComboFix -> %SystemDrive%\ComboFix -> [Folder | Modified Date = 2007-08-19 14:49:58 | Attr = ] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2007-08-18 23:39:16 | Attr = ] Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 2007-07-26 23:31:58 | Attr = ] Outlookbackup.pst -> %SystemDrive%\Outlookbackup.pst -> [Ver = | Size = 4112384 bytes | Modified Date = 2007-08-19 11:45:24 | Attr = ] Program Files -> %ProgramFiles% -> [Folder | Modified Date = 2007-08-18 02:09:16 | Attr = R ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2007-08-19 10:51:36 | Attr = HS] Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 2007-08-19 10:52:56 | Attr = ] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2007-08-19 14:31:52 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2007-08-14 22:18:04 | Attr = H ] $NtUninstallKB921503$ -> %SystemRoot%\$NtUninstallKB921503$ -> [Folder | Modified Date = 2007-08-14 22:20:52 | Attr = H ] $NtUninstallKB936021$ -> %SystemRoot%\$NtUninstallKB936021$ -> [Folder | Modified Date = 2007-08-14 22:22:04 | Attr = H ] $NtUninstallKB936357$ -> %SystemRoot%\$NtUninstallKB936357$ -> [Folder | Modified Date = 2007-07-10 23:44:54 | Attr = H ] $NtUninstallKB936782_WMP11$ -> %SystemRoot%\$NtUninstallKB936782_WMP11$ -> [Folder | Modified Date = 2007-08-14 22:21:50 | Attr = H ] $NtUninstallKB938828$ -> %SystemRoot%\$NtUninstallKB938828$ -> [Folder | Modified Date = 2007-08-14 22:19:38 | Attr = H ] $NtUninstallKB938829$ -> %SystemRoot%\$NtUninstallKB938829$ -> [Folder | Modified Date = 2007-08-14 22:20:56 | Attr = H ] AppPatch -> %SystemRoot%\AppPatch -> [Folder | Modified Date = 2007-08-19 11:18:08 | Attr = ] assembly -> %SystemRoot%\assembly -> [Folder | Modified Date = 2007-07-10 23:51:18 | Attr = R S] bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2007-08-19 12:15:14 | Attr = S] catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 109056 bytes | Modified Date = 2007-07-20 00:47:24 | Attr = ] COMPANIONAPP.INI -> %SystemRoot%\COMPANIONAPP.INI -> [Ver = | Size = 0 bytes | Modified Date = 2007-07-18 21:54:38 | Attr = ] CSC -> %SystemRoot%\CSC -> [Folder | Modified Date = 2007-08-19 12:09:30 | Attr = HS] Downloaded Installations -> %SystemRoot%\Downloaded Installations -> [Folder | Modified Date = 2007-07-22 21:34:22 | Attr = ] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2007-08-19 11:02:28 | Attr = S] EPISME00.SWB -> %SystemRoot%\EPISME00.SWB -> [Ver = | Size = 9662 bytes | Modified Date = 2007-08-08 16:16:26 | Attr = ] erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 2007-08-19 13:51:22 | Attr = ] gmer.dll -> %SystemRoot%\gmer.dll -> [Ver = 1, 0, 12, 12011 | Size = 565311 bytes | Modified Date = 2007-08-19 14:31:52 | Attr = ] gmer.ini -> %SystemRoot%\gmer.ini -> [Ver = | Size = 250 bytes | Modified Date = 2007-08-19 14:31:52 | Attr = ] gmer_uninstall.cmd -> %SystemRoot%\gmer_uninstall.cmd -> [Ver = | Size = 80 bytes | Modified Date = 2007-08-19 14:31:52 | Attr = ] Help -> %SystemRoot%\Help -> [Folder | Modified Date = 2007-08-14 22:35:38 | Attr = ] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2007-08-14 22:22:08 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2007-08-19 11:03:56 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2007-08-18 23:39:16 | Attr = HS] Internet Logs -> %SystemRoot%\Internet Logs -> [Folder | Modified Date = 2007-08-18 01:36:40 | Attr = ] LTDLGFILE14N.INI -> %SystemRoot%\LTDLGFILE14N.INI -> [Ver = | Size = 59 bytes | Modified Date = 2007-07-22 21:45:38 | Attr = ] Microsoft.NET -> %SystemRoot%\Microsoft.NET -> [Folder | Modified Date = 2007-07-10 23:51:22 | Attr = ] mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 1156 bytes | Modified Date = 2007-07-30 22:11:10 | Attr = ] nsreg.dat -> %SystemRoot%\nsreg.dat -> [Ver = | Size = 335 bytes | Modified Date = 2007-08-08 14:43:08 | Attr = ] nview -> %SystemRoot%\nview -> [Folder | Modified Date = 2007-08-14 22:35:34 | Attr = ] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2007-08-19 14:32:02 | Attr = ] QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 2007-08-19 10:47:20 | Attr = ] QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 2007-08-19 10:47:20 | Attr = H ] super.chm -> %SystemRoot%\super.chm -> [Ver = | Size = 9292 bytes | Modified Date = 2007-07-03 06:59:12 | Attr = H ] system32 -> %System32% -> [Folder | Modified Date = 2007-08-19 13:49:48 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2007-08-19 12:18:38 | Attr = S] Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 2007-08-19 14:49:52 | Attr = ] vpd.properties -> %SystemRoot%\vpd.properties -> [Ver = | Size = 564 bytes | Modified Date = 2007-07-22 17:02:36 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 688 bytes | Modified Date = 2007-08-19 11:08:40 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2007-08-14 22:22:02 | Attr = ] AboutTime.job -> %SystemRoot%\tasks\AboutTime.job -> [Ver = | Size = 310 bytes | Modified Date = 2007-08-19 06:00:28 | Attr = ] MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 2007-08-19 12:18:38 | Attr = H ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2007-08-19 12:15:38 | Attr = H ] 3007WFP -> %System32%\3007WFP -> [Folder | Modified Date = 2007-08-19 11:15:58 | Attr = ] ActiveScan -> %System32%\ActiveScan -> [Folder | Modified Date = 2007-08-19 11:16:02 | Attr = ] aswBoot.exe -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 783224 bytes | Modified Date = 2007-07-27 23:07:22 | Attr = ] AVASTSS.scr -> %System32%\AVASTSS.scr -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 95608 bytes | Modified Date = 2007-07-27 22:57:50 | Attr = ] CatRoot -> %System32%\CatRoot -> [Folder | Modified Date = 2007-07-18 21:40:54 | Attr = ] CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 2007-08-19 12:16:40 | Attr = ] CONFIG.NT -> %System32%\CONFIG.NT -> [Ver = | Size = 2617 bytes | Modified Date = 2007-08-04 20:17:52 | Attr = ] dllcache -> %System32%\dllcache -> [Folder | Modified Date = 2007-08-14 22:32:30 | Attr = RHS] drivers -> %System32%\drivers -> [Folder | Modified Date = 2007-08-19 14:31:52 | Attr = ] e07c3cc7.dat -> %System32%\e07c3cc7.dat -> [Ver = | Size = 8 bytes | Modified Date = 2007-08-14 22:05:38 | Attr = ] Help.ico -> %System32%\Help.ico -> [Ver = | Size = 1406 bytes | Modified Date = 2007-08-19 11:03:14 | Attr = ] java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Modified Date = 2007-07-12 01:22:00 | Attr = ] javacpl.cpl -> %System32%\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 69632 bytes | Modified Date = 2007-07-12 02:22:36 | Attr = ] javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 135168 bytes | Modified Date = 2007-07-12 01:22:04 | Attr = ] javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.20.6 | Size = 139264 bytes | Modified Date = 2007-07-12 02:22:38 | Attr = ] Kaspersky Lab -> %System32%\Kaspersky Lab -> [Folder | Modified Date = 2007-08-18 23:53:18 | Attr = ] keystone.exe -> %System32%\keystone.exe -> [Ver = | Size = 425984 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nv4_disp.dll -> %System32%\nv4_disp.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 5690624 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvapi.dll -> %System32%\nvapi.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 360448 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvappbar.exe -> %System32%\nvappbar.exe -> [Ver = | Size = 442368 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvapps.nvb -> %System32%\nvapps.nvb -> [Ver = | Size = 123602 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvapps.xml -> %System32%\nvapps.xml -> [Ver = | Size = 119408 bytes | Modified Date = 2007-08-14 22:45:08 | Attr = ] nvcod.dll -> %System32%\nvcod.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 37376 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvcodins.dll -> %System32%\nvcodins.dll -> NVIDIA Corporation [Ver = 1 , 0 , 0 , 35 | Size = 37376 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvcolor.exe -> %System32%\nvcolor.exe -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 147456 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvcpl.cpl -> %System32%\nvcpl.cpl -> NVIDIA Corporation [Ver = 1.4.13.09 | Size = 413696 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvcpl.dll -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 8466432 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvcplui.exe -> %System32%\nvcplui.exe -> NVIDIA Corporation [Ver = 1.4.13.09 | Size = 753664 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvcpluir.dll -> %System32%\nvcpluir.dll -> NVIDIA Corporation [Ver = 1.4.13.09 | Size = 1073152 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvdisp.nvu -> %System32%\nvdisp.nvu -> [Ver = | Size = 17463 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvdisps.dll -> %System32%\nvdisps.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 6234112 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvdispsr.dll -> %System32%\nvdispsr.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 5455872 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvdspsch.exe -> %System32%\nvdspsch.exe -> [Ver = | Size = 1339392 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvexpbar.dll -> %System32%\nvexpbar.dll -> NVIDIA Corporation [Ver = 1.4.13.09 | Size = 307200 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvgames.dll -> %System32%\nvgames.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 3321856 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvgamesr.dll -> %System32%\nvgamesr.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 3072000 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nview.dll -> %System32%\nview.dll -> [Ver = | Size = 1474560 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvmccs.dll -> %System32%\nvmccs.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 229376 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvmccsrs.dll -> %System32%\nvmccsrs.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 45056 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvmccss.dll -> %System32%\nvmccss.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 188416 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvmccssr.dll -> %System32%\nvmccssr.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 458752 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvmctray.dll -> %System32%\nvmctray.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 81920 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvmobls.dll -> %System32%\nvmobls.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 1142784 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvmoblsr.dll -> %System32%\nvmoblsr.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 2854912 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvnt4cpl.dll -> %System32%\nvnt4cpl.dll -> [Ver = | Size = 286720 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvoglnt.dll -> %System32%\nvoglnt.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 6729728 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrsar.dll -> %System32%\nvrsar.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 327680 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrscs.dll -> %System32%\nvrscs.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 249856 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrsda.dll -> %System32%\nvrsda.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 253952 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrsde.dll -> %System32%\nvrsde.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 278528 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrsel.dll -> %System32%\nvrsel.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 282624 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrseng.dll -> %System32%\nvrseng.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 245760 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrses.dll -> %System32%\nvrses.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 282624 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrsesm.dll -> %System32%\nvrsesm.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 274432 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrsfi.dll -> %System32%\nvrsfi.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 249856 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrsfr.dll -> %System32%\nvrsfr.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 282624 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrshe.dll -> %System32%\nvrshe.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 327680 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrshu.dll -> %System32%\nvrshu.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 258048 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrsit.dll -> %System32%\nvrsit.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 278528 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrsja.dll -> %System32%\nvrsja.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 266240 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrsko.dll -> %System32%\nvrsko.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 262144 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrsnl.dll -> %System32%\nvrsnl.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 274432 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrsno.dll -> %System32%\nvrsno.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 253952 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrspl.dll -> %System32%\nvrspl.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 253952 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrspt.dll -> %System32%\nvrspt.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 274432 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrsptb.dll -> %System32%\nvrsptb.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 266240 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrsru.dll -> %System32%\nvrsru.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 270336 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrssk.dll -> %System32%\nvrssk.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 258048 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrssl.dll -> %System32%\nvrssl.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 258048 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrssv.dll -> %System32%\nvrssv.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 253952 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrstr.dll -> %System32%\nvrstr.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 258048 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrszhc.dll -> %System32%\nvrszhc.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 225280 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvrszht.dll -> %System32%\nvrszht.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 126976 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvshell.dll -> %System32%\nvshell.dll -> [Ver = | Size = 466944 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 155716 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvtuicpl.cpl -> %System32%\nvtuicpl.cpl -> [Ver = | Size = 73728 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvucode.bin -> %System32%\nvucode.bin -> [Ver = | Size = 1018772 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvvitvs.dll -> %System32%\nvvitvs.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 3518464 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvvitvsr.dll -> %System32%\nvvitvsr.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 3600384 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwddi.dll -> %System32%\nvwddi.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 81920 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwdmcpl.dll -> %System32%\nvwdmcpl.dll -> [Ver = | Size = 1703936 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwimg.dll -> %System32%\nvwimg.dll -> [Ver = | Size = 1019904 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrsar.dll -> %System32%\nvwrsar.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 282624 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrscs.dll -> %System32%\nvwrscs.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 286720 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrsda.dll -> %System32%\nvwrsda.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 294912 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrsde.dll -> %System32%\nvwrsde.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 311296 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrsel.dll -> %System32%\nvwrsel.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 335872 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrseng.dll -> %System32%\nvwrseng.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 286720 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrses.dll -> %System32%\nvwrses.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 335872 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrsesm.dll -> %System32%\nvwrsesm.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 327680 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrsfi.dll -> %System32%\nvwrsfi.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 303104 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrsfr.dll -> %System32%\nvwrsfr.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 327680 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrshe.dll -> %System32%\nvwrshe.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 278528 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrshu.dll -> %System32%\nvwrshu.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 315392 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrsit.dll -> %System32%\nvwrsit.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 323584 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrsja.dll -> %System32%\nvwrsja.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 212992 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrsko.dll -> %System32%\nvwrsko.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 196608 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrsnl.dll -> %System32%\nvwrsnl.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 319488 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrsno.dll -> %System32%\nvwrsno.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 299008 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrspl.dll -> %System32%\nvwrspl.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 294912 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrspt.dll -> %System32%\nvwrspt.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 323584 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrsptb.dll -> %System32%\nvwrsptb.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 319488 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrsru.dll -> %System32%\nvwrsru.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 315392 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrssk.dll -> %System32%\nvwrssk.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 299008 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrssl.dll -> %System32%\nvwrssl.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 303104 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrssv.dll -> %System32%\nvwrssv.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 294912 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrstr.dll -> %System32%\nvwrstr.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 303104 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrszhc.dll -> %System32%\nvwrszhc.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 163840 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwrszht.dll -> %System32%\nvwrszht.dll -> NVIDIA Corporation [Ver = 6.14.10.12002 | Size = 167936 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwss.dll -> %System32%\nvwss.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 2330624 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nvwssr.dll -> %System32%\nvwssr.dll -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 2416640 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] nwiz.exe -> %System32%\nwiz.exe -> [Ver = | Size = 1626112 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] pavas.ico -> %System32%\pavas.ico -> [Ver = | Size = 30590 bytes | Modified Date = 2007-08-19 11:03:14 | Attr = ] perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 70260 bytes | Modified Date = 2007-07-10 23:41:28 | Attr = ] perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 436496 bytes | Modified Date = 2007-07-10 23:41:28 | Attr = ] PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 498640 bytes | Modified Date = 2007-07-10 23:41:28 | Attr = ] Restore -> %System32%\Restore -> [Folder | Modified Date = 2007-08-18 22:59:08 | Attr = ] swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 2007-07-22 18:39:28 | Attr = ] Uninstall.ico -> %System32%\Uninstall.ico -> [Ver = | Size = 2550 bytes | Modified Date = 2007-08-19 11:03:14 | Attr = ] vsconfig.xml -> %System32%\vsconfig.xml -> [Ver = | Size = 272 bytes | Modified Date = 2007-08-18 01:26:06 | Attr = H ] wbem -> %System32%\wbem -> [Folder | Modified Date = 2007-08-19 11:18:10 | Attr = ] wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 13646 bytes | Modified Date = 2007-08-19 12:17:24 | Attr = ] XPSViewer -> %System32%\XPSViewer -> [Folder | Modified Date = 2007-07-10 23:34:52 | Attr = ] zllictbl.dat -> %System32%\zllictbl.dat -> [Ver = | Size = 4212 bytes | Modified Date = 2007-08-18 01:25:26 | Attr = H ] nv4_mini.sys -> %System32%\dllcache\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 6807328 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] aavmker4.sys -> %System32%\drivers\aavmker4.sys -> ALWIL Software [Ver = 4.7.1029.0 | Size = 26624 bytes | Modified Date = 2007-07-27 22:58:36 | Attr = ] aswmon.sys -> %System32%\drivers\aswmon.sys -> ALWIL Software [Ver = 4.7.1029.0 | Size = 92848 bytes | Modified Date = 2007-07-27 23:02:50 | Attr = ] aswmon2.sys -> %System32%\drivers\aswmon2.sys -> ALWIL Software [Ver = 4.7.1029.0 | Size = 94416 bytes | Modified Date = 2007-07-27 23:02:34 | Attr = ] aswRdr.sys -> %System32%\drivers\aswRdr.sys -> ALWIL Software [Ver = 4.7.1029.0 | Size = 23152 bytes | Modified Date = 2007-07-27 23:00:40 | Attr = ] aswTdi.sys -> %System32%\drivers\aswTdi.sys -> ALWIL Software [Ver = 4.7.1029.0 | Size = 42912 bytes | Modified Date = 2007-07-27 22:59:58 | Attr = ] fwdrv.err -> %System32%\drivers\fwdrv.err -> [Ver = | Size = 324320 bytes | Modified Date = 2007-08-19 15:59:52 | Attr = ] gmer.sys -> %System32%\drivers\gmer.sys -> GMER [Ver = 1, 0, 12, 3721 | Size = 68961 bytes | Modified Date = 2007-08-19 14:31:52 | Attr = ] nv4_mini.sys -> %System32%\drivers\nv4_mini.sys -> NVIDIA Corporation [Ver = 6.14.11.6218 | Size = 6807328 bytes | Modified Date = 2007-06-29 00:43:00 | Attr = ] [File String Scan - Non-Microsoft Only] UPX! , UPX0 , -> %System32%\ac3DX.ax -> [Ver = 1.01a | Size = 227328 bytes | Modified Date = 2006-09-12 11:46:24 | Attr = RHS] UPX! , UPX0 , -> %System32%\aswBoot.exe -> ALWIL Software [Ver = 4, 7, 1029, 0 | Size = 783224 bytes | Modified Date = 2007-07-27 23:07:22 | Attr = ] UPX! , UPX0 , -> %System32%\AVCDX.ax -> CoreCodec [Ver = 0, 0, 0, 4 | Size = 123904 bytes | Modified Date = 2006-01-12 23:23:26 | Attr = RHS] UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 8, 0 | Size = 318976 bytes | Modified Date = 2007-05-17 17:30:48 | Attr = ] UPX! , UPX0 , -> %System32%\CoreAAC.ax -> [Ver = 1, 2, 0, 575 | Size = 175104 bytes | Modified Date = 2006-08-16 14:53:32 | Attr = RHS] PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 2001-08-23 13:00:00 | Attr = ] UPX! , UPX0 , -> %System32%\DiracSplitter.ax -> Gabest [Ver = 1, 0, 0, 0 | Size = 179200 bytes | Modified Date = 2005-01-17 23:26:36 | Attr = RHS] UPX! , UPX0 , -> %System32%\flvDX.dll -> Gabest [Ver = 1, 0, 0, 1 | Size = 163328 bytes | Modified Date = 2006-05-03 10:06:54 | Attr = RHS] UPX! , UPX0 , -> %System32%\i420vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 2004-01-25 | Attr = ] UPX! , UPX0 , -> %System32%\MatroskaDX.ax -> Gabest [Ver = 1, 0, 2, 9 | Size = 169472 bytes | Modified Date = 2006-03-10 21:48:48 | Attr = RHS] PEC2 , PECompact2 , -> %System32%\msfDX.dll -> Hans Mayerl [Ver = 2.02.2113 | Size = 31232 bytes | Modified Date = 2007-02-21 11:47:16 | Attr = RHS] Thawte Consulting , -> %System32%\NebUSB.sys -> Nebula Electronics Ltd [Ver = 3, 0, 0, 1 | Size = 40760 bytes | Modified Date = 2006-08-15 10:34:00 | Attr = ] PEC2 , -> %System32%\nvCplUI.pdb -> [Ver = | Size = 6048768 bytes | Modified Date = 2006-09-06 09:47:34 | Attr = ] Thawte Consulting , -> %System32%\pxinsi64.exe -> Sonic Solutions [Ver = 3.00.33a | Size = 115880 bytes | Modified Date = 2006-08-25 04:47:00 | Attr = ] UPX! , UPX0 , -> %System32%\RealMediaDX.ax -> Gabest [Ver = 1, 0, 1, 1 | Size = 161792 bytes | Modified Date = 2005-11-25 20:46:34 | Attr = RHS] UPX! , UPX0 , -> %System32%\RLAPEDec.ax -> RadLight [Ver = 1, 0, 0, 0 | Size = 54784 bytes | Modified Date = 2003-11-20 23:00:00 | Attr = RHS] UPX! , UPX0 , -> %System32%\RLMPCDec.ax -> RadLight [Ver = 1, 0, 0, 4 | Size = 37888 bytes | Modified Date = 2004-04-26 23:00:00 | Attr = RHS] UPX! , UPX0 , -> %System32%\RLOgg.ax -> RadLight [Ver = 1.0.0.2 | Size = 186880 bytes | Modified Date = 2005-02-12 23:00:00 | Attr = RHS] UPX! , UPX0 , -> %System32%\RLSpeexDec.ax -> [Ver = 1, 0, 0, 0 | Size = 51712 bytes | Modified Date = 2005-02-12 23:00:00 | Attr = RHS] UPX! , UPX0 , -> %System32%\RLTheoraDec.ax -> RadLight, LLC [Ver = 1, 0, 0, 3 | Size = 67584 bytes | Modified Date = 2005-02-12 23:00:00 | Attr = RHS] UPX! , UPX0 , -> %System32%\RLVorbisDec.ax -> RadLight [Ver = 1, 0, 1, 1 | Size = 92672 bytes | Modified Date = 2005-02-05 23:00:00 | Attr = RHS] PEC2 , PECompact2 , -> %System32%\Smab.dll -> [Ver = | Size = 394240 bytes | Modified Date = 2007-05-14 15:24:30 | Attr = ] UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Modified Date = 2007-07-22 18:39:28 | Attr = ] winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 2001-08-23 13:00:00 | Attr = ] UPX! , UPX0 , -> %System32%\x.264.exe -> [Ver = | Size = 240128 bytes | Modified Date = 2005-02-28 13:16:22 | Attr = ] UPX! , UPX0 , -> %System32%\yv12vfw.dll -> www.helixcommunity.org [Ver = R1.02 | Size = 70656 bytes | Modified Date = 2004-01-25 | Attr = ] WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 2001-08-23 13:00:00 | Attr = ] Thawte Consulting , -> %System32%\drivers\NebUSB.sys -> Nebula Electronics Ltd [Ver = 3, 0, 0, 1 | Size = 40760 bytes | Modified Date = 2006-08-15 10:34:00 | Attr = ] Thawte Consulting , -> %System32%\drivers\NebUSBa64.sys -> Nebula Electronics Ltd. [Ver = 3.0.2.0 | Size = 37560 bytes | Modified Date = 2006-08-15 10:03:38 | Attr = ] @Alternate Data Stream - 26 bytes -> %System32%\drivers\Ultra.sys:Zone.Identifier -> < End of report >